dns: a function to give thw whitelist for the cache networks
This commit is contained in:
parent
126db6e3cb
commit
e47f2c85f2
1 changed files with 8 additions and 71 deletions
|
@ -5,6 +5,7 @@ let
|
||||||
# reads that date to a string (will need to be fixed in 2038)
|
# reads that date to a string (will need to be fixed in 2038)
|
||||||
current_date = toString builtins.currentTime;
|
current_date = toString builtins.currentTime;
|
||||||
|
|
||||||
|
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
|
||||||
get_config_file = (domain:
|
get_config_file = (domain:
|
||||||
''
|
''
|
||||||
$TTL 60 ; 1 minute
|
$TTL 60 ; 1 minute
|
||||||
|
@ -56,6 +57,7 @@ let
|
||||||
|
|
||||||
|
|
||||||
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
|
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
|
||||||
|
# config for our reverse dnspointers (not properly working)
|
||||||
get_config_file_rev = (domain:
|
get_config_file_rev = (domain:
|
||||||
''
|
''
|
||||||
$ORIGIN 99.1.193.in-addr.arpa.
|
$ORIGIN 99.1.193.in-addr.arpa.
|
||||||
|
@ -77,6 +79,7 @@ let
|
||||||
''
|
''
|
||||||
);
|
);
|
||||||
|
|
||||||
|
# domains we dont have proper ownship over, only here to ensure the logs dont get cluttered.
|
||||||
get_config_file_old_domains = (domain:
|
get_config_file_old_domains = (domain:
|
||||||
''
|
''
|
||||||
$TTL 60 ; 1 minute
|
$TTL 60 ; 1 minute
|
||||||
|
@ -119,6 +122,8 @@ let
|
||||||
[]
|
[]
|
||||||
);
|
);
|
||||||
|
|
||||||
|
# small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router
|
||||||
|
create_cache_networks = (map (x: "193.1.99.${toString x}/32" ) (lib.lists.range 71 126) );
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
|
@ -256,78 +261,10 @@ in {
|
||||||
|
|
||||||
So to fix this we need to allow smaller ranges? - Didnt work
|
So to fix this we need to allow smaller ranges? - Didnt work
|
||||||
Fallback is explisitly listing each ip we have
|
Fallback is explisitly listing each ip we have
|
||||||
|
|
||||||
|
Now have a function for it
|
||||||
*/
|
*/
|
||||||
|
] ++ create_cache_networks;
|
||||||
"193.1.99.71/32"
|
|
||||||
"193.1.99.72/32"
|
|
||||||
"193.1.99.73/32"
|
|
||||||
"193.1.99.71/32"
|
|
||||||
"193.1.99.74/32"
|
|
||||||
"193.1.99.75/32"
|
|
||||||
"193.1.99.76/32"
|
|
||||||
"193.1.99.77/32"
|
|
||||||
"193.1.99.78/32"
|
|
||||||
"193.1.99.79/32"
|
|
||||||
|
|
||||||
"193.1.99.80/32"
|
|
||||||
"193.1.99.81/32"
|
|
||||||
"193.1.99.82/32"
|
|
||||||
"193.1.99.83/32"
|
|
||||||
"193.1.99.81/32"
|
|
||||||
"193.1.99.84/32"
|
|
||||||
"193.1.99.85/32"
|
|
||||||
"193.1.99.86/32"
|
|
||||||
"193.1.99.87/32"
|
|
||||||
"193.1.99.88/32"
|
|
||||||
"193.1.99.89/32"
|
|
||||||
|
|
||||||
"193.1.99.90/32"
|
|
||||||
"193.1.99.91/32"
|
|
||||||
"193.1.99.92/32"
|
|
||||||
"193.1.99.93/32"
|
|
||||||
"193.1.99.91/32"
|
|
||||||
"193.1.99.94/32"
|
|
||||||
"193.1.99.95/32"
|
|
||||||
"193.1.99.96/32"
|
|
||||||
"193.1.99.97/32"
|
|
||||||
"193.1.99.98/32"
|
|
||||||
"193.1.99.99/32"
|
|
||||||
|
|
||||||
|
|
||||||
"193.1.99.100/32"
|
|
||||||
"193.1.99.101/32"
|
|
||||||
"193.1.99.102/32"
|
|
||||||
"193.1.99.103/32"
|
|
||||||
"193.1.99.101/32"
|
|
||||||
"193.1.99.104/32"
|
|
||||||
"193.1.99.105/32"
|
|
||||||
"193.1.99.106/32"
|
|
||||||
"193.1.99.107/32"
|
|
||||||
"193.1.99.108/32"
|
|
||||||
"193.1.99.109/32"
|
|
||||||
|
|
||||||
"193.1.99.110/32"
|
|
||||||
"193.1.99.111/32"
|
|
||||||
"193.1.99.112/32"
|
|
||||||
"193.1.99.113/32"
|
|
||||||
"193.1.99.111/32"
|
|
||||||
"193.1.99.114/32"
|
|
||||||
"193.1.99.115/32"
|
|
||||||
"193.1.99.116/32"
|
|
||||||
"193.1.99.117/32"
|
|
||||||
"193.1.99.118/32"
|
|
||||||
"193.1.99.119/32"
|
|
||||||
|
|
||||||
"193.1.99.120/32"
|
|
||||||
"193.1.99.121/32"
|
|
||||||
"193.1.99.122/32"
|
|
||||||
"193.1.99.123/32"
|
|
||||||
"193.1.99.121/32"
|
|
||||||
"193.1.99.124/32"
|
|
||||||
"193.1.99.125/32"
|
|
||||||
"193.1.99.126/32"
|
|
||||||
|
|
||||||
];
|
|
||||||
|
|
||||||
zones = {
|
zones = {
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in a new issue