From 5bc038e3d28ebe17d30478f0f665ddc20d83c8f6 Mon Sep 17 00:00:00 2001 From: giomba Date: Tue, 18 Jun 2024 23:20:41 +0200 Subject: [PATCH 1/2] bind: add configuration. --- bind/db.golem.linux.it | 95 ++++++++++++++++++++++++++++++++++++++++++ bind/named.conf.local | 34 +++++++++++++++ 2 files changed, 129 insertions(+) create mode 100644 bind/db.golem.linux.it create mode 100644 bind/named.conf.local diff --git a/bind/db.golem.linux.it b/bind/db.golem.linux.it new file mode 100644 index 0000000..db6a0ed --- /dev/null +++ b/bind/db.golem.linux.it @@ -0,0 +1,95 @@ +; +================+ +; BIND data file for | GOLEM.LINUX.IT | +; +================+ +; +; IMPORTANT: Always remember to update the Serial number after any change, +; otherwise new records will not be retrieved by other DNS servers, +; and they will not propagate. +$TTL 3600 +@ IN SOA ns.golem.linux.it. info.golem.linux.it. ( + 2024060302 ; Serial + 14400 ; Refresh + 86400 ; Retry + 604800 ; Expire + 86400 ) ; Negative Cache TTL + +; name servers - NS records + IN NS ns.golem.linux.it. + IN NS ns.linux.it. + IN NS ns.giomba.it. + IN NS ns.firenze.linux.it. + +; dynamic name server for computers in Officina +andromeda.officina.golem.linux.it. IN AAAA 2001:470:c844:200:2e0:81ff:fed0:ec03 + +; mail -- mailbox.org +golem.linux.it. IN MX 10 mxext1.mailbox.org. +golem.linux.it. IN MX 10 mxext2.mailbox.org. +golem.linux.it. IN MX 20 mxext3.mailbox.org. +0c11bf06d09019ef480ae8d7a6a3ebe5c269405d.golem.linux.it. IN TXT 2593cd5dd048c3264223b52a5290fb9e0f6fedba +golem.linux.it. IN TXT "v=spf1 include:mailbox.org -all" +golem.linux.it. IN A 152.228.140.73 + +; hosts - A records +ns.golem.linux.it. IN A 152.228.140.73 +ns.golem.linux.it. IN AAAA 2001:470:c844::11 + +; VPS +atena IN A 152.228.140.73 +atena IN AAAA 2001:470:c844::11 +ipv4.atena IN A 152.228.140.73 +ipv6.atena IN AAAA 2001:41d0:404:200::947f +; use ipv4 or ipv6 to only get the ipv4 or ipv6 address -- needed for some buggy apps +ipv4.golem.linux.it. IN A 152.228.140.73 +ipv6.golem.linux.it. IN AAAA 2001:470:c844::11 +; "Gestionale dei soci", migrated on VPS +argento IN CNAME atena + +; vital mnemonic services +ns6.golem.linux.it. IN CNAME ipv6.golem.linux.it. +www.golem.linux.it. IN CNAME golem.linux.it. + +; Network equipment +porceddu.net IN AAAA 2001:470:c844:200::1 +scatolotto.net IN AAAA 2001:470:c844::200 + +; VPN +vpn IN CNAME ipv4.atena + +; web +archivio IN CNAME atena +blog IN CNAME atena +build IN CNAME atena +cgi IN CNAME atena +ci IN CNAME atena +cloud IN CNAME atena +digitalecivile IN CNAME atena +git IN CNAME atena +hub.docker IN CNAME atena +matrix IN CNAME atena +websdr IN CNAME atena +wiki IN CNAME atena + +; servers in Officina +backupper IN AAAA 2001:470:c844:200:4c9a:3fff:fe98:663c +builder IN AAAA 2001:470:c844:200:b867:2ff:fe66:f76b +cassone IN AAAA 2001:470:c844:200:ec5b:2bff:febd:d71a +cerbero IN AAAA 2001:470:c844:200::1111:4242 +screensy IN AAAA 2001:470:c844:200:1447:55ff:fe54:279e +; Dead servers, their services are moved +cassiopea