Add only required reverse zones for dna gw hosts

2025-06-19 13:55:28 +00:00 · 2025-06-19 13:55:28 +00:00 · 05b4c3a9f4
commit 05b4c3a9f4
parent 1269427fb2
1 changed files with 10 additions and 2 deletions
--- a/group_vars/dnagw.yml
+++ b/group_vars/dnagw.yml
@ -34,8 +34,16 @@ network_ether_interfaces:
    proto: none

 unbound_zones:
-  - 20.172.in-addr.arpa
-  - home.foo.sh
+  - 144-28.96.16.37.in-addr.arpa
+  - foo.sh
+  - >-
+    {% set reverse = intnet | ansible.utils.ipaddr('network') | ansible.utils.ipaddr('revdns') -%}
+    {% if intnet | ansible.utils.ipaddr('prefix') < 24 -%}
+    {{ reverse[:-1] | split('.', 2) | last -}}
+    {% else -%}
+    {{ reverse[:-1] | split('.', 1) | last -}}
+    {% endif -%}
+  - "{{ inventory_hostname.split('.')[1:] | join('.') }}"

 # use custom firewall config
 firewall_src: pf.conf.gw_dna.j2