a77b2c4f0f
That was the root cause of all our DNSSEC issues. Now that this was fixed, we're not having these anymore, so the relaxed checks can be restored back to their original state.
80 lines
2.9 KiB
Django/Jinja
80 lines
2.9 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
default-lease-time 86400;
|
|
max-lease-time 86400;
|
|
|
|
# Option definitions common to all supported networks.
|
|
|
|
option interface-mtu {{ mtu }};
|
|
option root-path "/";
|
|
|
|
# The ddns-updates-style parameter controls whether or not the server will
|
|
# attempt to do a DNS update when a lease is confirmed. We default to the
|
|
# behavior of the version 2 packages ('none', since DHCP v2 didn't
|
|
# have support for DDNS.)
|
|
ddns-update-style none;
|
|
|
|
# If this DHCP server is the official DHCP server for the local
|
|
# network, the authoritative directive should be uncommented.
|
|
authoritative;
|
|
|
|
log-facility local7;
|
|
|
|
{% if dhcp_failover is defined %}
|
|
include "/etc/dhcp/dhcp-failover.conf";
|
|
{% endif %}
|
|
|
|
# Bornes WiFi
|
|
subnet 10.{{ subnet_ids.ap }}.0.0 netmask 255.255.0.0 {
|
|
interface "ens19";
|
|
option subnet-mask 255.255.0.0;
|
|
option broadcast-address 10.{{ subnet_ids.ap }}.255.255;
|
|
option routers 10.{{ subnet_ids.ap }}.0.250;
|
|
option domain-name "borne.auro.re";
|
|
option domain-search "borne.auro.re";
|
|
|
|
option domain-name-servers 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix_backup }}, {{ backup_dns_servers|join(', ') }};
|
|
include "/var/local/re2o-services/dhcp/generated/dhcp.borne.auro.re.list";
|
|
|
|
deny unknown-clients;
|
|
}
|
|
|
|
# Users filaire
|
|
subnet 10.{{ subnet_ids.users_wired }}.0.0 netmask 255.255.0.0 {
|
|
interface "ens20";
|
|
option subnet-mask 255.255.0.0;
|
|
option broadcast-address 10.{{ subnet_ids.users_wired }}.255.255;
|
|
option routers 10.{{ subnet_ids.users_wired }}.0.240;
|
|
option domain-name "fil.{{ apartment_block }}.auro.re";
|
|
option domain-search "auro.re";
|
|
|
|
option domain-name-servers 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix_backup }}, {{ backup_dns_servers|join(', ') }};
|
|
|
|
include "/var/local/re2o-services/dhcp/generated/dhcp.fil.{{ apartment_block }}.auro.re.list";
|
|
|
|
deny unknown-clients;
|
|
}
|
|
|
|
|
|
# Users WiFi
|
|
subnet 10.{{ subnet_ids.users_wifi }}.0.0 netmask 255.255.0.0 {
|
|
interface "ens21";
|
|
option subnet-mask 255.255.0.0;
|
|
option broadcast-address 10.{{ subnet_ids.users_wifi }}.255.255;
|
|
option routers 10.{{ subnet_ids.users_wifi }}.0.240;
|
|
option domain-name "wifi.{{ apartment_block }}.auro.re";
|
|
option domain-search "auro.re";
|
|
|
|
option domain-name-servers 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix_backup }}, {{ backup_dns_servers|join(', ') }};
|
|
|
|
include "/var/local/re2o-services/dhcp/generated/dhcp.wifi.{{ apartment_block }}.auro.re.list";
|
|
|
|
pool {
|
|
range 10.{{ subnet_ids.users_wifi }}.8.0 10.{{ subnet_ids.users_wifi }}.10.255;
|
|
|
|
{% if dhcp_failover is defined %}
|
|
failover peer "dhcp-failover";
|
|
{% endif %}
|
|
}
|
|
}
|
|
|