IN CNAME cerbero +servirtualozzo.cassiopea IN CNAME cassone +vupiuesse.andromeda IN CNAME cassone + +; workstations in Officina +stampante3d.officina IN AAAA 2001:470:c844:200:10ab:2782:dcdf:8ebb +golem-sala-corsi.officina IN AAAA 2001:470:c844:200:4c47:aaf:6c2d:a08c +laptopless.officina IN AAAA 2001:470:c844:200:2c0:9fff:fefc:123c +limortouch.officina IN AAAA 2001:470:c844:200:167e:8920:7567:a49b + +; soci +spookyh-vm0.soci IN AAAA 2001:470:c844:200:3467:6bff:fe6b:1045 + +; tests +comment-0 IN TXT "Serata di test 30 maggio 2024" + diff --git a/bind/named.conf.local b/bind/named.conf.local new file mode 100644 index 0000000..75a0688 --- /dev/null +++ b/bind/named.conf.local @@ -0,0 +1,34 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +zone "golem.linux.it" { + type master; + file "/etc/bind/zones/db.golem.linux.it"; + allow-transfer { + 213.254.12.144/28; // Tutta ILS + 2001:1418:10:5::0/64; // Tutta (?) ILS IPv6 (?) + 2001:4b78:2000::/48; // Tutto Marco d'Itri (BOFH) + 85.94.204.144/28; // Tutto Marco d'Itri (BOFH) + 2001:470:c844::/48; // GOLEM network + 51.255.204.171/32; // ns.giomba.it + 90.147.189.115/32; // ns.firenze.linux.it + }; +}; + +zone "firenze.linux.it" { + type slave; + file "/var/cache/bind/db.firenze.golem.linux.it"; + masters { 90.147.189.115; }; +}; + +zone "giomba.it" { + type slave; + file "/var/cache/bind/db.giomba.it"; + masters { 51.255.204.171; }; +}; + From 025f474cd094d0b370af8be5dbc89f5932bf0402 Mon Sep 17 00:00:00 2001 From: Lan Quil Date: Tue, 18 Jun 2024 23:26:47 +0200 Subject: [PATCH 2/2] Move new bind files to playbook files dir --- bind/db.golem.linux.it | 95 -------------------------------------- bind/named.conf.local | 34 -------------- playbooks/files/bind/conf | 40 ++++++++++++---- playbooks/files/bind/zones | 19 ++++---- 4 files changed, 41 insertions(+), 147 deletions(-) delete mode 100644 bind/db.golem.linux.it delete mode 100644 bind/named.conf.local diff --git a/bind/db.golem.linux.it b/bind/db.golem.linux.it deleted file mode 100644 index db6a0ed..0000000 --- a/bind/db.golem.linux.it +++ /dev/null @@ -1,95 +0,0 @@ -; +================+ -; BIND data file for | GOLEM.LINUX.IT | -; +================+ -; -; IMPORTANT: Always remember to update the Serial number after any change, -; otherwise new records will not be retrieved by other DNS servers, -; and they will not propagate. -$TTL 3600 -@ IN SOA ns.golem.linux.it. info.golem.linux.it. ( - 2024060302 ; Serial - 14400 ; Refresh - 86400 ; Retry - 604800 ; Expire - 86400 ) ; Negative Cache TTL - -; name servers - NS records - IN NS ns.golem.linux.it. - IN NS ns.linux.it. - IN NS ns.giomba.it. - IN NS ns.firenze.linux.it. - -; dynamic name server for computers in Officina -andromeda.officina.golem.linux.it. IN AAAA 2001:470:c844:200:2e0:81ff:fed0:ec03 - -; mail -- mailbox.org -golem.linux.it. IN MX 10 mxext1.mailbox.org. -golem.linux.it. IN MX 10 mxext2.mailbox.org. -golem.linux.it. IN MX 20 mxext3.mailbox.org. -0c11bf06d09019ef480ae8d7a6a3ebe5c269405d.golem.linux.it. IN