Gitiles
Code Review Sign In
gerrit.opencord.org / platform-install / 6dc2d45df20b38d6d1b2f3022ebcc0bc2ce6e97f^! / . / roles / dns-unbound / templates / unbound.conf.j2
commit6dc2d45df20b38d6d1b2f3022ebcc0bc2ce6e97f[log] [tgz]
authorZack Williams <zdw@opennetworking.org>Wed Dec 20 17:50:49 2017 -0700
committerZack Williams <zdw@opennetworking.org>Fri Dec 22 16:50:39 2017 +0000
tree0442ca579765a28a61a5078b099f4dd2b5533a00
parentf196d0c7f4a2f295c2785f5b60aad87a8a7a3537 [diff] [blame]
[CORD-2270]
Support head node on Ubuntu 16.04 (Xenial)

Change-Id: Ic13ea784b8fa55a481f08d21f5187fd37d13499c

diff --git a/roles/dns-unbound/templates/unbound.conf.j2 b/roles/dns-unbound/templates/unbound.conf.j2
index 59c44e9..121a706 100644
--- a/roles/dns-unbound/templates/unbound.conf.j2
+++ b/roles/dns-unbound/templates/unbound.conf.j2

@@ -1,4 +1,4 @@
-
+# created by dns-unbound/templates/unbound.conf.j2
 {#
 Copyright 2017-present Open Networking Foundation
 
@@ -15,21 +15,21 @@
 limitations under the License.
 #}
 
-
-# unbound.conf (configured by Ansible)
-
 server:
 {% if unbound_listen_on_default %}
-  interface: {{ ansible_default_ipv4.address }}  
+  # created by unbound_listen_on_default
+  interface: {{ ansible_default_ipv4.address }}
 {% endif %}
-{% if unbound_interfaces is defined %}
-{% for cidr_ipv4 in unbound_interfaces %}
-  interface: {{ cidr_ipv4 | ipaddr('address') }}
+{% if unbound_listen_zones %}
+{% for zone in nsd_zones %}
+  # created by nsd_zones: {{ zone.name }}
+  interface: {{ zone.cidr | ipaddr('1') | ipaddr('address') }}
 {% endfor %}
 {% endif %}
   verbosity: 1
   port: 53
   do-ip4: yes
+  do-ip6: no
   do-udp: yes
   do-tcp: yes
 
@@ -41,36 +41,29 @@
   access-control: 0.0.0.0/0 allow
 {% endif %}
 
-{% if unbound_listen_on_default %}
-  # allow from default interfaces
-  access-control: {{ ansible_default_ipv4.address }}/{{ (ansible_default_ipv4.address ~ "/" ~ ansible_default_ipv4.netmask) | ipaddr('prefix') }} allow
-{% endif %}
-
-{% if unbound_interfaces is defined %}
-  # allow from local networks
-{% for cidr_ipv4 in unbound_interfaces %}
-  access-control: {{ cidr_ipv4 | ipaddr('0') }} allow
+{% if nsd_zones %}
+  # allow from networks defined in zones
+{% for zone in nsd_zones %}
+  access-control: {{ zone.cidr | ipaddr('0') }} allow
 {% endfor %}
-{% endif %}
 
-{% if nsd_zones is defined %}
 # allow unbound to query localhost, where nsd is listening
 do-not-query-localhost: no
 
 # allow reverse queries for RFC1918 addresses
 {% for zone in nsd_zones %}
-local-zone: "{{ zone.name_reverse_unbound }}." nodefault
+local-zone: "{{ zone.cidr | unbound_revdns }}" nodefault
 {% endfor %}
 
 # stub-zones zones that nsd is serving
 {% for zone in nsd_zones %}
 stub-zone:
   name: "{{ zone.name }}"
-  stub-addr: {{ nsd_ip | default("127.0.0.1") }}
+  stub-addr: {{ nsd_ip }}
 
 stub-zone:
-  name: "{{ zone.name_reverse_unbound }}."
-  stub-addr: {{ nsd_ip | default("127.0.0.1") }}
+  name: "{{ zone.cidr | unbound_revdns }}"
+  stub-addr: {{ nsd_ip }}
 
 {% endfor %}
 {% endif %}