1
|
%def gen_match_clients(%%agriates, %%forward)
|
2
|
%if %%nombre_interfaces >= "2"
|
3
|
%if (%%dns_rvp_eth1 == %%agriates or %%agriates == 'force') and \
|
4
|
(%%dns_forward_eth1 == %%forward or %%forward == 'force')
|
5
|
%%adresse_network_eth1/%%calc_classe(%%adresse_netmask_eth1);
|
6
|
%end if
|
7
|
%if %%alias_eth1 == "oui"
|
8
|
%for %%alias_ip in %%alias_ip_eth1
|
9
|
%if (%%alias_ip.dns_rvp_alias_eth1 == %%agriates or %%agriates == 'force') and \
|
10
|
(%%alias_ip.dns_forward_alias_eth1 == %%forward or %%forward == 'force')
|
11
|
%%alias_ip.alias_network_eth1/%%calc_classe(%%alias_ip.alias_netmask_eth1);
|
12
|
%end if
|
13
|
%end for
|
14
|
%end if
|
15
|
%if %%vlan_eth1 == "oui"
|
16
|
%for %%vlan in %%id_vlan_eth1
|
17
|
%if (%%vlan.dns_rvp_vlan_eth1 == %%agriates or %%agriates == 'force') and \
|
18
|
(%%vlan.dns_forward_vlan_eth1 == %%forward or %%forward == 'force')
|
19
|
%%vlan.adresse_network_vlan_eth1/%%calc_classe(%%vlan.adresse_netmask_vlan_eth1);
|
20
|
%end if
|
21
|
%end for
|
22
|
%end if
|
23
|
%end if
|
24
|
%if %%nombre_interfaces >= "3"
|
25
|
%if (%%dns_rvp_eth2 == %%agriates or %%agriates == 'force') and \
|
26
|
(%%dns_forward_eth2 == %%forward or %%forward == 'force')
|
27
|
%%adresse_network_eth2/%%calc_classe(%%adresse_netmask_eth2);
|
28
|
%end if
|
29
|
%if %%alias_eth2 == "oui"
|
30
|
%for %%alias_ip in %%alias_ip_eth2
|
31
|
%if (%%alias_ip.dns_rvp_alias_eth2 == %%agriates or %%agriates == 'force') and \
|
32
|
(%%alias_ip.dns_forward_alias_eth2 == %%forward or %%forward == 'force')
|
33
|
%%alias_ip.alias_network_eth2/%%calc_classe(%%alias_ip.alias_netmask_eth2);
|
34
|
%end if
|
35
|
%end for
|
36
|
%end if
|
37
|
%if %%vlan_eth2 == "oui"
|
38
|
%for %%vlan in %%id_vlan_eth2
|
39
|
%if (%%vlan.dns_rvp_vlan_eth2 == %%agriates or %%agriates == 'force') and \
|
40
|
(%%vlan.dns_forward_vlan_eth2 == %%forward or %%forward == 'force')
|
41
|
%%vlan.adresse_network_vlan_eth2/%%calc_classe(%%vlan.adresse_netmask_vlan_eth2);
|
42
|
%end if
|
43
|
%end for
|
44
|
%end if
|
45
|
%end if
|
46
|
%if %%nombre_interfaces >= "4"
|
47
|
%if (%%dns_rvp_eth3 == %%agriates or %%agriates == 'force') and \
|
48
|
(%%dns_forward_eth3 == %%forward or %%forward == 'force')
|
49
|
%%adresse_network_eth3/%%calc_classe(%%adresse_netmask_eth3);
|
50
|
%end if
|
51
|
%if %%alias_eth3 == "oui"
|
52
|
%for %%alias_ip in %%alias_ip_eth3
|
53
|
%if (%%alias_ip.dns_rvp_alias_eth3 == %%agriates or %%agriates == 'force') and \
|
54
|
(%%alias_ip.dns_forward_alias_eth3 == %%forward or %%forward == 'force')
|
55
|
%%alias_ip.alias_network_eth3/%%calc_classe(%%alias_ip.alias_netmask_eth3);
|
56
|
%end if
|
57
|
%end for
|
58
|
%end if
|
59
|
%if %%vlan_eth3 == "oui"
|
60
|
%for %%vlan in %%id_vlan_eth3
|
61
|
%if (%%vlan.dns_rvp_vlan_eth3 == %%agriates or %%agriates == 'force') and \
|
62
|
(%%vlan.dns_forward_vlan_eth3 == %%forward or %%forward == 'force')
|
63
|
%%vlan.adresse_network_vlan_eth3/%%calc_classe(%%vlan.adresse_netmask_vlan_eth3);
|
64
|
%end if
|
65
|
%end for
|
66
|
%end if
|
67
|
%end if
|
68
|
%if %%nombre_interfaces >= "5"
|
69
|
%if (%%dns_rvp_eth4 == %%agriates or %%agriates == 'force') and \
|
70
|
(%%dns_forward_eth4 == %%forward or %%forward == 'force')
|
71
|
%%adresse_network_eth4/%%calc_classe(%%adresse_netmask_eth4);
|
72
|
%end if
|
73
|
%if %%alias_eth4 == "oui"
|
74