TXT 2593cd5dd048c3264223b52a5290fb9e0f6fedba -golem.linux.it. IN TXT "v=spf1 include:mailbox.org -all" -golem.linux.it. IN A 152.228.140.73 - -; hosts - A records -ns.golem.linux.it. IN A 152.228.140.73 -ns.golem.linux.it. IN AAAA 2001:470:c844::11 - -; VPS -atena IN A 152.228.140.73 -atena IN AAAA 2001:470:c844::11 -ipv4.atena IN A 152.228.140.73 -ipv6.atena IN AAAA 2001:41d0:404:200::947f -; use ipv4 or ipv6 to only get the ipv4 or ipv6 address -- needed for some buggy apps -ipv4.golem.linux.it. IN A 152.228.140.73 -ipv6.golem.linux.it. IN AAAA 2001:470:c844::11 -; "Gestionale dei soci", migrated on VPS -argento IN CNAME atena - -; vital mnemonic services -ns6.golem.linux.it. IN CNAME ipv6.golem.linux.it. -www.golem.linux.it. IN CNAME golem.linux.it. - -; Network equipment -porceddu.net IN AAAA 2001:470:c844:200::1 -scatolotto.net IN AAAA 2001:470:c844::200 - -; VPN -vpn IN CNAME ipv4.atena - -; web -archivio IN CNAME atena -blog IN CNAME atena -build IN CNAME atena -cgi IN CNAME atena -ci IN CNAME atena -cloud IN CNAME atena -digitalecivile IN CNAME atena -git IN CNAME atena -hub.docker IN CNAME atena -matrix IN CNAME atena -websdr IN CNAME atena -wiki IN CNAME atena - -; servers in Officina -backupper IN AAAA 2001:470:c844:200:4c9a:3fff:fe98:663c -builder IN AAAA 2001:470:c844:200:b867:2ff:fe66:f76b -cassone IN AAAA 2001:470:c844:200:ec5b:2bff:febd:d71a -cerbero IN AAAA 2001:470:c844:200::1111:4242 -screensy IN AAAA 2001:470:c844:200:1447:55ff:fe54:279e -; Dead servers, their services are moved -cassiopea IN CNAME cerbero -servirtualozzo.cassiopea IN CNAME cassone -vupiuesse.andromeda IN CNAME cassone - -; workstations in Officina -stampante3d.officina IN AAAA 2001:470:c844:200:10ab:2782:dcdf:8ebb -golem-sala-corsi.officina IN AAAA 2001:470:c844:200:4c47:aaf:6c2d:a08c -laptopless.officina IN AAAA 2001:470:c844:200:2c0:9fff:fefc:123c -limortouch.officina IN AAAA 2001:470:c844:200:167e:8920:7567:a49b - -; soci -spookyh-vm0.soci IN AAAA 2001:470:c844:200:3467:6bff:fe6b:1045 - -; tests -comment-0 IN TXT "Serata di test 30 maggio 2024" - diff --git a/bind/named.conf.local b/bind/named.conf.local deleted file mode 100644 index 75a0688..0000000 --- a/bind/named.conf.local +++ /dev/null @@ -1,34 +0,0 @@ -// -// Do any local configuration here -// - -// Consider adding the 1918 zones here, if they are not used in your -// organization -//include "/etc/bind/zones.rfc1918"; - -zone "golem.linux.it" { - type master; - file "/etc/bind/zones/db.golem.linux.it"; - allow-transfer { - 213.254.12.144/28; // Tutta ILS - 2001:1418:10:5::0/64; // Tutta (?) ILS IPv6 (?) - 2001:4b78:2000::/48; // Tutto Marco d'Itri (BOFH) - 85.94.204.144/28; // Tutto Marco d'Itri (BOFH) - 2001:470:c844::/48; // GOLEM network - 51.255.204.171/32; // ns.giomba.it - 90.147.189.115/32; // ns.firenze.linux.it - }; -}; - -zone "firenze.linux.it" { - type slave; - file "/var/cache/bind/db.firenze.golem.linux.it"; - masters { 90.147.189.115; }; -}; - -zone "giomba.it" { - type slave; - file "/var/cache/bind/db.giomba.it"; - masters { 51.255.204.171; }; -}; - diff --git a/playbooks/files/bind/conf b/playbooks/files/bind/conf index 37a2dd2..8e30d0b 100644 --- a/playbooks/files/bind/conf +++ b/playbooks/files/bind/conf @@ -1,11 +1,33 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + zone "golem.linux.it" { - type master; - file "/etc/bind/db.golem.linux.it"; - allow-transfer { - 213.254.12.144/28; // Tutta ILS - 2001:1418:10:5::0/64; // Tutta (?) ILS IPv6 (?) - 2001:4b78:2000::/48; // Tutto Marco d'Itri (BOFH) - 85.94.204.144/28; // Tutto Marco d'Itri (BOFH) - 2001:470:c844::/48; // GOLEM network - }; + type master; + file "/etc/bind/zones/db.golem.linux.it"; + allow-transfer { + 213.254.12.144/28; // Tutta ILS + 2001:1418:10:5::0/64; // Tutta (?) ILS IPv6 (?) + 2001:4b78:2000::/48; // Tutto Marco d'Itri (BOFH) + 85.94.204.144/28; // Tutto Marco d'Itri (BOFH) + 2001:470:c844::/48; // GOLEM network + 51.255.204.171/32; // ns.giomba.it + 90.147.189.115/32; // ns.firenze.linux.it + }; +}; + +zone "firenze.linux.it" { + type slave; + file "/var/cache/bind/db.firenze.golem.linux.it"; + masters { 90.147.189.115; }; +}; + +zone "giomba.it" { + type slave; + file "/var/cache/bind/db.giomba.it"; + masters { 51.255.204.171; }; }; diff --git a/playbooks/files/bind/zones b/playbooks/files/bind/zones index b3528f1..c0456ed 100644 --- a/playbooks/files/bind/zones +++ b/playbooks/files/bind/zones @@ -6,17 +6,18 @@ ; otherwise new records will not be retrieved by other DNS servers, ; and they will not propagate. $TTL 3600 -@ IN SOA vostok.giomba.it. info.golem.linux.it. ( - 2024032600 ; Serial - 3600 ; Refresh +@ IN SOA ns.golem.linux.it. info.golem.linux.it. ( + 2024060302 ; Serial + 14400 ; Refresh 86400 ; Retry - 86400 ; Expire + 604800 ; Expire 86400 ) ; Negative Cache TTL ; name servers - NS records - IN NS vostok.giomba.it. + IN NS ns.golem.linux.it. IN NS ns.linux.it. - IN NS ns.giomba.it. + IN NS ns.giomba.it. + IN NS ns.firenze.linux.it. ; dynamic name server for computers in Officina andromeda.officina.golem.linux.it. IN AAAA 2001:470:c844:200:2e0:81ff:fed0:ec03 @@ -31,7 +32,7 @@ golem.linux.it. IN A 152.228.140.73 ; hosts - A records ns.golem.linux.it. IN A 152.228.140.73 -ns.golem.linux.it. IN AAAA 2001:470:c844::2 +ns.golem.linux.it. IN AAAA 2001:470:c844::11 ; VPS atena IN A 152.228.140.73 @@ -40,7 +41,7 @@ ipv4.atena IN A 152.228.140.73 ipv6.atena IN AAAA 2001:41d0:404:200::947f ; use ipv4 or ipv6 to only get the ipv4 or ipv6 address -- needed for some buggy apps ipv4.golem.linux.it. IN A 152.228.140.73 -ipv6.golem.linux.it. IN AAAA 2001:470:c844::2 +ipv6.golem.linux.it. IN AAAA 2001:470:c844::11 ; "Gestionale dei soci", migrated on VPS argento IN CNAME atena @@ -90,4 +91,4 @@ limortouch.officina IN AAAA 2001:470:c844:200:167e:8920:7567:a49b spookyh-vm0.soci IN AAAA 2001:470:c844:200:3467:6bff:fe6b:1045 ; tests -comment-0 IN TXT "There has been an error in the authoritative DNS for years and we only discover it now?" +comment-0 IN TXT "Serata di test 30 maggio 2024"