use real event ip space
This commit is contained in:
parent
ed99a3710e
commit
712f0f4a17
SSH key fingerprint:
SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
15 changed files with 222 additions and 167 deletions
|
|
@ -1,4 +1,5 @@
|
|||
-- ref: https://www.knot-resolver.cz/documentation/stable/config-overview.html
|
||||
log_level("info")
|
||||
|
||||
-- load non-default modules
|
||||
modules.load("view")
|
||||
|
|
@ -8,11 +9,11 @@ modules.load("prefill")
|
|||
ehDomains = policy.todnames({'noc.eh22.intern'})
|
||||
|
||||
-- for the mgmt-network, forward ehDomains to our authorative server
|
||||
view:addr('10.20.25.0/24', policy.suffix(policy.FLAGS({'NO_CACHE'}), ehDomains))
|
||||
view:addr('10.20.25.0/24', policy.suffix(policy.STUB({'10.20.25.3'}), ehDomains))
|
||||
view:addr('94.45.255.0/24', policy.suffix(policy.FLAGS({'NO_CACHE'}), ehDomains))
|
||||
view:addr('94.45.255.0/24', policy.suffix(policy.STUB({'94.45.255.3'}), ehDomains))
|
||||
|
||||
-- allow resolution from our internal network
|
||||
view:addr('10.20.25.0/24', policy.all(policy.PASS))
|
||||
-- allow resolution from the event net
|
||||
view:addr('94.45.224.0/19', policy.all(policy.PASS))
|
||||
|
||||
-- precache the root zone to reduce traffic load to it
|
||||
prefill.config({
|
||||
|
|
|
|||
|
|
@ -17,29 +17,7 @@ in
|
|||
{
|
||||
imports = [ ];
|
||||
|
||||
# configure static IP address
|
||||
networking.useDHCP = false;
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
links = {
|
||||
"10-ethMgmt" = renameLink "BC:24:11:61:E3:D9" "ethMgmt";
|
||||
"10-ethPubUser" = renameLink "BC:24:11:AD:52:B1" "ethPubUsr";
|
||||
};
|
||||
networks = {
|
||||
"10-mgmtNet" = {
|
||||
matchConfig.Name = "ethMgmt";
|
||||
address = [ "10.20.25.5/24" ];
|
||||
gateway = [ "10.20.25.2" ];
|
||||
};
|
||||
"10-pubUsr" = {
|
||||
matchConfig.Name = "ethPubUsr";
|
||||
address = [ "10.0.0.2/24" ];
|
||||
gateway = [ "10.0.0.1" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# configure remaining network to work
|
||||
# configure network for dns server
|
||||
services.resolved.enable = false;
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 53 ];
|
||||
|
|
@ -47,7 +25,7 @@ in
|
|||
};
|
||||
environment.etc."resolv.conf".text = ''
|
||||
search noc.eh22.intern eh22.intern
|
||||
nameserver 10.20.25.5
|
||||
nameserver 94.45.254.2
|
||||
'';
|
||||
|
||||
# enable knot resolv server
|
||||
|
|
@ -55,7 +33,7 @@ in
|
|||
# https://www.knot-resolver.cz/documentation/stable/
|
||||
services.kresd = {
|
||||
enable = true;
|
||||
instances = 4;
|
||||
instances = 1;
|
||||
listenPlain = [ "53" ];
|
||||
extraConfig = builtins.readFile ./kresd-config.lua;
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue