[bind] Rationalisation de la séparation dns autoritaire, dns récursif, named.conf.local est maintenant généré par python

Ignore-this: 8d1cd1381242a85d0180a72a814e1c62 darcs-hash:20130125023918-3a55a-00fe31a1714219c64b3d78370e2af3eaa27d2470.gz
2013-01-25 03:39:18 +01:00 · 2013-01-25 03:39:18 +01:00 · fbbfc0bf78
commit fbbfc0bf78
parent 3bd36c0878
11 changed files with 161 additions and 142 deletions
--- a/Python/etc/bind/named.conf.local
+++ b/Python/etc/bind/named.conf.local
@ -0,0 +1,100 @@
+# -*- mode: python; encoding: utf-8 -*-
+
+info["owner"] = "root"
+info["group"] = "bind"
+info["perms"] = 0644
+
+comment_start = "//"
+
+header("Conf locale de Bind9")
+
+if has("vlan-accueil"):
+    @view "accueilview" {
+    @   match-clients { "accueil"; };
+    @    
+    @   // zones crans
+    @    include "/etc/bind/generated/zones_crans";
+    @
+    @   // Zones RFC 1918
+    @    include "/etc/bind/zones.rfc1918";
+    @
+    @    recursion no;
+    @
+    @    zone "." {
+    @        type master;
+    @        file "/etc/bind/db.fake";
+    @    };
+    @};
+
+    @view "others" {
+    @   match-clients { any; };
+    @   recursion yes;
+if has("dns-secondary-no-forward") or has("dns-secondary") or has("dns-primary"):
+    @include "/etc/bind/zones.rfc1918";
+
+    @// zones crans
+    @include "/etc/bind/generated/zones_crans"; 
+    
+    @// la tele
+    @zone "tv.crans.org" {
+    @   type slave;
+    @   file "/etc/bind/generated/db.tv.crans.org";
+    @   masters { 138.231.136.243; };
+    @};
+    
+    @zone "239.in-addr.arpa" {
+    @   type slave;
+    @   file "/etc/bind/generated/db.239.in-addr.arpa";
+    @   masters { 138.231.136.243; };
+    @};
+
+elif has("dns-tv"):
+    @// La zone TV
+    @zone "tv.crans.org" {
+    @   type master;
+    @   file "/etc/bind/generated/db.tv.crans.org";
+    @};
+    
+    @zone "239.in-addr.arpa" {
+    @	  type master;
+    @	  file "/etc/bind/generated/db.239.in-addr.arpa";
+    @};
+    
+    @// reduce log verbosity on issues outside our control
+    @logging {
+    @   category lame-servers { null; };
+    @};
+    
+elif has("dns-recursif"):
+    @zone "239.in-addr.arpa" {
+    @    type forward;
+    @    forward only;
+    @    forwarders { 138.231.136.243; 138.231.136.9; };
+    @};
+    
+    @zone "136.231.10.in-addr.arpa" {
+    @   type forward;
+    @   forward only;
+    @   forwarders { 138.231.136.9; 138.231.136.14; };
+    @};
+    
+@// anti SPAM
+@// Rajout pour generer le forward vers ariane pour la zone rbl-plus.mail-abuse.org --Nico 21/04/02
+@zone "rbl-plus.mail-abuse.org" {
+@    type forward;
+@    forward only;
+@    forwarders { 138.231.176.4 ; };
+@};
+@
+
+
+if has("vlan-accueil"):
+    @};
+
+@// bricoles de config en plus
+@include "/etc/bind/rndc.key";
+@
+@controls {
+@    inet 127.0.0.1 allow { 127.0.0.1; } keys { "key"; };
+@};
+
--- a/Python/etc/bind/named.conf.options
+++ b/Python/etc/bind/named.conf.options
@ -11,7 +11,10 @@ header("Options de Bind9")
 comment("Listes d'accès")
 if has("vlan-radin"):
    @acl "radins" { 10.42.0.0/16; };
+if has("vlan-accueil"):
    @acl "accueil" { 10.51.0.0/16; };
+if has("vlan-ens"):
+    @acl "appartement" { 10.2.9.0/24; };
@acl "crans" {
@    138.231.136.0/21;
@    138.231.144.0/21;
@ -26,21 +29,36 @@ if has("vlan-radin"):

@options {
@    directory "/var/cache/bind";
-@    recursive-clients 5000;
@

 if has("dns-primary"):
    @    include "/etc/bind/named.conf.notify";

-@
-@    allow-transfer {
-@         127.0.0.1;
-@         138.231.136.0/21; // fixes
-@         82.225.39.54;     // freebox
-@         138.231.148.0/22; // wifi
-@         10.231.136.0/24;  // adm
-@         138.231.176.4;    // ariane
-@    };
+
+if has("dns-recursif"):
+    zones=["127.0.0.1", "crans", "cransadm"]
+    if has("vlan-ens"):
+        zones.append("appartement")
+    if has("vlan-radin"):
+        zones.append("radins")
+        zones.append("accueil")
+    print "    allow-query-cache { %s; };" % ';'.join(zones)
+    print "    allow-recursion { %s; };" % ';'.join(zones)
+    @    recursive-clients 5000;
+
+else:
+    @    allow-query-cache { };
+    @    allow-recursion { };
+if has("dns-primary") or has("dns-tv"):
+    @    allow-transfer {
+    @         127.0.0.1;
+    @         138.231.136.0/21; // fixes
+    @         82.225.39.54;     // freebox
+    @         138.231.148.0/22; // wifi
+    @         10.231.136.0/24;  // adm
+    @         138.231.176.4;    // ariane
+    @    };
+@    allow-query { any; };
@    auth-nxdomain no; # conform to RFC1035
@
@    listen-on { any; };
--- a/Python/etc/network/interfaces
+++ b/Python/etc/network/interfaces
@ -29,7 +29,7 @@ iface %(interface)s inet static
    netmask 255.255.248.0
    broadcast 138.231.143.255
    gateway 138.231.136.4
-    dns-nameservers 138.231.136.98 138.231.136.9
+    dns-nameservers 138.231.136.98 138.231.136.247
    dns-search crans.org""" % { 'interface': interface, 'ip': pubip() }
        if not has('vlan-wifi'):
            print """    post-up ip r add 138.231.144.0/21 dev %(interface)s via 138.231.136.247 src %(ip)s""" % { 'interface': interface, 'ip': pubip() }
@ -47,7 +47,7 @@ iface %(interface)s inet static
    network 138.231.144.0
    netmask 255.255.248.0
    broadcast 138.231.148.255
-    dns-nameservers 138.231.148.1
+    dns-nameservers 138.231.136.98 138.231.136.247
    dns-search wifi.crans.org""" % { 'interface': interface, 'ip': wifiip() }

        for line in additionnals:
@ -62,7 +62,7 @@ iface %(interface)s inet static
    netmask 255.255.255.0
    broadcast 10.231.136.255
    mtu 1496
-    dns-nameservers 10.231.136.98 10.231.136.9
+    dns-nameservers 10.231.136.98 10.231.136.247
    dns-search adm.crans.org""" % { 'interface': interface, 'ip': admip() }

        for line in additionnals: