commit

dns/dns.yaml

@@ -53,11 +53,6 @@ spec:
 ---
 apiVersion: v1
 kind: ConfigMap
-metadata:
-  name: coredns-corefile
-  namespace: dns
-apiVersion: v1
-kind: ConfigMap
 metadata:
   name: coredns-corefile
   namespace: dns
@@ -70,55 +65,66 @@ data:
       health
       ready
 
+      # SOA
       template IN SOA apps.undercloud.dev {
         rcode NOERROR
         answer "{{.Name}} 3600 IN SOA ns1.apps.undercloud.dev. hostmaster.apps.undercloud.dev. 1 7200 3600 1209600 3600"
-        additional "ns1.apps.undercloud.dev. 3600 IN A 10.0.91.54"
-        additional "ns2.apps.undercloud.dev. 3600 IN A 10.0.91.54"
-        additional "ns1.apps.undercloud.dev. 3600 IN AAAA 2001:470:7116:f:1::54"
-        additional "ns2.apps.undercloud.dev. 3600 IN AAAA 2001:470:7116:f:1::54"
       }
+
+      # NS délégation
       template IN NS apps.undercloud.dev {
         rcode NOERROR
         answer "{{.Name}} 3600 IN NS ns1.apps.undercloud.dev."
         answer "{{.Name}} 3600 IN NS ns2.apps.undercloud.dev."
-        additional "ns1.apps.undercloud.dev. 3600 IN A 10.0.91.54"
-        additional "ns2.apps.undercloud.dev. 3600 IN A 10.0.91.54"
-        additional "ns1.apps.undercloud.dev. 3600 IN AAAA 2001:470:7116:f:1::54"
-        additional "ns2.apps.undercloud.dev. 3600 IN AAAA 2001:470:7116:f:1::54"
       }
 
-      hosts {
-        10.0.91.54            ns1.apps.undercloud.dev
-        10.0.91.54            ns2.apps.undercloud.dev
-        2001:470:7116:f:1::54 ns1.apps.undercloud.dev
-        2001:470:7116:f:1::54 ns2.apps.undercloud.dev
-        fallthrough
+      # Glue A/AAAA pour ns1/ns2 (in-bailiwick)
+      template IN A ns1.apps.undercloud.dev {
+        rcode NOERROR
+        answer "ns1.apps.undercloud.dev. 300 IN A 10.0.91.54"
+      }
+      template IN A ns2.apps.undercloud.dev {
+        rcode NOERROR
+        answer "ns2.apps.undercloud.dev. 300 IN A 10.0.91.54"
+      }
+      template IN AAAA ns1.apps.undercloud.dev {
+        rcode NOERROR
+        answer "ns1.apps.undercloud.dev. 300 IN AAAA 2001:470:7116:f:1::54"
+      }
+      template IN AAAA ns2.apps.undercloud.dev {
+        rcode NOERROR
+        answer "ns2.apps.undercloud.dev. 300 IN AAAA 2001:470:7116:f:1::54"
       }
 
+      # CAA (Let’s Encrypt)
+      template IN CAA apps.undercloud.dev {
+        rcode NOERROR
+        answer "{{.Name}} 3600 IN CAA 0 issue \"letsencrypt.org\""
+        answer "{{.Name}} 3600 IN CAA 0 iodef \"mailto:hostmaster@undercloud.dev\""
+      }
+
+      # Wildcards vers ton Ingress
+      template IN A apps.undercloud.dev {
+        match ^(.+)\.apps\.undercloud\.dev\.?$
+        answer "{{.Name}} 300 IN A 93.228.39.77"
+      }
+      template IN AAAA apps.undercloud.dev {
+        match ^(.+)\.apps\.undercloud\.dev\.?$
+        answer "{{.Name}} 300 IN AAAA 2001:470:7116:f:1::b492"
+      }
+
+      # Enregistrements dynamiques (optionnel)
       etcd {
         path /skydns
         endpoint http://etcd.dns.svc:2379
         fallthrough
       }
-
-      # Static IPv4 for any subdomain
-      template IN A apps.undercloud.dev {
-        match ^(.+)\.apps\.undercloud\.dev\.?$
-        answer "{{.Name}} 300 IN A 93.228.39.77"   # your static v4
-        fallthrough
-      }
-
-      # wildcard IPv6 to Ingress
-      template IN AAAA apps.undercloud.dev {
-        match ^(.+)\.apps\.undercloud\.dev\.?$
-        answer "{{.Name}} 300 IN AAAA 2001:470:7116:f:1::b492"
-      }
     }
 
 
 
 
+
 ---
 apiVersion: apps/v1
 kind: Deployment