mirror of
https://github.com/saltstack-formulas/bind-formula.git
synced 2025-04-17 02:00:23 +00:00
Merge pull request #66 from Aloz1/documentation_pillar.example
Add documentation to pillar.example
This commit is contained in:
Wolodja Wentland
GitHub
commit
2ea6a28ca5
1 changed files with 72 additions and 52 deletions
124
pillar.example
124
pillar.example
|
|
@ -1,82 +1,102 @@
|
||||||
|
# Note - Each section beginning with 'bind:' below represents a different way you may configure
|
||||||
|
pillars for bind. When configuring your pillar(s), you may use any combination of subsections,
|
||||||
|
but salt will not merge sections with the same heading.
|
||||||
|
|
||||||
|
|
||||||
|
### Overrides for the defaults specified by ###
|
||||||
|
### map.jinja ###
|
||||||
bind:
|
bind:
|
||||||
lookup:
|
lookup:
|
||||||
pkgs:
|
pkgs:
|
||||||
- bind
|
- bind # Need to install
|
||||||
service: named
|
service: named # Service name
|
||||||
# take zonefiles from `salt://bind/zonedata`
|
|
||||||
# instead of `salt://zones`:
|
|
||||||
zones_source_dir: bind/zonedata
|
|
||||||
|
|
||||||
|
zones_source_dir: bind/zonedata # Take zonefiles from `salt://bind/zonedata`
|
||||||
|
# instead of `salt://zones`
|
||||||
|
|
||||||
|
|
||||||
|
### General config options ###
|
||||||
bind:
|
bind:
|
||||||
config:
|
config:
|
||||||
tmpl: salt://bind/files/debian/named.conf
|
tmpl: salt://bind/files/debian/named.conf # Template we'd like to use (not implemented?)
|
||||||
user: root
|
user: root # File & Directory user
|
||||||
group: named
|
group: named # File & Directory group
|
||||||
mode: 640
|
mode: 640 # File & Directory mode
|
||||||
options:
|
options:
|
||||||
allow-recursion: '{ any; }' # Never include this on a public resolver
|
allow-recursion: '{ any; }' # Never include this on a public resolver
|
||||||
|
|
||||||
# force bind to serve only one IP protocol (ipv4: 4, ipv6: 6). omitting this reverts to binds default of both.
|
protocol: 4 # Force bind to serve only one IP protocol
|
||||||
protocol: 4
|
# (ipv4: 4, ipv6: 6). Omitting this reverts to
|
||||||
|
# binds default of both.
|
||||||
|
|
||||||
# For Debian based systems:
|
# Debian based systems
|
||||||
# If set to True, the default-zones configuration will be enabled. Defaults to False.
|
default_zones: True # If set to True, the default-zones configuration
|
||||||
default_zones: True
|
# will be enabled. Defaults to False.
|
||||||
# For Debian based systems:
|
|
||||||
# Include any additional configuration file(s) in named.conf
|
|
||||||
includes:
|
|
||||||
- /some/additional/named.conf
|
|
||||||
|
|
||||||
|
includes: # Include any additional configuration file(s) in
|
||||||
|
- /some/additional/named.conf # named.conf
|
||||||
|
|
||||||
|
# End Debian based systems
|
||||||
|
|
||||||
|
### Keys, Zones, ACLs and Views ###
|
||||||
bind:
|
bind:
|
||||||
keys:
|
keys:
|
||||||
"core_dhcp":
|
"core_dhcp": # The name for our key
|
||||||
secret: "YourSecretKey"
|
secret: "YourSecretKey" # The key its self
|
||||||
|
|
||||||
configured_zones:
|
configured_zones:
|
||||||
sub.domain.com:
|
sub.domain.com: # First domain zone
|
||||||
type: master
|
type: master # We're the master of this zone
|
||||||
notify: False
|
notify: False # Don't notify any NS RRs of any changes to zone
|
||||||
also-notify:
|
also-notify: # Do notify these IP addresses (pointless as
|
||||||
|
- 1.1.1.1 # notify has been set to no)
|
||||||
|
- 2.2.2.2
|
||||||
|
|
||||||
|
1.168.192.in-addr.arpa: # Reverse lookup for local IPs
|
||||||
|
type: master # As above
|
||||||
|
notify: False # As above
|
||||||
|
allow-transfer: # As above
|
||||||
- 1.1.1.1
|
- 1.1.1.1
|
||||||
- 2.2.2.2
|
- 2.2.2.2
|
||||||
1.168.192.in-addr.arpa:
|
|
||||||
type: master
|
dynamic.domain.com: # Our ddns zone
|
||||||
notify: False
|
type: master # As above
|
||||||
allow-transfer:
|
allow-update: "key core_dhcp" # Who we allow updates from (refers to above key)
|
||||||
- 1.1.1.1
|
notify: True # Notify NS RRs of changes
|
||||||
- 2.2.2.2
|
|
||||||
dynamic.domain.com:
|
sub.anotherdomain.com: # Another domain zone
|
||||||
type: master
|
type: forward # This time it's a forwarding zone
|
||||||
allow-update: "key core_dhcp"
|
forwarders: # Where we need to forward requests to
|
||||||
notify: True
|
|
||||||
sub.anotherdomain.com:
|
|
||||||
type: forward
|
|
||||||
forwarders:
|
|
||||||
- 10.9.8.7
|
- 10.9.8.7
|
||||||
- 10.9.8.5
|
- 10.9.8.5
|
||||||
sub.forwardonlydomain.com:
|
|
||||||
type: forward
|
sub.forwardonlydomain.com: # Forwarding only domain
|
||||||
forward: only
|
type: forward # As above
|
||||||
forwarders:
|
forward: only # We don't want the server to do any resulving
|
||||||
|
forwarders: # As above (but with different IPs)
|
||||||
- 10.9.8.8
|
- 10.9.8.8
|
||||||
- 10.9.8.9
|
- 10.9.8.9
|
||||||
|
|
||||||
configured_views:
|
configured_views:
|
||||||
myview1:
|
myview1: # First (and only) view
|
||||||
match_clients:
|
match_clients: # The clients we wish to match
|
||||||
- client1
|
- client1
|
||||||
- client2
|
- client2
|
||||||
configured_zones:
|
configured_zones: # Zones that our view is applicable to
|
||||||
my.zone:
|
my.zone: # We've defined a new zone in here
|
||||||
type: master
|
type: master
|
||||||
notify: False
|
notify: False
|
||||||
update_policy:
|
update_policy: # A given update policy
|
||||||
- "grant core_dhcp name dns_entry_allowed_to_update. ANY"
|
- "grant core_dhcp name dns_entry_allowed_to_update. ANY"
|
||||||
configured_acls:
|
|
||||||
my_net:
|
configured_acls: # And now for some ACLs
|
||||||
- 127.0.0.0/8
|
my_net: # Our ACL's name
|
||||||
|
- 127.0.0.0/8 # And the applicable IP addresses
|
||||||
- 10.20.0.0/16
|
- 10.20.0.0/16
|
||||||
|
|
||||||
|
### Externally defined Zones ###
|
||||||
bind:
|
bind:
|
||||||
available_zones:
|
available_zones:
|
||||||
sub.domain.org:
|
sub.domain.org:
|
||||||
file: db.sub.domain.org
|
file: db.sub.domain.org # DB file containing our zone
|
||||||
masters: "192.168.0.1;"
|
masters: "192.168.0.1;" # Masters of this zone
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue