Mercurial > code > home > repos > infra
changeset 70:136d86d06ce6
dns improvements
| author | drewp@bigasterisk.com |
|---|---|
| date | Sat, 11 Jun 2022 22:53:23 -0700 |
| parents | 659e4b228909 |
| children | 52156d3898c5 |
| files | dns.py dns_check.py templates/dnsmasq/dnsmasq.conf.j2 templates/dnsmasq/dnsmasq.service.j2 templates/dnsmasq/hosts.j2 templates/kube/coredns.yaml templates/resolv.conf.j2 |
| diffstat | 7 files changed, 57 insertions(+), 19 deletions(-) [+] |
line wrap: on
line diff
--- a/dns.py Sat Jun 11 22:51:20 2022 -0700 +++ b/dns.py Sat Jun 11 22:53:23 2022 -0700 @@ -28,6 +28,17 @@ return dhcp_hosts +#files.link('/etc/resolv.conf', '/run/systemd/resolve/stub-resolv.conf') + +# files.file(path='/etc/resolv.conf', present=False) +# files.link(path='/etc/resolv.conf', present=False) # bug +# server.shell(["rm -f /etc/resolv.conf"]) # broken fix +files.template(src='templates/resolv.conf.j2', + dest='/etc/resolv.conf', + # review this- it's probably a bad dep on bang. maybe both 10.5.0.1 and a public ns would be ok + ns='10.5.0.1' if host.name in ['prime', 'plus'] else '10.2.0.1', + force=True) + if host.name == 'bang': apt.packages(packages=['dnsmasq']) systemd.service(service='dnsmasq', enabled=False, running=False) @@ -46,18 +57,14 @@ net=net_name) systemd.service(service=f'dnsmasq_{net_name}', enabled=True, restarted=True, daemon_reload=True) - files.link('/etc/resolv.conf', '/run/systemd/resolve/stub-resolv.conf') - if host.name in [ 'garage', 'dash', 'slash', 'frontbed', 'prime', + 'pipe' ]: files.template(src='templates/hosts.j2', dest='/etc/hosts') - - files.link(path='/etc/resolv.conf', target='/run/systemd/resolve/resolv.conf') files.template(src='templates/resolved.conf.j2', dest='/etc/systemd/resolved.conf') - systemd.service(service='systemd-resolved.service', running=True, restarted=True)
--- a/dns_check.py Sat Jun 11 22:51:20 2022 -0700 +++ b/dns_check.py Sat Jun 11 22:53:23 2022 -0700 @@ -47,7 +47,7 @@ check('slash', '10.5.0.6') else: check('bang', '10.2.0.1') - check('slash', '10.2.0.201') + check('slash', '10.2.0.127') check('bang5', '10.5.0.1') check('prime', '10.5.0.2')
--- a/templates/dnsmasq/dnsmasq.conf.j2 Sat Jun 11 22:51:20 2022 -0700 +++ b/templates/dnsmasq/dnsmasq.conf.j2 Sat Jun 11 22:53:23 2022 -0700 @@ -10,12 +10,6 @@ domain-needed no-resolv -# i didn't say --all-servers, but it was behaving like that -server=208.201.224.11 -#server=208.201.224.33 -#server=8.8.4.4 -#server=8.8.8.8 -local=/bigasterisk.com/ no-hosts addn-hosts=/opt/dnsmasq/{{ net }}/hosts local-ttl=30 @@ -24,8 +18,10 @@ neg-ttl=60 dns-forward-max=1000 domain=bigasterisk.com +# log-queries +# log-debug +log-dhcp -log-dhcp dhcp-sequential-ip {% if net == "10.2" %} @@ -38,6 +34,17 @@ dhcp-range=tag:!known,ens5,10.2.0.125,10.2.0.220,24h dhcp-option=ens5,option:dns-server,10.2.0.1 dhcp-option=ens5,option:router,10.2.0.1 + +local=/bigasterisk.com/ +# i didn't say --all-servers, but it was behaving like that +server=208.201.224.11 +#server=208.201.224.33 +#server=8.8.4.4 +#server=8.8.8.8 {% endif %} +{% if net == "10.5" %} # net==10.5 is not used for dhcp at all +# use ./hosts, then try the server that knows the dhcp leases +server=10.2.0.1 +{% endif %}
--- a/templates/dnsmasq/dnsmasq.service.j2 Sat Jun 11 22:51:20 2022 -0700 +++ b/templates/dnsmasq/dnsmasq.service.j2 Sat Jun 11 22:53:23 2022 -0700 @@ -7,6 +7,17 @@ Before=nss-lookup.target After=network.target +# startup order has to be like this: +# dnsmasq_10.2 +# wg-quick@wg0.service +# dnsmasq_10.5 +{% if net == '10.2' %} +#Before=wg-quick@wg0.service +{% endif %} +{% if net == '10.5' %} +Requires=wg-quick@wg0.service +{% endif %} + [Service] Type=simple
--- a/templates/dnsmasq/hosts.j2 Sat Jun 11 22:51:20 2022 -0700 +++ b/templates/dnsmasq/hosts.j2 Sat Jun 11 22:53:23 2022 -0700 @@ -8,6 +8,8 @@ # sync with /my/proj/infra/inventory.py +# and with templates/wireguard/wg0.conf.j2 +# Hosts with fixed wg0 addresses: 10.5.0.1 bang5.bigasterisk.com local.bigasterisk.com 10.5.0.2 prime5.bigasterisk.com prime.bigasterisk.com 10.5.0.5 dash5.bigasterisk.com @@ -16,11 +18,17 @@ 10.5.0.17 frontbed5.bigasterisk.com 10.5.0.30 dot5.bigasterisk.com 10.5.0.110 plus5.bigasterisk.com -10.5.0.113 drew-note5.bigasterisk.com +10.5.0.112 drew-note5.bigasterisk.com + +{% if net == '10.2' %} +# Hosts with fixed addrs who don't introduce via dhcp: +# 162.243.138.136 prime.bigasterisk.com +10.2.0.3 pipe pipe.bigasterisk.com +{% endif %} {% if net == '10.5' %} +# Names that should be routed on wg0 when the DNS lookup is on wg0: 10.5.0.1 bang.bigasterisk.com -10.5.0.2 prime.bigasterisk.com 10.5.0.5 dash.bigasterisk.com 10.5.0.6 slash.bigasterisk.com 10.5.0.14 garage.bigasterisk.com
--- a/templates/kube/coredns.yaml Sat Jun 11 22:51:20 2022 -0700 +++ b/templates/kube/coredns.yaml Sat Jun 11 22:53:23 2022 -0700 @@ -53,12 +53,12 @@ namespace: kube-system data: Corefile: | - # update 2022-04-19T20:20 + # update 2022-05-17T10:38 .:53 { errors health ready - kubernetes cluster.local in-addr.arpa ip6.arpa { + kubernetes %{CLUSTER_DOMAIN}% in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } @@ -122,7 +122,7 @@ k8s-app: kube-dns containers: - name: coredns - image: rancher/mirrored-coredns-coredns:1.8.4 + image: %{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-coredns-coredns:1.9.1 imagePullPolicy: IfNotPresent resources: limits: @@ -206,7 +206,7 @@ spec: selector: k8s-app: kube-dns - clusterIP: 10.43.0.10 + clusterIP: %{CLUSTER_DNS}% ports: - name: dns port: 53
--- a/templates/resolv.conf.j2 Sat Jun 11 22:51:20 2022 -0700 +++ b/templates/resolv.conf.j2 Sat Jun 11 22:53:23 2022 -0700 @@ -3,5 +3,10 @@ # see 'resolvectl status' for more nameserver {{ ns }} +{% if host.name == 'prime' %} +# don't rely on home dns just to receive email +nameserver 8.8.4.4 +{% endif %} + options edns0 search bigasterisk.com