|
%for %%alias_ip in %%alias_ip_eth4
|
75
|
%if (%%alias_ip.dns_rvp_alias_eth4 == %%agriates or %%agriates == 'force') and \
|
76
|
(%%alias_ip.dns_forward_alias_eth4 == %%forward or %%forward == 'force')
|
77
|
%%alias_ip.alias_network_eth4/%%calc_classe(%%alias_ip.alias_netmask_eth4);
|
78
|
%end if
|
79
|
%end for
|
80
|
%end if
|
81
|
%if %%vlan_eth4 == "oui"
|
82
|
%for %%vlan in %%id_vlan_eth4
|
83
|
%if (%%vlan.dns_rvp_vlan_eth4 == %%agriates or %%agriates == 'force') and \
|
84
|
(%%vlan.dns_forward_vlan_eth4 == %%forward or %%forward == 'force')
|
85
|
%%vlan.adresse_network_vlan_eth4/%%calc_classe(%%vlan.adresse_netmask_vlan_eth4);
|
86
|
%end if
|
87
|
%end for
|
88
|
%end if
|
89
|
%end if
|
90
|
%if %%activer_route == "oui"
|
91
|
%for %%indirectnet in %%route_adresse
|
92
|
%if (%%indirectnet.dns_rvp_route == %%agriates or %%agriates == 'force') and \
|
93
|
(%%indirectnet.dns_forward_route == %%forward or %%forward == 'force')
|
94
|
%%indirectnet/%%calc_classe(%%indirectnet.route_netmask);
|
95
|
%end if
|
96
|
%end for
|
97
|
%end if
|
98
|
%end def
|
99
|
|
100
|
|
101
|
options {
|
102
|
directory "/etc/bind";
|
103
|
/*
|
104
|
* If there is a firewall between you and nameservers you want
|
105
|
* to talk to, you might need to uncomment the query-source
|
106
|
* directive below. Previous versions of BIND always asked
|
107
|
* questions using port 53, but BIND 8.1 uses an unprivileged
|
108
|
* port by default.
|
109
|
*/
|
110
|
version "MyVersion";
|
111
|
// query-source address * port 53;
|
112
|
// *** DNS EXTERNE
|
113
|
%if not %%is_empty(%%adresse_ip_dns)
|
114
|
forwarders {
|
115
|
%for %%variable_iter in %%adresse_ip_dns
|
116
|
%%variable_iter;
|
117
|
%end for
|
118
|
};
|
119
|
forward only;
|
120
|
%end if
|
121
|
|
122
|
listen-on {intra;};
|
123
|
allow-notify {none;};
|
124
|
allow-recursion {allnets;};
|
125
|
allow-transfer {none;};
|
126
|
allow-query {allnets;};
|
127
|
|
128
|
};
|
129
|
|
130
|
acl "allnets" {
|
131
|
localnets;
|
132
|
%for %%indirectnet in %%route_adresse
|
133
|
%if %%indirectnet.dns_route == "oui"
|
134
|
%%indirectnet/%%calc_classe(%%indirectnet.route_netmask);
|
135
|
%end if
|
136
|
%end for
|
137
|
};
|
138
|
|
139
|
acl "intra" {
|
140
|
127.0.0.1;
|
141
|
%if %%mode_conteneur_actif == 'oui'
|
142
|
// mode avec conteneur
|
143
|
%if %%activer_dns_eth0 == 'oui'
|
144
|
%if %%is_defined('adresse_ip_eth0_proxy_link') and %%adresse_ip_eth0_proxy_link != ''
|
145
|
%%adresse_ip_eth0_proxy_link;
|
146
|
%end if
|
147
|
%end if
|
148
|
%%adresse_ip_conteneur_dns;
|
149
|
%if %%nombre_interfaces > 1 and %%is_defined('adresse_ip_eth1_proxy_link') and %%adresse_ip_eth1_proxy_link != ''
|
150
|
%%adresse_ip_eth1_proxy_link;
|
151
|
%end if
|
152
|
%if %%nombre_interfaces > 2 and %%is_defined('adresse_ip_eth2_proxy_link') and %%adresse_ip_eth2_proxy_link != ''
|
153
|
%%adresse_ip_eth2_proxy_link;
|
154
|
%end if
|
155
|
%if %%nombre_interfaces > 3 and %%is_defined('adresse_ip_eth3_proxy_link') and %%adresse_ip_eth3_proxy_link != ''
|
156
|
%%adresse_ip_eth3_proxy_link;
|
157
|
%end if
|
158
|
%else
|
159
|
// mode sans conteneur
|
160
|
%if %%activer_dns_eth0 == 'oui'
|
161
|
%%adresse_ip_eth0;
|
162
|
%end if
|
163
|
%if %%nombre_interfaces >= "2"
|
164
|
%%adresse_ip_eth1;
|
165
|
%if %%alias_eth1 == "oui"
|
166
|
%for %%alias_ip in %%alias_ip_eth1
