# # DNS service checks (Salt maanged) # {%- set reference_ns = salt['pillar.get']('dns-server:reference_ns') %} {%- set zones = salt['pillar.get']('dns-server:zones', {}).keys ()|sort %} ################################################################################ # Internal DNS services # ################################################################################ # Check DNS Anycast address object Host "dns.srv.in.ffho.net" { import "generic-dummy-host" display_name = "dns.srv.in.ffho.net" address = "10.132.251.53" address6 = "2a03:2260:2342:f251::53" vars.roles = [ "dns", ] } # Check DNS anycast nodes apply Service "dns4" { import "generic-service" check_command = "dns" vars.dns_lookup = "dns.srv.in.ffho.net" vars.dns_expected_answer = "10.132.251.53" vars.dns_server = host.address assign where host.address && "dns-auth" in host.vars.roles } apply Service "dns6" { import "generic-service" check_command = "dns" vars.dns_lookup = "dns.srv.in.ffho.net" vars.dns_expected_answer = "10.132.251.53" vars.dns_server = host.address6 assign where host.address6 && "dns-auth" in host.vars.roles } # Check if DNS nodes are in sync with auth server apply Service "dns_sync" { import "generic-service" check_command = "dns_sync" vars.reference_ns = "{{ reference_ns }}" vars.replica_ns = host.address vars.zones = [ {%- for zone in zones %} "{{ zone }}", {%- endfor %} ] assign where host.address && "dns-auth" in host.vars.roles ignore where "dns-server-master" in host.vars.roles } ################################################################################ # External DNS services # ################################################################################ apply Service "dns_sync_dns01.srv.rfc2324.org" { import "generic-service" check_command = "dns_sync" vars.reference_ns = "{{ reference_ns }}" vars.replica_ns = "31.172.8.66" vars.zones = [ "ffho.net", "hochstift.freifunk.net", "paderborn.freifunk.net", ] assign where "dns-server-master" in host.vars.roles }