From d67e9f86604e2f7c34bf911c715a83c9711d000f Mon Sep 17 00:00:00 2001 From: crux-capacitor Date: Thu, 15 Nov 2018 08:39:07 -0500 Subject: [PATCH] Create pillar-with-views.example An example of the bind pillar that defines multiple views for internal and external record sets. This doesn't include the other portion of the pillar the defines the bind config - this is zones, views and ACLs only. The config portion is not affected by this. --- pillar-with-views.example | 89 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 pillar-with-views.example diff --git a/pillar-with-views.example b/pillar-with-views.example new file mode 100644 index 0000000..088454c --- /dev/null +++ b/pillar-with-views.example @@ -0,0 +1,89 @@ +bind: + configured_acls: # We have an internal ACL restricted to our + internal: # private IP ranges. + - 127.0.0.0/8 # In this case, an ACL for external isn't needed + - 10.0.0.0/8 # as that view will be matched by 'any'. + + # Notice that there is no 'configured_zones' at this indentation level. + # That is because the bind service forces all zones to be served via a view when you are using + # views. + + configured_views: + external: + match_clients: + - any # This will match anything, including the public internet. + configured_zones: + mydomain.com: # Notice that this value matches on both views. + type: master + file: external.mydomain.com.txt # Specify the file to be used, which must match the file + recursion: yes # name of the zone below under available_zones. + notify: False + dnssec: False + + internal: + match_clients: + - internal # This will match only our ACL named 'internal'. + configured_zones: + mydomain.com: # Same as above - both views will serve the same zone. + type: master + file: internal.mydomain.com.txt # Different file - matches the internal zone below. + recursion: yes + notify: False + dnssec: False + + available_zones: + external.mydomain.com: # Beginning of the external zone definition. + file: external.mydomain.com.txt # The file in which to save this zone's record set - matches the file + # specified in the 'external' view. + + soa: # Declare the SOA RRs for the zone + ns: ns1.external.mydomain.com # Required + contact: hostmaster@mydomain.com # Required + serial: auto # Alternatively, autoupdate serial on each change + class: IN # Optional. Default: IN + refresh: 8600 # Optional. Default: 12h + retry: 900 # Optional. Default: 15m + expiry: 86000 # Optional. Default: 2w + nxdomain: 500 # Optional. Default: 1m + ttl: 8600 # Optional. Not set by default + records: # Records for the zone, grouped by type + A: + portal: 50.60.70.80 + gateway: 50.60.70.81 + directory: 50.60.70.82 + ns1: 50.60.70.83 + www: 50.60.70.84 + NS: + '@': + - ns1 + CNAME: + login: portal.mydomain.com. + dashboard: www.mydomain.com. + + internal.mydomain.com: # Beginning of the internal zone definition. + file: internal.mydomain.com.txt # The file in which to save this zone's record set - matches the file + # specified in the 'internal' view. + + soa: # Declare the SOA RRs for the zone + ns: ns1.mydomain.com # Required + contact: hostmaster@mydomain.com # Required + serial: auto # Alternatively, autoupdate serial on each change + class: IN # Optional. Default: IN + refresh: 8600 # Optional. Default: 12h + retry: 900 # Optional. Default: 15m + expiry: 86000 # Optional. Default: 2w + nxdomain: 500 # Optional. Default: 1m + ttl: 8600 # Optional. Not set by default + records: # Records for the zone, grouped by type + A: + portal: 10.0.0.10 + gateway: 10.0.0.11 + directory: 10.0.0.12 + ns1: 10.0.0.13 + www: 10.0.0.14 + NS: + '@': + - ns1 + CNAME: + login: portal.mydomain.com. + dashboard: www.mydomain.com.