move the server: block of nsd.conf out of the management daemon and into the setup scripts
This commit is contained in:
Joshua Tauberer
parent
a07de38e80
commit
8886c9b6bc
|
|
@ -432,26 +432,10 @@ $TTL 1800 ; default time to live
|
|||
########################################################################
|
||||
|
||||
def write_nsd_conf(zonefiles, additional_records, env):
|
||||
# Basic header.
|
||||
nsdconf = """
|
||||
server:
|
||||
hide-version: yes
|
||||
|
||||
# identify the server (CH TXT ID.SERVER entry).
|
||||
identity: ""
|
||||
|
||||
# The directory for zonefile: files.
|
||||
zonesdir: "/etc/nsd/zones"
|
||||
"""
|
||||
# Write the list of zones to a configuration file.
|
||||
nsd_conf_file = "/etc/nsd/zones.conf"
|
||||
nsdconf = ""
|
||||
|
||||
# Since we have bind9 listening on localhost for locally-generated
|
||||
# DNS queries that require a recursive nameserver, and the system
|
||||
# might have other network interfaces for e.g. tunnelling, we have
|
||||
# to be specific about the network interfaces that nsd binds to.
|
||||
for ipaddr in (env.get("PRIVATE_IP", "") + " " + env.get("PRIVATE_IPV6", "")).split(" "):
|
||||
if ipaddr == "": continue
|
||||
nsdconf += " ip-address: %s\n" % ipaddr
|
||||
|
||||
# Append the zones.
|
||||
for domain, zonefile in zonefiles:
|
||||
nsdconf += """
|
||||
|
|
@ -472,16 +456,17 @@ zone:
|
|||
provide-xfr: %s NOKEY
|
||||
""" % (ipaddr, ipaddr)
|
||||
|
||||
|
||||
# Check if the nsd.conf is changing. If it isn't changing,
|
||||
# Check if the file is changing. If it isn't changing,
|
||||
# return False to flag that no change was made.
|
||||
with open("/etc/nsd/nsd.conf") as f:
|
||||
if f.read() == nsdconf:
|
||||
return False
|
||||
if os.path.exists(nsd_conf_file):
|
||||
with open(nsd_conf_file) as f:
|
||||
if f.read() == nsdconf:
|
||||
return False
|
||||
|
||||
with open("/etc/nsd/nsd.conf", "w") as f:
|
||||
# Write out new contents and return True to signal that
|
||||
# configuration changed.
|
||||
with open(nsd_conf_file, "w") as f:
|
||||
f.write(nsdconf)
|
||||
|
||||
return True
|
||||
|
||||
########################################################################
|
||||
|
|
|
|||
22
setup/dns.sh
22
setup/dns.sh
|
|
@ -22,6 +22,28 @@ apt_install nsd ldnsutils openssh-client
|
|||
|
||||
mkdir -p /var/run/nsd
|
||||
|
||||
cat > /etc/nsd/nsd.conf << EOF;
|
||||
# No not edit. Overwritten by Mail-in-a-Box setup.
|
||||
server:
|
||||
hide-version: yes
|
||||
|
||||
# identify the server (CH TXT ID.SERVER entry).
|
||||
identity: ""
|
||||
|
||||
# The directory for zonefile: files.
|
||||
zonesdir: "/etc/nsd/zones"
|
||||
EOF
|
||||
|
||||
# Since we have bind9 listening on localhost for locally-generated
|
||||
# DNS queries that require a recursive nameserver, and the system
|
||||
# might have other network interfaces for e.g. tunnelling, we have
|
||||
# to be specific about the network interfaces that nsd binds to.
|
||||
for ip in $PRIVATE_IP $PRIVATE_IPV6; do
|
||||
echo " ip-address: $ip" >> /etc/nsd/nsd.conf;
|
||||
done
|
||||
|
||||
echo "include: /etc/nsd/zones.conf" >> /etc/nsd/nsd.conf;
|
||||
|
||||
# Create DNSSEC signing keys.
|
||||
|
||||
mkdir -p "$STORAGE_ROOT/dns/dnssec";
|
||||
|
|
|
|||
Loading…
Reference in New Issue