Changeset 13696 in genesis


Ignore:
Timestamp:
Jan 14, 2017, 12:31:50 AM (8 years ago)
Author:
rick
Message:

Implement named replacement for FreeBSD 11.

Unbound via ports, configured to listen to only specific interfaces.
For security purposes do not listen to outside world.

Depending on it's location, making sure the forwarders are internal
or external.

Note: Dropping support for autoritive nameserver, this feature is not
required anymore since our network is running stable now.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • tools/gformat.py

    r13680 r13696  
    108108    'ntp.conf',
    109109    'pf.hybrid.conf.local',
     110    'unbound.wleiden.conf',
    110111    'wleiden.yaml',
    111112    ]
     
    729730
    730731
    731 def generate_rc_conf_local(datadump):
    732   """ Generate configuration file '/etc/rc.conf.local' """
    733   item = datadump['autogen_item']
    734   if rc_conf_local_cache.has_key(item):
    735     return rc_conf_local_cache[item]
    736 
    737   if not datadump.has_key('ileiden'):
    738     datadump['autogen_ileiden_enable'] = False
    739   else:
    740     datadump['autogen_ileiden_enable'] = datadump['ileiden']
    741 
    742   datadump['autogen_ileiden_enable'] = switchFormat(datadump['autogen_ileiden_enable'])
    743 
    744 
    745   for i in range(1,50):
    746     ileiden_proxies['172.31.254.%i' % i] = {'nodename' : 'unused'}
    747 
     732def create_proxies_list():
    748733  if not ileiden_proxies or not normal_proxies:
     734    for i in range(1,50):
     735      ileiden_proxies['172.31.254.%i' % i] = {'nodename' : 'unused'}
     736
    749737    for host in get_hostlist():
    750738      hostdump = get_yaml(host)
     
    755743          normal_proxies.append(hostdump)
    756744
     745
     746
     747def generate_rc_conf_local(datadump):
     748  """ Generate configuration file '/etc/rc.conf.local' """
     749  item = datadump['autogen_item']
     750  if rc_conf_local_cache.has_key(item):
     751    return rc_conf_local_cache[item]
     752
     753  if not datadump.has_key('ileiden'):
     754    datadump['autogen_ileiden_enable'] = False
     755  else:
     756    datadump['autogen_ileiden_enable'] = datadump['ileiden']
     757
     758  datadump['autogen_ileiden_enable'] = switchFormat(datadump['autogen_ileiden_enable'])
     759
     760  create_proxies_list()
    757761  datadump['autogen_ileiden_proxies'] = ileiden_proxies
    758762  datadump['autogen_normal_proxies'] = normal_proxies
     
    878882    dnsmasq_enable="NO"
    879883    named_enable="YES"
     884    unbound_enable="YES"
    880885    {% if autogen_dhcp_interfaces -%}
    881886    dhcpd_enable="YES"
     
    11491154rdr on $ext_if inet proto {{ protocol }} from any to $ext_if port {{ src_port }} tag SRV -> {{ dest_ip }} port {{ dest_port }}
    11501155{% endfor -%}
     1156""").render(datadump)
     1157
     1158def generate_unbound_wleiden_conf(datadump):
     1159  """ Generate configuration file '/usr/local/etc/unbound.wleiden.conf' """
     1160  datadump['autogen_header'] = generate_header(datadump, "#")
     1161
     1162  autogen_ips = []
     1163  (addrs_list, _, _, dhclient_if, _, extra_ouput) = make_interface_list(datadump)
     1164  for iface,addrs in sorted(addrs_list.iteritems()):
     1165    for addr, comment in sorted(addrs,key=lambda x: parseaddr(x[0].split('/')[0])):
     1166      if addr.startswith('172'):
     1167        autogen_ips.append((addr.split('/')[0], comment))
     1168  datadump['autogen_ips'] = autogen_ips
     1169
     1170  create_proxies_list()
     1171  datadump['autogen_ileiden_proxies'] = ileiden_proxies
     1172  return Template("""\
     1173{{ autogen_header }}
     1174
     1175server:
     1176{%- for ip,comment in autogen_ips %}
     1177    interface: {{ "%-16s"|format(ip) }} # {{ comment }}
     1178{%- endfor %}
     1179
     1180forward-zone:
     1181    name: '.'
     1182{%- if service_proxy_ileiden %}
     1183    forward-addr: 8.8.8.8        # Google DNS A
     1184    forward-addr: 8.8.4.4        # Google DNS B
     1185    forward-addr: 208.67.222.222 # OpenDNS DNS A
     1186    forward-addr: 208.67.220.220 # OpenDNS DNS B
     1187{% else -%}
     1188{% for serviceid,item in autogen_ileiden_proxies.iteritems() %}
     1189    forward-addr: {{ "%-16s"|format(serviceid) }} # {{ item.nodename }}
     1190{%- endfor %}
     1191{% endif -%}
    11511192""").render(datadump)
    11521193
     
    13451386    elif config == 'pf.hybrid.conf.local':
    13461387      output += generate_pf_hybrid_conf_local(datadump)
     1388    elif config == 'unbound.wleiden.conf':
     1389      output += generate_unbound_wleiden_conf(datadump)
    13471390    elif config.startswith('vr'):
    13481391      interface, ns_type = config.strip('.yaml').split('-')
Note: See TracChangeset for help on using the changeset viewer.