T12537: Migrate to BIND

Companion for miraheze/puppet#3914. Do not merge one without the other!!
miraheze · Sep 6, 2024 · 6035a07 · 6035a07
1 parent a562763
commit 6035a07
Show file tree

Hide file tree

Showing 200 changed files with 267 additions and 334 deletions.
diff --git a/admin_state b/admin_state
diff --git a/config b/config
diff --git a/named.conf b/named.conf
@@ -0,0 +1,9 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in zones.rfc1918
+
+include "/etc/bind/named.conf.local";
diff --git a/named.conf.local b/named.conf.local
@@ -0,0 +1,40 @@
+//
+// Do any local configuration here
+//
+
+// Use the zones.rfc1918 file for adding zones
+include "/etc/bind/zones.rfc1918";
+
+// this options block and the following logging block are based on the ones at https://bind9.readthedocs.io/en/latest/chapter3.html#primary-authoritative-name-server
+options {
+  // all relative paths use this directory as a base
+  directory "/var";
+  // version statement for security to avoid hacking known weaknesses
+  // if the real version number is revealed
+  version "not currently available";
+  // This is the default - allows user queries from any IP
+  allow-query { any; };
+  // normal server operations may place items in the cache
+  // this prevents any user query from accessing these items
+  // only authoritative zone data will be returned
+  allow-query-cache { none; };
+  // Do not provide recursive service to user queries
+  recursion no;
+};
+
+// logging clause
+// log to /var/log/named/named.log all events from info UP in severity (no debug)
+// uses 3 files in rotation swaps files when size reaches 250K
+// failure messages that occur before logging is established are
+// in syslog (/var/log/messages)
+//
+logging {
+  channel default_log {
+    file "/var/log/named/named.log" versions 3 size 250k;
+    // only log info and up messages - all others discarded
+    severity info;
+  };
+  category default {
+    default_log;
+  };
+};
diff --git a/zones.rfc1918 b/zones.rfc1918
@@ -0,0 +1,8 @@
+/*
+ * How to add new zones:
+ * 1. Create a zonefile for it with all the records you want in `/zones/`.
+ * 2. Add a zone block for it here, like so:
+ *  zone "miraheze.org" { type master; file "/etc/bind/zones/miraheze.org"; };
+ * 3. Commit and push.
+ * We don't use zone transfers because Puppet will already download the zonefile to all nameservers; they can both think they're masters, no problem.
+ */
diff --git a/zones/agesofconflict.wiki b/zones/agesofconflict.wiki
@@ -10,7 +10,7 @@ $ORIGIN agesofconflict.wiki.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/allthetropes.org b/zones/allthetropes.org
@@ -10,7 +10,7 @@ $ORIGIN allthetropes.org.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/annapolishistorywiki.org b/zones/annapolishistorywiki.org
@@ -10,7 +10,7 @@ $ORIGIN annapolishistorywiki.org.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/antiguabarbudacalypso.com b/zones/antiguabarbudacalypso.com
@@ -10,7 +10,7 @@ $ORIGIN antiguabarbudacalypso.com.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/apeirology.com b/zones/apeirology.com
@@ -10,7 +10,7 @@ $ORIGIN apeirology.com.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/archivesofhavnor.org b/zones/archivesofhavnor.org
@@ -10,7 +10,7 @@ $ORIGIN archivesofhavnor.org.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/aryavartpedia.online b/zones/aryavartpedia.online
@@ -10,7 +10,7 @@ $ORIGIN aryavartpedia.online.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/aryavratpedia.co b/zones/aryavratpedia.co
@@ -10,7 +10,7 @@ $ORIGIN aryavratpedia.co.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/avas.wiki b/zones/avas.wiki
@@ -10,7 +10,7 @@ $ORIGIN avas.wiki.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/baharna.org b/zones/baharna.org
@@ -10,7 +10,7 @@ $ORIGIN baharna.org.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/baligawiki.org b/zones/baligawiki.org
@@ -10,7 +10,7 @@ $ORIGIN baligawiki.org.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/baubles.me b/zones/baubles.me
@@ -10,7 +10,7 @@ $ORIGIN baubles.me.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/bebaskanpengetahuan.id b/zones/bebaskanpengetahuan.id
@@ -10,7 +10,7 @@ $ORIGIN bebaskanpengetahuan.id.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/beidipedia.com b/zones/beidipedia.com
@@ -10,7 +10,7 @@ $ORIGIN beidipedia.com.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/beyondtheveilrp.com b/zones/beyondtheveilrp.com
@@ -10,7 +10,7 @@ $ORIGIN beyondtheveilrp.com.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/bobobay.wiki b/zones/bobobay.wiki
@@ -10,7 +10,7 @@ $ORIGIN bobobay.wiki.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/bonesword.wiki b/zones/bonesword.wiki
@@ -10,7 +10,7 @@ $ORIGIN bonesword.wiki.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/bristolstudenthousingcoop.org b/zones/bristolstudenthousingcoop.org
@@ -10,7 +10,7 @@ $ORIGIN bristolstudenthousingcoop.org.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/buildabearwiki.info b/zones/buildabearwiki.info
@@ -10,7 +10,7 @@ $ORIGIN buildabearwiki.info.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/burnout.wiki b/zones/burnout.wiki
@@ -10,7 +10,7 @@ $ORIGIN burnout.wiki.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/cheeseepedia.org b/zones/cheeseepedia.org
@@ -10,7 +10,7 @@ $ORIGIN cheeseepedia.org.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/christipedia.nl b/zones/christipedia.nl
@@ -10,7 +10,7 @@ $ORIGIN christipedia.nl.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.

diff --git a/zones/civwiki.org b/zones/civwiki.org
@@ -10,7 +10,7 @@ $ORIGIN civwiki.org.
 )
 
 ; Wildcard services
-@		DYNA	geoip!cp
+@		HTTPS	0	cf-lb.miraheze.org.
 
 ; Name servers
 @		NS	ns1.wikitide.net.