crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[bind] Rationalisation de la séparation dns autoritaire, dns récursif, named.conf.local est maintenant généré par python

Browse source 
Ignore-this: 8d1cd1381242a85d0180a72a814e1c62

darcs-hash:20130125023918-3a55a-00fe31a1714219c64b3d78370e2af3eaa27d2470.gz
This commit is contained in:
Valentin Samir 2013-01-25 03:39:18 +01:00
parent 3bd36c0878
commit fbbfc0bf78
11 changed files with 161 additions and 142 deletions
Download patch file Download diff file Expand all files Collapse all files

100
Python/etc/bind/named.conf.local Normal file
View file

@ -0,0 +1,100 @@
# -*- mode: python; encoding: utf-8 -*-
info["owner"] = "root"
info["group"] = "bind"
info["perms"] = 0644
comment_start = "//"
header("Conf locale de Bind9")
if has("vlan-accueil"):
@view "accueilview" {
@ match-clients { "accueil"; };
@
@ // zones crans
@ include "/etc/bind/generated/zones_crans";
@
@ // Zones RFC 1918
@ include "/etc/bind/zones.rfc1918";
@
@ recursion no;
@
@ zone "." {
@ type master;
@ file "/etc/bind/db.fake";
@ };
@};
@view "others" {
@ match-clients { any; };
@ recursion yes;
if has("dns-secondary-no-forward") or has("dns-secondary") or has("dns-primary"):
@include "/etc/bind/zones.rfc1918";
@// zones crans
@include "/etc/bind/generated/zones_crans";
@// la tele
@zone "tv.crans.org" {
@ type slave;
@ file "/etc/bind/generated/db.tv.crans.org";
@ masters { 138.231.136.243; };
@};
@zone "239.in-addr.arpa" {
@ type slave;
@ file "/etc/bind/generated/db.239.in-addr.arpa";
@ masters { 138.231.136.243; };
@};
elif has("dns-tv"):
@// La zone TV
@zone "tv.crans.org" {
@ type master;
@ file "/etc/bind/generated/db.tv.crans.org";
@};
@zone "239.in-addr.arpa" {
@ type master;
@ file "/etc/bind/generated/db.239.in-addr.arpa";
@};
@// reduce log verbosity on issues outside our control
@logging {
@ category lame-servers { null; };
@};
elif has("dns-recursif"):
@zone "239.in-addr.arpa" {
@ type forward;
@ forward only;
@ forwarders { 138.231.136.243; 138.231.136.9; };
@};
@zone "136.231.10.in-addr.arpa" {
@ type forward;
@ forward only;
@ forwarders { 138.231.136.9; 138.231.136.14; };
@};
@// anti SPAM
@// Rajout pour generer le forward vers ariane pour la zone rbl-plus.mail-abuse.org --Nico 21/04/02
@zone "rbl-plus.mail-abuse.org" {
@ type forward;
@ forward only;
@ forwarders { 138.231.176.4 ; };
@};
@
if has("vlan-accueil"):
@};
@// bricoles de config en plus
@include "/etc/bind/rndc.key";
@
@controls {
@ inet 127.0.0.1 allow { 127.0.0.1; } keys { "key"; };
@};

38
Python/etc/bind/named.conf.options
View file

@ -11,7 +11,10 @@ header("Options de Bind9")
comment("Listes d'accès")
if has("vlan-radin"):
@acl "radins" { 10.42.0.0/16; };
if has("vlan-accueil"):
@acl "accueil" { 10.51.0.0/16; };
if has("vlan-ens"):
@acl "appartement" { 10.2.9.0/24; };
@acl "crans" {
@ 138.231.136.0/21;
@ 138.231.144.0/21;
@ -26,21 +29,36 @@ if has("vlan-radin"):
@options {
@ directory "/var/cache/bind";
@ recursive-clients 5000;
@
if has("dns-primary"):
@ include "/etc/bind/named.conf.notify";
@
@ allow-transfer {
@ 127.0.0.1;
@ 138.231.136.0/21; // fixes
@ 82.225.39.54; // freebox
@ 138.231.148.0/22; // wifi
@ 10.231.136.0/24; // adm
@ 138.231.176.4; // ariane
@ };
if has("dns-recursif"):
zones=["127.0.0.1", "crans", "cransadm"]
if has("vlan-ens"):
zones.append("appartement")
if has("vlan-radin"):
zones.append("radins")
zones.append("accueil")
print " allow-query-cache { %s; };" % ';'.join(zones)
print " allow-recursion { %s; };" % ';'.join(zones)
@ recursive-clients 5000;
else:
@ allow-query-cache { };
@ allow-recursion { };
if has("dns-primary") or has("dns-tv"):
@ allow-transfer {
@ 127.0.0.1;
@ 138.231.136.0/21; // fixes
@ 82.225.39.54; // freebox
@ 138.231.148.0/22; // wifi
@ 10.231.136.0/24; // adm
@ 138.231.176.4; // ariane
@ };
@ allow-query { any; };
@ auth-nxdomain no; # conform to RFC1035
@
@ listen-on { any; };