Added anti-spoofing google recommandation

dtourde · Mar 10, 2020 · 130a9d0 · 130a9d0
1 parent 4b4bdbb
commit 130a9d0
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/roles/bind/templates/db.base.j2 b/roles/bind/templates/db.base.j2
@@ -14,6 +14,11 @@ $TTL    3600
 @       IN      NS      sid.example.com.
 @       IN      MX      10 sid.example.com.
 
+{% block google_anti_spoof %}
+@		IN	TXT	"v=spf1 include:_spf.google.com ip4:{{item.dns_ipv4}}/32 ptr:{{item.dns_fqdn}} ~all"
+@		IN	SPF	"v=spf1 include:_spf.google.com ip4:{{item.dns_ipv4}}/32 ptr:{{item.dns_fqdn}} ~all"
+{% endblock %}
+
 {% block records %}
 {% for key, type_record in item.records.items() %}
   {% for record in type_record %}

diff --git a/roles/bind/vars/example_vars.yml b/roles/bind/vars/example_vars.yml
@@ -57,6 +57,7 @@
   zones:
     - name: "{{domain_name_1}}"
       dns_fqdn: "ns1.{{domain_name_1}}."
+      dns_ipv4: &ip_ns_1 "{{public_ip_addr}}"
       soa_email: damien.tourde.example.
       allow_transfer:
         - gandi-net
@@ -82,7 +83,7 @@
         A:
           - name: ""
             inet_class: IN
-            record: "{{public_ip_addr}}"
+            record: *ip_ns_1
         CNAME:
           - name: plex
             inet_class: IN
@@ -95,6 +96,7 @@
             record: ""
     - name: "{{domain_name_2}}"
       dns_fqdn: "ns1.{{domain_name_2}}."
+      dns_ipv4: &ip_ns_2 "5.6.7.8"
       soa_email: damien.tourde.second-example.
       allow_transfer:
         - gandi-net
@@ -120,7 +122,7 @@
         A:
           - name: ""
             inet_class: IN
-            record: "{{public_ip_addr}}"
+            record: *ip_ns_2
         CNAME:
           - name: plex
             inet_class: IN
@@ -139,4 +141,3 @@
     #   reverse: True
     #   db_name: "db.{{domain_name_1}}.inv"
 
-