Switch to using only sqlite.
This commit is contained in:
Tom Alexander
parent
d78380f6bd
commit
f2526cc768
GPG Key ID:
D3A179C9A53C0EDE
@ -1,7 +1,7 @@
|
|||||||
$ORIGIN fizz.buzz.
|
$ORIGIN fizz.buzz.
|
||||||
@ 3600 IN SOA ns1.fizz.buzz. (
|
@ 3600 IN SOA ns1.fizz.buzz. (
|
||||||
dnsadm.choopa.com. ; E-Mail of responsible person
|
dnsadm.choopa.com. ; E-Mail of responsible person
|
||||||
2023061800 ; serial
|
2023061900 ; serial
|
||||||
7200 ; refresh (2 hours)
|
7200 ; refresh (2 hours)
|
||||||
3600 ; retry (1 hour)
|
3600 ; retry (1 hour)
|
||||||
1209600 ; expire (2 weeks)
|
1209600 ; expire (2 weeks)
|
||||||
@ -9,25 +9,30 @@ $ORIGIN fizz.buzz.
|
|||||||
)
|
)
|
||||||
|
|
||||||
3600 IN NS ns1.fizz.buzz.
|
3600 IN NS ns1.fizz.buzz.
|
||||||
; 3600 IN NS ns2.fizz.buzz.
|
3600 IN NS ns2.fizz.buzz.
|
||||||
|
3600 IN NS ns5.he.net.
|
||||||
|
3600 IN NS ns4.he.net.
|
||||||
|
3600 IN NS ns3.he.net.
|
||||||
|
3600 IN NS ns2.he.net.
|
||||||
|
3600 IN NS ns1.he.net.
|
||||||
|
|
||||||
; Allow receiving mail at fizz.buzz
|
; Allow receiving mail at fizz.buzz
|
||||||
1h IN MX 10 in1-smtp.messagingengine.com
|
IN MX 10 in1-smtp.messagingengine.com
|
||||||
1h IN MX 20 in2-smtp.messagingengine.com
|
IN MX 20 in2-smtp.messagingengine.com
|
||||||
|
|
||||||
; Allows receivers to know you send your mail via Fastmail, and other servers
|
; Allows receivers to know you send your mail via Fastmail, and other servers
|
||||||
1h IN TXT v=spf1 include:spf.messagingengine.com ?all
|
IN TXT v=spf1 include:spf.messagingengine.com ?all
|
||||||
|
|
||||||
ns1 IN A 74.80.180.138
|
ns1 IN A 74.80.180.138
|
||||||
; ns2 IN A 74.80.180.138
|
ns2 IN A 74.80.180.138
|
||||||
|
|
||||||
; Allow receiving mail on subdomains
|
; Allow receiving mail on subdomains
|
||||||
* 1h IN MX 10 in1-smtp.messagingengine.com
|
* IN MX 10 in1-smtp.messagingengine.com
|
||||||
* 1h IN MX 20 in2-smtp.messagingengine.com
|
* IN MX 20 in2-smtp.messagingengine.com
|
||||||
|
|
||||||
; The A-records for mail.fizz.buzz override the wildcard, so we have to manually re-create the MX records
|
; The A-records for mail.fizz.buzz override the wildcard, so we have to manually re-create the MX records
|
||||||
mail 1h IN MX 10 in1-smtp.messagingengine.com
|
mail IN MX 10 in1-smtp.messagingengine.com
|
||||||
mail 1h IN MX 20 in2-smtp.messagingengine.com
|
mail IN MX 20 in2-smtp.messagingengine.com
|
||||||
|
|
||||||
; Access webmail at mail.fizz.buzz
|
; Access webmail at mail.fizz.buzz
|
||||||
mail IN A 103.168.172.47
|
mail IN A 103.168.172.47
|
||||||
|
|||||||
@ -1,11 +1,12 @@
|
|||||||
launch=gsqlite3,bind
|
launch=gsqlite3
|
||||||
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
|
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
|
||||||
gsqlite3-pragma-foreign-keys=yes
|
gsqlite3-pragma-foreign-keys=yes
|
||||||
bind-config=/usr/local/etc/pdns/bind.conf
|
|
||||||
master=yes
|
master=yes
|
||||||
allow-axfr-ips=
|
allow-axfr-ips=
|
||||||
dnsupdate=yes
|
dnsupdate=yes
|
||||||
allow-dnsupdate-from=
|
allow-dnsupdate-from=10.215.1.0/24
|
||||||
|
# Only notify on ipv4
|
||||||
|
only-notify=0.0.0.0/0
|
||||||
|
|
||||||
# Autogenerated configuration file template
|
# Autogenerated configuration file template
|
||||||
|
|
||||||
|
|||||||
@ -1,4 +1,3 @@
|
|||||||
# NOTE: I had to disable bind and manually create the fizz.buzz zone with the sqlite backend or else the metadata updates would have no effect.
