crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
crans_bcfg2/Python/etc/bind/named.conf.local
Pierre-Elliott Bécue 15902c8b57 Pour des raisons de cohérence, perms est devenu mode
2015-05-10 15:19:17 +02:00

131 lines
4.2 KiB
Python
Raw Blame History

# -*- mode: python; encoding: utf-8 -*-
info["owner"] = "root"
info["group"] = "bind"
info["mode"] = 0644
import config
import config.dns
from gen_confs.bind import ZoneReverse
comment_start = "//"
header("Conf locale de Bind9")
ident=0
class print_idented(object):
def __init(self):
pass
def p(self, str):
print '%s%s' % (' '*ident, str)
class view(print_idented):
def __init__(self, name, match_client=None):
self.name = name
self.match_client =match_client
def __enter__(self):
global ident
self.p('view "%s" {' % self.name)
ident+=1
if self.match_client:
self.p("match-clients { %s; };" % self.match_client)
return self
def __exit__(self ,type, value, traceback):
global ident
ident-=1
self.p("};")
class zone(print_idented):
def __init__(self, name, type):
self.name = name
self.type = type
def __enter__(self):
global ident
self.p('zone "%s" {' % self.name)
ident+=1
self.p("type %s;" % self.type)
return self
def __exit__(self ,type, value, traceback):
global ident
ident-=1
self.p("};")
def forward_zone(zone_name, forwarders):
with zone(zone_name, "forward") as z:
z.p("forward only;")
z.p("forwarders { %s; };" % '; '.join(forwarders))
def reverse_crans():
# On ne génère plus les zone de forward pour les reverse des ips publiques, vu que maintenant, ils marchent
for net in set([ net for net in config.dns.zones_reverse if net not in config.NETs['multicast'] + config.NETs["all"]]):
for net in ZoneReverse.network_to_arpanets(net):
zone = ZoneReverse.reverse(net)[0]
forward_zone(zone, [config.dns.master] + config.dns.slaves)
#for net in set(config.dns.zones_reverse_v6):
# forward_zone(netv6_to_arpa(net), [config.dns.master] + config.dns.slaves)
def direct_crans():
for zone in config.dns.zones_direct:
forward_zone(zone, [config.dns.master] + config.dns.slaves)
if has("dns-recursif") and not has("dns-secondary-no-forward"):
with view("menteur", "menteur") as v:
v.p('response-policy { zone "loppsi.crans.org"; };')
with zone("loppsi.crans.org", "master") as z:
z.p('file "/etc/bind/db.loppsi.crans.org";')
z.p('allow-query {none;};')
with zone("239.in-addr.arpa", "slave") as z:
z.p('file "/etc/bind/generated/db.239.in-addr.arpa";')
z.p('masters { %s; };' % config.dns.master_tv)
reverse_crans()
if has("vlan-accueil"):
with view("accueilview", "accueil") as v:
v.p("recursion no;")
v.p("// On ment pour tout sauf quelques ips crans")
with zone(".", "master") as z:
z.p('file "/etc/bind/db.fake";')
with view("default-view", "any") as v:
v.p("recursion yes;")
if has("dns-secondary-no-forward") or has("dns-secondary") or has("dns-primary"):
v.p('include "/etc/bind/zones.rfc1918";')
v.p('// zones crans')
v.p('include "/etc/bind/generated/zones_crans";')
if has("dns-recursif") and not has("dns-secondary-no-forward"):
v.p('response-policy { zone "rpz.crans.org"; };')
with zone("rpz.crans.org", "master") as z:
z.p('file "/etc/bind/db.rpz.crans.org";')
z.p('allow-query {none;};')
with zone("239.in-addr.arpa", "slave") as z:
z.p('file "/etc/bind/generated/db.239.in-addr.arpa";')
z.p('masters { %s; };' % config.dns.master_tv)
reverse_crans()
elif has("dns-forward-only"):
v.p("forward only;")
v.p("forwarders { %s; };" % '; '.join(config.dns.recursiv['adm']))
v.p('// anti SPAM')
v.p('// Rajout pour generer le forward vers ariane pour la zone rbl-plus.mail-abuse.org --Nico 21/04/02')
with zone("rbl-plus.mail-abuse.org", "forward") as z:
z.p('forward only;')
z.p('forwarders {')
for f in config.dns.parents:
z.p(' %s;' % f)
z.p('};')
print """
// bricoles de config en plus
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "key"; };
};
"""
Reference in a new issue View git blame Copy permalink