From 49601213fefef2731e9e60f96539f45d01c3ba2a Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Wed, 2 Jan 2019 16:31:56 +0000
Subject: [PATCH] Allow DNS zone transfers from ns1/ns2.opendev.org

This was likely missed in bootstrapping. Temporarily allow all
authoritative slaves (opendev as well as openstack) to perform zone
transfers over 53/tcp on either silent master nameserver.

Change-Id: I68455a1d4fa5042da14b3c2e0747af00effad0da
---
 playbooks/group_vars/adns.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/playbooks/group_vars/adns.yaml b/playbooks/group_vars/adns.yaml
index 9af283dc78..be098ff02a 100644
--- a/playbooks/group_vars/adns.yaml
+++ b/playbooks/group_vars/adns.yaml
@@ -1,4 +1,10 @@
 iptables_extra_allowed_hosts:
+  - protocol: tcp
+    port: 53
+    hostname: ns1.opendev.org
+  - protocol: tcp
+    port: 53
+    hostname: ns2.opendev.org
   - protocol: tcp
     port: 53
     hostname: ns1.openstack.org