fix(nslord,nsmaster): make ACLs more explicit

.travis.yml

@@ -55,9 +55,11 @@ before_install:
 script:
   # e2e tests
   - docker-compose -f docker-compose.yml -f docker-compose.test-e2e.yml run -T test-e2e bash -c "./apiwait 45 && mocha ./spec"
+  - docker-compose -f docker-compose.yml -f docker-compose.test-e2e.yml down -v
 
   # API tests
   - docker-compose -f docker-compose.yml -f docker-compose.test-api.yml run -T api bash -c "./entrypoint-tests.sh"
+  - docker-compose -f docker-compose.yml -f docker-compose.test-api.yml down -v
 
 after_failure:
   - docker-compose ps

docker-compose.yml

@@ -119,10 +119,11 @@ services:
     - DESECSTACK_MINIMUM_TTL_DEFAULT
     - DESECSTACK_WATCHDOG_SLAVES
     networks:
-    - rearapi_celery
-    - rearapi_dbapi
-    - rearapi_ns
-    - rearwww
+      rearapi_celery:
+      rearapi_dbapi:
+      rearapi_ns:
+        ipv4_address: ${DESECSTACK_IPV4_REAR_PREFIX16}.1.10
+      rearwww:
     logging:
       driver: "syslog"
       options:

nslord/conf/pdns.conf.var

@@ -1,4 +1,4 @@
-allow-axfr-ips=${DESECSTACK_IPV4_REAR_PREFIX16}.1.0/24
+allow-axfr-ips=${DESECSTACK_IPV4_REAR_PREFIX16}.1.12
 api=yes
 api-key=${DESECSTACK_NSLORD_APIKEY}
 default-soa-edit=INCREMENT-WEEKS
@@ -10,8 +10,8 @@ setuid=pdns
 soa-minimum-ttl=60
 version-string=powerdns
 webserver=yes
-webserver-address=0.0.0.0
-webserver-allow-from=${DESECSTACK_IPV4_REAR_PREFIX16}.1.0/24
+webserver-address=${DESECSTACK_IPV4_REAR_PREFIX16}.1.11
+webserver-allow-from=${DESECSTACK_IPV4_REAR_PREFIX16}.1.10
 carbon-server=${DESECSTACK_NSLORD_CARBONSERVER}
 carbon-ourname=${DESECSTACK_NSLORD_CARBONOURNAME}
 

nsmaster/conf/pdns.conf.var

@@ -9,8 +9,8 @@ slave=yes
 slave-renotify=yes
 version-string=powerdns
 webserver=yes
-webserver-address=0.0.0.0
-webserver-allow-from=${DESECSTACK_IPV4_REAR_PREFIX16}.1.0/24
+webserver-address=${DESECSTACK_IPV4_REAR_PREFIX16}.1.12
+webserver-allow-from=${DESECSTACK_IPV4_REAR_PREFIX16}.1.10
 carbon-server=${DESECSTACK_NSMASTER_CARBONSERVER}
 carbon-ourname=${DESECSTACK_NSMASTER_CARBONOURNAME}