Allow any recursion and cache queries for named svc

Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: Idba94e27b4d1375fe5feabd6a2c08f4a9716f186

images/maas-rack-controller-focal/3.0_allow_query.patch

@@ -0,0 +1,15 @@
+diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
+index d76fcfa9a..d198e90b9 100644
+--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
++++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
+@@ -13,8 +13,8 @@ empty-zones-enable no;
+ allow-query { any; };
+ {{endif}}
+ {{if not upstream_allow_recursion}}
+-allow-recursion { trusted; };
++allow-recursion { any; };
+ {{endif}}
+ {{if not upstream_allow_query_cache}}
+-allow-query-cache { trusted; };
++allow-query-cache { any; };
+ {{endif}}

images/maas-rack-controller-focal/Dockerfile

@@ -64,12 +64,15 @@ COPY 3.0_ipmi_error.patch /tmp/3.0_ipmi_error.patch
 COPY 3.0_redfish_retries.patch /tmp/3.0_redfish_retries.patch
 # Patch to disable ipv6 in bind9
 COPY 3.0_named_conf.patch /tmp/3.0_named_conf.patch
+# Patch to allow any recursion and cache queries
+COPY 3.0_allow_query.patch /tmp/3.0_allow_query.patch
 
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/3.0_nic_filter.patch
 RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.0_secure_headers.patch
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/3.0_ipmi_error.patch
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/3.0_redfish_retries.patch
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/dns/commands && patch edit_named_options.py < /tmp/3.0_named_conf.patch
+RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/3.0_allow_query.patch
 
 # echo journalctl logs to the container's stdout
 COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
@@ -81,5 +84,8 @@ RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-m
 # avoid triggering bind9 high cpu utilization bug
 RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf
 
+# invoke regeneration named.conf and options
+RUN /usr/lib/maas/maas-common edit-named-options --config-path /etc/bind/named.conf.options && /usr/lib/maas/maas-common setup-dns
+
 # initalize systemd
 CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]

images/maas-rack-controller/2.8_allow_query.patch

@@ -0,0 +1,15 @@
+diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
+index ba1aee316..ab5766210 100644
+--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
++++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
+@@ -13,8 +13,8 @@ dnssec-validation {{dnssec_validation}};
+ allow-query { any; };
+ {{endif}}
+ {{if not upstream_allow_recursion}}
+-allow-recursion { trusted; };
++allow-recursion { any; };
+ {{endif}}
+ {{if not upstream_allow_query_cache}}
+-allow-query-cache { trusted; };
++allow-query-cache { any; };
+ {{endif}}

images/maas-rack-controller/Dockerfile

@@ -63,12 +63,15 @@ COPY 2.8_ipmi_error.patch /tmp/2.8_ipmi_error.patch
 COPY 2.8_redfish_retries.patch /tmp/2.8_redfish_retries.patch
 # Patch to disable ipv6 in bind9
 COPY 2.8_named_conf.patch /tmp/2.8_named_conf.patch
+# Patch to allow any recursion and cache queries
+COPY 2.8_allow_query.patch /tmp/2.8_allow_query.patch
 
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/2.8_nic_filter.patch
 RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/2.8_secure_headers.patch
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/2.8_ipmi_error.patch
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/2.8_redfish_retries.patch
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/dns/commands && patch edit_named_options.py < /tmp/2.8_named_conf.patch
+RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/2.8_allow_query.patch
 
 # echo journalctl logs to the container's stdout
 COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
@@ -80,5 +83,8 @@ RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-m
 # avoid triggering bind9 high cpu utilization bug
 RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf
 
+# invoke regeneration named.conf and options
+RUN /usr/lib/maas/maas-common edit-named-options --config-path /etc/bind/named.conf.options && /usr/lib/maas/maas-common setup-dns
+
 # initalize systemd
 CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]