|
167
|
%%alias_ip;
|
168
|
%end for
|
169
|
%end if
|
170
|
%if %%vlan_eth1 == "oui"
|
171
|
%for %%id_vlan1 in %%id_vlan_eth1
|
172
|
%%id_vlan1.adresse_ip_vlan_eth1;
|
173
|
%end for
|
174
|
%end if
|
175
|
%end if
|
176
|
%if %%nombre_interfaces >= "3"
|
177
|
%%adresse_ip_eth2;
|
178
|
%if %%alias_eth2 == "oui"
|
179
|
%for %%alias_ip in %%alias_ip_eth2
|
180
|
%%alias_ip;
|
181
|
%end for
|
182
|
%end if
|
183
|
%if %%vlan_eth2 == "oui"
|
184
|
%for %%id_vlan2 in %%id_vlan_eth2
|
185
|
%%id_vlan2.adresse_ip_vlan_eth2;
|
186
|
%end for
|
187
|
%end if
|
188
|
%end if
|
189
|
%if %%nombre_interfaces >= "4"
|
190
|
%%adresse_ip_eth3;
|
191
|
%if %%alias_eth3 == "oui"
|
192
|
%for %%alias_ip in %%alias_ip_eth3
|
193
|
%%alias_ip;
|
194
|
%end for
|
195
|
%end if
|
196
|
%if %%vlan_eth3 == "oui"
|
197
|
%for %%id_vlan3 in %%id_vlan_eth3
|
198
|
%%id_vlan3.adresse_ip_vlan_eth3;
|
199
|
%end for
|
200
|
%end if
|
201
|
%end if
|
202
|
%if %%nombre_interfaces >= "5"
|
203
|
%%adresse_ip_eth4;
|
204
|
%if %%alias_eth4 == "oui"
|
205
|
%for %%alias_ip in %%alias_ip_eth4
|
206
|
%%alias_ip;
|
207
|
%end for
|
208
|
%end if
|
209
|
%if %%vlan_eth4 == "oui"
|
210
|
%for %%id_vlan4 in %%id_vlan_eth4
|
211
|
%%id_vlan4.adresse_ip_vlan_eth4;
|
212
|
%end for
|
213
|
%end if
|
214
|
%end if
|
215
|
%if %%vlan_eth0 == "oui"
|
216
|
%for %%id_vlan0 in %%id_vlan_eth0
|
217
|
%%id_vlan0.adresse_ip_vlan_eth0;
|
218
|
%end for
|
219
|
%end if
|
220
|
// fin mode sans conteneur
|
221
|
%end if
|
222
|
};
|
223
|
|
224
|
%if %%install_rvp == "oui" and %%agriates_member == "oui" and not %%is_empty(%%adresse_dns_agriates) and not %%is_empty(%%ip_dns_zone_forward)
|
225
|
view "Zones AGRIATES-FORWARD" {
|
226
|
match-clients {
|
227
|
127.0.0.1;
|
228
|
%if %%mode_conteneur_actif == 'oui'
|
229
|
192.0.2.0/24;
|
230
|
%end if
|
231
|
%%gen_match_clients('oui', 'oui')
|
232
|
};
|
233
|
include "/etc/bind/agriates.zones";
|
234
|
include "/etc/bind/forward.zones";
|
235
|
include "/etc/bind/local.zones";
|
236
|
};
|
237
|
%end if
|
238
|
|
239
|
%if %%install_rvp == "oui" and %%agriates_member == "oui" and not %%is_empty(%%adresse_dns_agriates)
|
240
|
view "Reseau Agriates" {
|
241
|
match-clients {
|
242
|
127.0.0.1;
|
243
|
%if %%mode_conteneur_actif == 'oui'
|
244
|
192.0.2.0/24;
|
245
|
%end if
|
246
|
%if not %%is_empty(%%ip_dns_zone_forward)
|
247
|
%%gen_match_clients('oui', 'non')
|
248
|
%else
|
249
|
%%gen_match_clients('oui', 'force')
|
250
|
%end if
|
251
|
};
|
252
|
|
253
|
include "/etc/bind/agriates.zones";
|
254
|
include "/etc/bind/local.zones";
|
255
|
};
|
256
|
%end if
|
257
|
|
258
|
%if not %%is_empty(%%ip_dns_zone_forward)
|
259
|
view "Zones forward" {
|
260
|
match-clients {
|
261
|
127.0.0.1;
|
262
|
%if %%mode_conteneur_actif == 'oui'
|
263
|
192.0.2.0/24;
|
264
|
%end if
|
265
|
%if %%install_rvp == "oui" and %%agriates_member == "oui" and not %%is_empty(%%adresse_dns_agriates)
|
266
|
%%gen_match_clients('non', 'oui')
|
267
|
%else
|
268
|
%%gen_match_clients('force', 'oui')
|
269
|
%end if
|
270
|
};
|
271
|
include "/etc/bind/forward.zones";
|
272
|
include "/etc/bind/local.zones";
|
273
|
};
|
274
|
%end if
|
275
|
|
276
|
view "tous" {
|
277
|
match-clients {
|
278
|
any;
|
279
|
};
|
280
|
include "/etc/bind/local.zones";
|
281
|
include "/etc/bind/named.conf.local";
|
282
|
};
|
283
|
|