diff --git a/infra/ansible/roles/knot_recursive/templates/kresd.conf.j2 b/infra/ansible/roles/knot_recursive/templates/kresd.conf.j2 index ad35231..780196f 100644 --- a/infra/ansible/roles/knot_recursive/templates/kresd.conf.j2 +++ b/infra/ansible/roles/knot_recursive/templates/kresd.conf.j2 @@ -14,9 +14,13 @@ net.listen('{{ EXTERNAL_LISTEN_IP }}', 53, { kind = 'dns' }) net.listen('{{ EXTERNAL_LISTEN_IP }}', 443, { kind = 'doh2' }) {% endif %} +-- No ipv6 +net.ipv6 = false + {% if EXTERNAL_OUTGOING_IP != "" %} -- EXTERNAL_OUTGOING_IP -net.outgoing_v4('{{ EXTERNAL_OUTGOING_IP }}') +-- Not until things are sorted out with the delegated subdomains, but keep the IPs +--net.outgoing_v4('{{ EXTERNAL_OUTGOING_IP }}') {% endif %} -- Load useful modules @@ -36,6 +40,31 @@ nsid.name('{{ SERVER_HOSTNAME }}') net.tls("/etc/knot-resolver/server-cert.pem", "/etc/knot-resolver/server-key.pem") {% endif %} +-- Subdomains delegated outside of "this" server from within the mesh +view:addr('10.0.0.0/8', policy.suffix(policy.STUB('10.70.90.174'), policy.todnames({'em.mesh.', 'em.mesh.nycmesh.net.'}))) +view:addr('23.158.16.0/24', policy.suffix(policy.STUB('10.70.90.174'), policy.todnames({'em.mesh.', 'em.mesh.nycmesh.net.'}))) +view:addr('199.167.59.0/24', policy.suffix(policy.STUB('10.70.90.174'), policy.todnames({'em.mesh.', 'em.mesh.nycmesh.net.'}))) +view:addr('199.170.132.0/24', policy.suffix(policy.STUB('10.70.90.174'), policy.todnames({'em.mesh.', 'em.mesh.nycmesh.net.'}))) +view:addr('208.68.5.0/24', policy.suffix(policy.STUB('10.70.90.174'), policy.todnames({'em.mesh.', 'em.mesh.nycmesh.net.'}))) + +view:addr('10.0.0.0/8', policy.suffix(policy.STUB('10.70.132.1'), policy.todnames({'zrg.mesh.', 'zrg.mesh.nycmesh.net.', 'n363.mesh.', 'n363.mesh.nycmesh.net.'}))) +view:addr('23.158.16.0/24', policy.suffix(policy.STUB('10.70.132.1'), policy.todnames({'zrg.mesh.', 'zrg.mesh.nycmesh.net.', 'n363.mesh.', 'n363.mesh.nycmesh.net.'}))) +view:addr('199.167.59.0/24', policy.suffix(policy.STUB('10.70.132.1'), policy.todnames({'zrg.mesh.', 'zrg.mesh.nycmesh.net.', 'n363.mesh.', 'n363.mesh.nycmesh.net.'}))) +view:addr('199.170.132.0/24', policy.suffix(policy.STUB('10.70.132.1'), policy.todnames({'zrg.mesh.', 'zrg.mesh.nycmesh.net.', 'n363.mesh.', 'n363.mesh.nycmesh.net.'}))) +view:addr('208.68.5.0/24', policy.suffix(policy.STUB('10.70.132.1'), policy.todnames({'zrg.mesh.', 'zrg.mesh.nycmesh.net.', 'n363.mesh.', 'n363.mesh.nycmesh.net.'}))) + +view:addr('10.0.0.0/8', policy.suffix(policy.STUB('199.170.132.101'), policy.todnames({'daniel.mesh.', 'daniel.mesh.nycmesh.net.'}))) +view:addr('23.158.16.0/24', policy.suffix(policy.STUB('199.170.132.101'), policy.todnames({'daniel.mesh.', 'daniel.mesh.nycmesh.net.'}))) +view:addr('199.167.59.0/24', policy.suffix(policy.STUB('199.170.132.101'), policy.todnames({'daniel.mesh.', 'daniel.mesh.nycmesh.net.'}))) +view:addr('199.170.132.0/24', policy.suffix(policy.STUB('199.170.132.101'), policy.todnames({'daniel.mesh.', 'daniel.mesh.nycmesh.net.'}))) +view:addr('208.68.5.0/24', policy.suffix(policy.STUB('199.170.132.101'), policy.todnames({'daniel.mesh.', 'daniel.mesh.nycmesh.net.'}))) + +view:addr('10.0.0.0/8', policy.suffix(policy.STUB('54.161.165.190'), policy.todnames({'andrew.mesh.', 'andrew.mesh.nycmesh.net.'}))) +view:addr('23.158.16.0/24', policy.suffix(policy.STUB('54.161.165.190'), policy.todnames({'andrew.mesh.', 'andrew.mesh.nycmesh.net.'}))) +view:addr('199.167.59.0/24', policy.suffix(policy.STUB('54.161.165.190'), policy.todnames({'andrew.mesh.', 'andrew.mesh.nycmesh.net.'}))) +view:addr('199.170.132.0/24', policy.suffix(policy.STUB('54.161.165.190'), policy.todnames({'andrew.mesh.', 'andrew.mesh.nycmesh.net.'}))) +view:addr('208.68.5.0/24', policy.suffix(policy.STUB('54.161.165.190'), policy.todnames({'andrew.mesh.', 'andrew.mesh.nycmesh.net.'}))) + -- Mesh from mesh view:addr('10.0.0.0/8', policy.suffix(policy.STUB('{{ MESH_STUB_RESOLVER }}'), policy.todnames({'mesh.', 'mesh.nycmesh.net.'}))) view:addr('23.158.16.0/24', policy.suffix(policy.STUB('{{ MESH_STUB_RESOLVER }}'), policy.todnames({'mesh.', 'mesh.nycmesh.net.'}))) diff --git a/infra/terraform/dev_jon.tfvars b/infra/terraform/dev_jon.tfvars index 6a281d6..ed2fd6c 100644 --- a/infra/terraform/dev_jon.tfvars +++ b/infra/terraform/dev_jon.tfvars @@ -35,4 +35,4 @@ recursive_cores = 4 recursive_sockets = 1 recursive_memory = 4096 enable_doh = "" -#mesh_stub_resolver = "23.158.16.23" +mesh_stub_resolver = "23.158.16.23" diff --git a/infra/terraform/prod_sn10.tfvars b/infra/terraform/prod_sn10.tfvars index 2f949df..72a8d3a 100644 --- a/infra/terraform/prod_sn10.tfvars +++ b/infra/terraform/prod_sn10.tfvars @@ -45,4 +45,4 @@ recursive_cores = 5 recursive_sockets = 1 recursive_memory = 4096 enable_doh = "enable" -#mesh_stub_resolver = "199.170.132.47" +mesh_stub_resolver = "199.170.132.47" diff --git a/infra/terraform/prod_sn3.tfvars b/infra/terraform/prod_sn3.tfvars index 954427f..7e4e048 100644 --- a/infra/terraform/prod_sn3.tfvars +++ b/infra/terraform/prod_sn3.tfvars @@ -45,4 +45,4 @@ recursive_cores = 5 recursive_sockets = 1 recursive_memory = 4096 enable_doh = "enable" -#mesh_stub_resolver = "23.158.16.23" +mesh_stub_resolver = "23.158.16.23"