# -*- mode: python; encoding: utf-8 -*- info["owner"] = "root" info["group"] = "bind" info["mode"] = 0644 import config import config.dns from gen_confs.bind import ZoneReverse comment_start = "//" header("Conf locale de Bind9") ident=0 class print_idented(object): def __init(self): pass def p(self, str): print '%s%s' % (' '*ident, str) class view(print_idented): def __init__(self, name, match_client=None): self.name = name self.match_client =match_client def __enter__(self): global ident self.p('view "%s" {' % self.name) ident+=1 if self.match_client: self.p("match-clients { %s; };" % self.match_client) return self def __exit__(self ,type, value, traceback): global ident ident-=1 self.p("};") class zone(print_idented): def __init__(self, name, type): self.name = name self.type = type def __enter__(self): global ident self.p('zone "%s" {' % self.name) ident+=1 self.p("type %s;" % self.type) return self def __exit__(self ,type, value, traceback): global ident ident-=1 self.p("};") def forward_zone(zone_name, forwarders): with zone(zone_name, "forward") as z: z.p("forward only;") z.p("forwarders { %s; };" % '; '.join(forwarders)) def reverse_crans(): # On ne génère plus les zone de forward pour les reverse des ips publiques, vu que maintenant, ils marchent for net in set([ net for net in config.dns.zones_reverse if net not in config.NETs['multicast'] + config.NETs["all"]]): for net in ZoneReverse.network_to_arpanets(net): zone = ZoneReverse.reverse(net)[0] forward_zone(zone, [config.dns.master] + config.dns.slaves) #for net in set(config.dns.zones_reverse_v6): # forward_zone(netv6_to_arpa(net), [config.dns.master] + config.dns.slaves) def direct_crans(): for zone in config.dns.zones_direct: forward_zone(zone, [config.dns.master] + config.dns.slaves) if has("dns-recursif") and not has("dns-secondary-no-forward"): with view("menteur", "menteur") as v: v.p('response-policy { zone "loppsi.crans.org"; };') with zone("loppsi.crans.org", "master") as z: z.p('file "/etc/bind/db.loppsi.crans.org";') z.p('allow-query {none;};') with zone("239.in-addr.arpa", "slave") as z: z.p('file "/etc/bind/generated/db.239.in-addr.arpa";') z.p('masters { %s; };' % config.dns.master_tv) reverse_crans() if has("vlan-accueil"): with view("accueilview", "accueil") as v: v.p("recursion no;") v.p("// On ment pour tout sauf quelques ips crans") with zone(".", "master") as z: z.p('file "/etc/bind/db.fake";') with view("default-view", "any") as v: v.p("recursion yes;") if has("dns-secondary-no-forward") or has("dns-secondary") or has("dns-primary"): v.p('include "/etc/bind/zones.rfc1918";') v.p('// zones crans') v.p('include "/etc/bind/generated/zones_crans";') if has("dns-recursif") and not has("dns-secondary-no-forward"): v.p('response-policy { zone "rpz.crans.org"; };') with zone("rpz.crans.org", "master") as z: z.p('file "/etc/bind/db.rpz.crans.org";') z.p('allow-query {none;};') with zone("239.in-addr.arpa", "slave") as z: z.p('file "/etc/bind/generated/db.239.in-addr.arpa";') z.p('masters { %s; };' % config.dns.master_tv) reverse_crans() elif has("dns-forward-only"): v.p("forward only;") v.p("forwarders { %s; };" % '; '.join(config.dns.recursiv['adm'])) v.p('// anti SPAM') v.p('// Rajout pour generer le forward vers ariane pour la zone rbl-plus.mail-abuse.org --Nico 21/04/02') with zone("rbl-plus.mail-abuse.org", "forward") as z: z.p('forward only;') z.p('forwarders {') for f in config.dns.parents: z.p(' %s;' % f) z.p('};') print """ // bricoles de config en plus include "/etc/bind/rndc.key"; controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { "key"; }; }; """