projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
named: add more dnsnode server ACLs
[mirror/dsa-puppet.git] / modules / named / templates / named.conf.options.erb
diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb
index 5c649bb..c6c6d4a 100644 (file)
--- a/modules/named/templates/named.conf.options.erb
+++ b/modules/named/templates/named.conf.options.erb
@@ -42,15 +42,6 @@ options {
        dnssec-validation yes;
 <% end -%>
 
-<% if scope.function_has_role(['dns_secondary']) -%>
-       rate-limit {
-               responses-per-second 25;
-               window 5;
-               slip 5;
-               qps-scale 250;
-       };
-<% end -%>
-
        // Defaults are 100 and 10, causing lots and lots of tiny updates.
        // This way, I hope, we'll get fewer (and thus bigger) updates. -- weasel
        sig-signing-nodes 5000;
@@ -83,4 +74,49 @@ logging {
 
 };
 
+<% if scope.function_has_role(['dns_primary']) -%>
+masters "easydns-masters" {
+       // https://cp.easydns.com/manage/domains/secondary/edit.php
+       64.68.200.91;
+       205.210.42.80;
+};
+acl "easydns-ACL" {
+       // https://cp.easydns.com/manage/domains/secondary/edit.php
+       64.68.200.91/32;
+       205.210.42.80/32;
+       key 82.195.75.91-key ;
+};
+
+masters "rcode0-masters" {
+       83.136.34.7;   // rcode0.net ipv4 ntfy
+       2A02:850:8::6; // rcode0.net ipv6 ntfy
+};
+acl "rcode0-ACL" {
+       83.136.34.0/27;  // rcode0.net ipv4 axfr
+       2A02:850:8::/47; // rcode0.net ipv6 axfr
+};
+
+masters "dnsnode-masters" {
+       192.36.144.222; // zork-b.sth.dnsnode.net
+       192.36.144.218; // zork-c.sth.dnsnode.net
+};
+acl "dnsnode-ACL" {
+       192.36.144.222; // zork-b.sth.dnsnode.net
+       192.36.144.218; // zork-c.sth.dnsnode.net
+};
+
+masters "dnsnodeapi-masters" {
+       194.146.105.24; // zorknds-b.sth.dnsnode.net
+       2a01:3f0:0:27::24;
+       194.146.105.25; // zorknds-c.sth.dnsnode.net
+       2a01:3f0:0:28::25;
+};
+acl "dnsnodeapi-ACL" {
+       194.146.105.24; // zorknds-b.sth.dnsnode.net
+       2a01:3f0:0:27::24;
+       194.146.105.25; // zorknds-c.sth.dnsnode.net
+       2a01:3f0:0:28::25;
+};
+<% end -%>
+
 include "/etc/bind/named.conf.puppet-shared-keys";
Unnamed repository; edit this file 'description' to name the repository.