FreifunkHochstift
/
ffho-salt-public


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
							#
# DNS service checks (Salt maanged)
#
{%- set reference_ns = salt['pillar.get']('dns-server:reference_ns') %}
{%- set zones = salt['pillar.get']('dns-server:zones', {}).keys ()|sort %}

################################################################################
#                            Internal DNS services                             #
################################################################################

# Check DNS Anycast address
object Host "dns.srv.in.ffho.net" {
	import "generic-dummy-host"

	display_name = "dns.srv.in.ffho.net"

	address = "10.132.251.53"
	address6 = "2a03:2260:2342:f251::53"

	vars.roles = [
		"dns",
	]
}									


# Check DNS anycast nodes
apply Service "dns4" {
	import "generic-service"

	check_command = "dns"
	vars.dns_lookup = "dns.srv.in.ffho.net"
        vars.dns_expected_answer = "10.132.251.53"
	vars.dns_server = host.address

	assign where host.address && "dns-auth" in host.vars.roles
}

apply Service "dns6" {
	import "generic-service"

	check_command = "dns"
	vars.dns_lookup = "dns.srv.in.ffho.net"
        vars.dns_expected_answer = "10.132.251.53"
	vars.dns_server = host.address6

	assign where host.address6 && "dns-auth" in host.vars.roles
}


# Check if DNS nodes are in sync with auth server
apply Service "dns_sync" {
	import "generic-service"

	check_command = "dns_sync"
	vars.reference_ns = "{{ reference_ns }}"
	vars.replica_ns = host.address
	vars.zones = [
{%- for zone in zones %}
		"{{ zone }}",
{%- endfor %}
	]

	assign where host.address && "dns-auth" in host.vars.roles
	ignore where "dns-server-master" in host.vars.roles
}


################################################################################
#                            External DNS replicas                             #
################################################################################

{%- for replica, IPs in salt['pillar.get']('dns-server:acls:replicas', {}).items()|sort %}
apply Service "dns_sync_{{ replica }}" {
	import "generic-service"

	check_command = "dns_sync"
	vars.reference_ns = "{{ reference_ns }}"
	vars.replica_ns = "{{ IPs[0] }}"
	vars.zones = [
		"ffho.net",
		"hochstift.freifunk.net",
		"paderborn.freifunk.net",
	]

	assign where "dns-server-master" in host.vars.roles
}

{%- endfor %}