Successfully notifying hurricane electric when DNS updates are pushed.

2023-06-20 00:24:47 -04:00 · 2023-06-20 00:24:47 -04:00 · e755cb4251
commit e755cb4251
parent 2e4c2c3f9b
3 changed files with 54 additions and 12 deletions
--- a/ansible/roles/public_dns/files/master.db
+++ b/ansible/roles/public_dns/files/master.db
@ -17,8 +17,8 @@ $ORIGIN fizz.buzz.
 	3600 IN NS ns1.he.net.
 ; Allow receiving mail at fizz.buzz
-IN MX 10 in1-smtp.messagingengine.com
+  IN  MX 10 in1-smtp.messagingengine.com.
-IN MX 20 in2-smtp.messagingengine.com
+  IN  MX 20 in2-smtp.messagingengine.com.
 ; Allows receivers to know you send your mail via Fastmail, and other servers
 IN TXT v=spf1 include:spf.messagingengine.com ?all
@ -27,12 +27,12 @@ ns1     IN A     74.80.180.138
 ns2     IN A     74.80.180.138
 ; Allow receiving mail on subdomains
-* IN MX 10 in1-smtp.messagingengine.com
+* IN MX 10 in1-smtp.messagingengine.com.
-* IN MX 20 in2-smtp.messagingengine.com
+* IN MX 20 in2-smtp.messagingengine.com.
 ; The A-records for mail.fizz.buzz override the wildcard, so we have to manually re-create the MX records
-mail IN MX 10 in1-smtp.messagingengine.com
+mail IN MX 10 in1-smtp.messagingengine.com.
-mail IN MX 20 in2-smtp.messagingengine.com
+mail IN MX 20 in2-smtp.messagingengine.com.
 ; Access webmail at mail.fizz.buzz
 mail    IN A     103.168.172.47
--- a/ansible/roles/public_dns/files/pdns.conf
+++ b/ansible/roles/public_dns/files/pdns.conf
@ -1,12 +1,13 @@
 launch=gsqlite3
 gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
 gsqlite3-pragma-foreign-keys=yes
-master=yes
+primary=yes
 allow-axfr-ips=
 dnsupdate=yes
-allow-dnsupdate-from=10.215.1.0/24
+allow-dnsupdate-from=
-# Only notify on ipv4
+# Only notify ns1.he.net
-only-notify=0.0.0.0/0
+only-notify=216.218.130.2/32, 10.215.1.0/24
 also-notify=216.218.130.2
 # Autogenerated configuration file template
--- a/ansible/roles/public_dns/tasks/freebsd.yaml
+++ b/ansible/roles/public_dns/tasks/freebsd.yaml
@ -23,6 +23,7 @@
    group: pdns
  loop:
    - /var/lib/powerdns
    - /var/lib/powerdns/zones
 - name: Copy files
  copy:
@ -37,6 +38,17 @@
    - src: bind.conf
      dest: /usr/local/etc/pdns/
 - name: Copy files
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: pdns
    group: pdns
  loop:
    - src: master.db
      dest: /var/lib/powerdns/zones/
 - name: Initialize DB
  command: "sudo -u pdns sqlite3 -init /usr/local/share/doc/powerdns/schema.sqlite3.sql /var/lib/powerdns/pdns.sqlite3"
  register: initdb
@ -47,8 +59,6 @@
  when: initdb.changed
  register: initsql
  command: "sudo -u pdns zone2sql zone2sql --gsqlite=yes --named-conf=/usr/local/etc/pdns/bind.conf --transactions=yes"
  args:
    stdin: "{{ lookup('file', 'master.db') }}"
 - name: Initialize DB
  when: initdb.changed
@ -103,3 +113,34 @@
 - name: Allow AXFR from the externaldns tsig key
  command: pdnsutil add-meta fizz.buzz TSIG-ALLOW-AXFR externaldns
  when: '"externaldns" not in tsigaxfr.stdout'
 - name: Check AXFR-MASTER-TSIG
  command: pdnsutil get-meta fizz.buzz AXFR-MASTER-TSIG
  register: signnotify
  changed_when: false
  check_mode: no
 - name: Sign the notifications
  command: pdnsutil set-meta fizz.buzz AXFR-MASTER-TSIG secureaxfr
  when: '"secureaxfr" not in signnotify.stdout'
 - name: Check NOTIFY-DNSUPDATE
  command: pdnsutil get-meta fizz.buzz NOTIFY-DNSUPDATE
  register: notifydnsupdate
  changed_when: false
  check_mode: no
 - name: Send out notifications on dns update
  command: pdnsutil set-meta fizz.buzz NOTIFY-DNSUPDATE 1
  when: '"1" not in notifydnsupdate.stdout'
 - name: Check zone kind
  command: pdnsutil show-zone fizz.buzz
  register: showzone
  changed_when: false
  check_mode: no
 - name: Set to Master to enable pushing updates
  command: pdnsutil set-kind fizz.buzz primary
  when: '"Master" not in showzone.stdout'