|
|
||||||
- name: Install packages
|
- name: Install packages
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
@ -24,7 +23,6 @@
|
|||||||
group: pdns
|
group: pdns
|
||||||
loop:
|
loop:
|
||||||
- /var/lib/powerdns
|
- /var/lib/powerdns
|
||||||
- /var/lib/powerdns/zones/
|
|
||||||
|
|
||||||
- name: Copy files
|
- name: Copy files
|
||||||
copy:
|
copy:
|
||||||
@ -41,19 +39,22 @@
|
|||||||
|
|
||||||
- name: Initialize DB
|
- name: Initialize DB
|
||||||
command: "sudo -u pdns sqlite3 -init /usr/local/share/doc/powerdns/schema.sqlite3.sql /var/lib/powerdns/pdns.sqlite3"
|
command: "sudo -u pdns sqlite3 -init /usr/local/share/doc/powerdns/schema.sqlite3.sql /var/lib/powerdns/pdns.sqlite3"
|
||||||
|
register: initdb
|
||||||
args:
|
args:
|
||||||
creates: "/var/lib/powerdns/pdns.sqlite3"
|
creates: "/var/lib/powerdns/pdns.sqlite3"
|
||||||
|
|
||||||
- name: Copy files
|
- name: Initialize DB
|
||||||
copy:
|
when: initdb.changed
|
||||||
src: "files/{{ item.src }}"
|
register: initsql
|
||||||
dest: "{{ item.dest }}"
|
command: "sudo -u pdns zone2sql zone2sql --gsqlite=yes --named-conf=/usr/local/etc/pdns/bind.conf --transactions=yes"
|
||||||
mode: 0644
|
args:
|
||||||
owner: pdns
|
stdin: "{{ lookup('file', 'master.db') }}"
|
||||||
group: pdns
|
|
||||||
loop:
|
- name: Initialize DB
|
||||||
- src: master.db
|
when: initdb.changed
|
||||||
dest: /var/lib/powerdns/zones/
|
command: "sudo -u pdns sqlite3 /var/lib/powerdns/pdns.sqlite3"
|
||||||
|
args:
|
||||||
|
stdin: "{{ initsql.stdout }}"
|
||||||
|
|
||||||
- name: Check TSIG keys
|
- name: Check TSIG keys
|
||||||
command: pdnsutil list-tsig-keys
|
command: pdnsutil list-tsig-keys
|
||||||
@ -89,3 +90,16 @@
|
|||||||
command: pdnsutil add-meta fizz.buzz TSIG-ALLOW-DNSUPDATE externaldns
|
command: pdnsutil add-meta fizz.buzz TSIG-ALLOW-DNSUPDATE externaldns
|
||||||
when: '"externaldns" not in tsigallowupdate.stdout'
|
when: '"externaldns" not in tsigallowupdate.stdout'
|
||||||
|
|
||||||
|
- name: Check ALLOW-DNSUPDATE-FROM
|
||||||
|
command: pdnsutil get-meta fizz.buzz ALLOW-DNSUPDATE-FROM
|
||||||
|
register: allowdnsupdatefrom
|
||||||
|
changed_when: false
|
||||||
|
check_mode: no
|
||||||
|
|
||||||
|
- name: Allow IP addresses
|
||||||
|
command: pdnsutil add-meta fizz.buzz ALLOW-DNSUPDATE-FROM 10.215.1.0/24
|
||||||
|
when: '"10.215.1.0/24" not in allowdnsupdatefrom.stdout'
|
||||||
|
|
||||||
|
- name: Allow AXFR from the externaldns tsig key
|
||||||
|
command: pdnsutil add-meta fizz.buzz TSIG-ALLOW-AXFR externaldns
|
||||||
|
when: '"externaldns" not in tsigaxfr.stdout'
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user