dns.conf 2.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. #
  2. # DNS service checks (Salt maanged)
  3. #
  4. {%- set reference_ns = salt['pillar.get']('dns-server:reference_ns') %}
  5. {%- set zones = salt['pillar.get']('dns-server:zones', {}).keys ()|sort %}
  6. ################################################################################
  7. # Internal DNS services #
  8. ################################################################################
  9. # Check DNS Anycast address
  10. object Host "dns.srv.in.ffho.net" {
  11. import "generic-dummy-host"
  12. display_name = "dns.srv.in.ffho.net"
  13. address = "10.132.251.53"
  14. address6 = "2a03:2260:2342:f251::53"
  15. vars.roles = [
  16. "dns",
  17. ]
  18. }
  19. # Check DNS anycast nodes
  20. apply Service "dns4" {
  21. import "generic-service"
  22. check_command = "dns"
  23. vars.dns_lookup = "dns.srv.in.ffho.net"
  24. vars.dns_expected_answer = "10.132.251.53"
  25. vars.dns_server = host.address
  26. assign where host.address && "dns-auth" in host.vars.roles
  27. }
  28. apply Service "dns6" {
  29. import "generic-service"
  30. check_command = "dns"
  31. vars.dns_lookup = "dns.srv.in.ffho.net"
  32. vars.dns_expected_answer = "10.132.251.53"
  33. vars.dns_server = host.address6
  34. assign where host.address6 && "dns-auth" in host.vars.roles
  35. }
  36. # Check if DNS nodes are in sync with auth server
  37. apply Service "dns_sync" {
  38. import "generic-service"
  39. check_command = "dns_sync"
  40. vars.reference_ns = "{{ reference_ns }}"
  41. vars.replica_ns = host.address
  42. vars.zones = [
  43. {%- for zone in zones %}
  44. "{{ zone }}",
  45. {%- endfor %}
  46. ]
  47. assign where host.address && "dns-auth" in host.vars.roles
  48. ignore where "dns-server-master" in host.vars.roles
  49. }
  50. ################################################################################
  51. # External DNS replicas #
  52. ################################################################################
  53. {%- for replica, IPs in salt['pillar.get']('dns-server:acls:replicas', {}).items()|sort %}
  54. apply Service "dns_sync_{{ replica }}" {
  55. import "generic-service"
  56. check_command = "dns_sync"
  57. vars.reference_ns = "{{ reference_ns }}"
  58. vars.replica_ns = "{{ IPs[0] }}"
  59. vars.zones = [
  60. "ffho.net",
  61. "hochstift.freifunk.net",
  62. "paderborn.freifunk.net",
  63. ]
  64. assign where "dns-server-master" in host.vars.roles
  65. }
  66. {%- endfor %}