diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-05-28 16:31:59 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-05-28 16:31:59 +0200 |
| commit | dcfb256f7f9b1f371c8010636cab8311aec244a0 (patch) | |
| tree | e958e058334ba097a291256d56aef47121c83360 | |
| parent | chaos-at-home.org-ap: disable client steering for now (diff) | |
drop .zip and .mov TLDs
| -rw-r--r-- | inventory/host_vars/ch-mimas.yml | 5 | ||||
| -rw-r--r-- | inventory/host_vars/ch-pan.yml | 5 | ||||
| -rw-r--r-- | roles/network/bind/defaults/main.yml | 6 | ||||
| -rw-r--r-- | roles/network/bind/tasks/main.yml | 23 |
4 files changed, 21 insertions, 18 deletions
diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml index 2aa8e522..fc3e6aae 100644 --- a/inventory/host_vars/ch-mimas.yml +++ b/inventory/host_vars/ch-mimas.yml @@ -82,7 +82,10 @@ bind_stats_channels: allow: - 127.0.0.1 -bind_empty_onion_zone: yes +bind_zone_blacklist: + - onion + - zip + - mov bind_slave_zones: pan: masters: diff --git a/inventory/host_vars/ch-pan.yml b/inventory/host_vars/ch-pan.yml index c6459315..fc87f374 100644 --- a/inventory/host_vars/ch-pan.yml +++ b/inventory/host_vars/ch-pan.yml @@ -112,7 +112,10 @@ bind_stats_channels: allow: - 127.0.0.1 -bind_empty_onion_zone: yes +bind_zone_blacklist: + - onion + - zip + - mov bind_master_zones: chaos-at-home.org: diff --git a/roles/network/bind/defaults/main.yml b/roles/network/bind/defaults/main.yml index 7ed9521b..89f7ff58 100644 --- a/roles/network/bind/defaults/main.yml +++ b/roles/network/bind/defaults/main.yml @@ -19,7 +19,11 @@ ## zone configs -bind_empty_onion_zone: no +bind_zone_blacklist: [] +# bind_zone_blacklist: +# - onion +# - zip +# - mov # bind_master_zones: # example.com: diff --git a/roles/network/bind/tasks/main.yml b/roles/network/bind/tasks/main.yml index 49898162..34e417db 100644 --- a/roles/network/bind/tasks/main.yml +++ b/roles/network/bind/tasks/main.yml @@ -60,32 +60,25 @@ notify: reload bind -- name: add empty .onion zone - when: bind_empty_onion_zone +- name: add zone blacklist config copy: - dest: /etc/bind/named.conf.onion + dest: "/etc/bind/named.conf.blacklist" content: | - // block .onion addresses - zone "onion" { + {% for zone in bind_zone_blacklist %} + zone "{{ zone }}" { type master; file "/etc/bind/db.empty"; zone-statistics no; notify no; }; + {% endfor %} notify: reload bind -- name: remove empty .onion zone - when: not bind_empty_onion_zone - file: - path: /etc/bind/named.conf.onion - state: absent - notify: reload bind - -- name: enable/disable empty .onion zone +- name: enable zone backlist lineinfile: path: /etc/bind/named.conf - line: 'include "/etc/bind/named.conf.onion";' - state: "{{ bind_empty_onion_zone is defined | ternary('present', 'absent') }}" + line: 'include "/etc/bind/named.conf.blacklist";' + state: present notify: reload bind |