pmcf 4.19.2 → 4.20.0

package/src/services/bind.mjs

@@ -5,15 +5,15 @@ import { isLinkLocal, reverseArpa } from "ip-utilties";
 import {
   addType,
   default_attribute_writable,
-  string_attribute_writable,
-  string_collection_attribute_writable,
+  duration_attribute_writable,
   string_set_attribute_writable,
   boolean_attribute_writable_true,
   boolean_attribute_writable_false,
-  number_attribute_writable,
+  integer_attribute_writable,
   name_attribute_writable
 } from "pacc";
 import {
+  Base,
   ExtraSourceService,
   serviceEndpoints,
   addresses,
@@ -31,346 +31,142 @@ import { ServiceTypeDefinition } from "../service.mjs";
 import { ExtraSourceServiceTypeDefinition } from "../extra-source-service.mjs";
 import { addHook } from "../hooks.mjs";
 
-const BindServiceViewTypeDefinition = {
-  name: "bind-view",
-  key: "name",
-  attributes: {
-    name: { ...name_attribute_writable },
-    access: {
-      type: networkAddressType,
-      collection: true,
-      writable: true
-    }
-  }
-};
+const bindNetworkAddressTypes = networkAddressType + "|bind_group";
 
-const BindServiceTypeDefinition = {
-  name: "bind",
-  extends: ExtraSourceServiceTypeDefinition,
-  specializationOf: ServiceTypeDefinition,
-  owners: ServiceTypeDefinition.owners,
+const BindGroupTypeDefinition = {
+  name: "bind_group",
+  priority: 1,
   key: "name",
   attributes: {
-    /*views: {
-      type: "object", //BindServiceViewTypeDefinition,
+    name: name_attribute_writable,
+    access: {
+      type: bindNetworkAddressTypes,
       collection: true,
       writable: true
-    },*/
-    zones: {
+    },
+    excludeInterfaceKinds: string_set_attribute_writable,
+    exclude: {
+      ...default_attribute_writable,
+      type: networkAddressType,
+      collection: true
+    },
+    entries: {
       type: networkAddressType + "|location|owner",
       collection: true,
       writable: true
     },
-    trusted: {
-      type: networkAddressType,
+    sharedWith: { ...default_attribute_writable, type: "bind_group" },
+    allowedUpdates: {
+      type: bindNetworkAddressTypes,
       collection: true,
       writable: true
     },
-    protected: {
-      ...default_attribute_writable,
-      type: networkAddressType,
-      collection: true
-    },
-    internal: {
-      ...default_attribute_writable,
-      type: networkAddressType,
-      collection: true
-    },
-    hasSVRRecords: boolean_attribute_writable_false,
+    notify: boolean_attribute_writable_false,
     hasCatalog: boolean_attribute_writable_true,
+    hasReverse: boolean_attribute_writable_false,
+    hasSVRRecords: boolean_attribute_writable_false,
     hasLinkLocalAdresses: boolean_attribute_writable_false,
     hasLocationRecord: boolean_attribute_writable_true,
-    excludeInterfaceKinds: string_set_attribute_writable,
-    exclude: {
-      ...default_attribute_writable,
-      type: networkAddressType,
-      collection: true
+
+    recordTTL: { ...duration_attribute_writable, default: "1W" },
+    serial: {
+      ...integer_attribute_writable,
+      default: Math.ceil(Date.now() / 1000)
     },
-    notify: boolean_attribute_writable_false,
-    recordTTL: { ...string_attribute_writable, default: "1W" },
-    serial: number_attribute_writable,
-    refresh: { ...string_attribute_writable, default: 36000 },
-    retry: { ...string_attribute_writable, default: 72000 },
-    expire: { ...string_attribute_writable, default: 600000 },
-    minimum: { ...string_attribute_writable, default: 60000 },
-    allowedUpdates: string_collection_attribute_writable,
-    primaries: {
-      ...default_attribute_writable,
-      type: networkAddressType,
-      collection: true
-    }
-  },
-  service: {
-    systemdService: "bind.service",
-    extends: ["dns"],
-    services: {
-      "bind-statistics": {
-        endpoints: [
-          {
-            family: "IPv4",
-            port: 19521,
-            protocol: "tcp",
-            pathname: "/",
-            tls: false,
-            kind: "loopback"
-          },
-          {
-            family: "IPv6",
-            port: 19521,
-            protocol: "tcp",
-            pathname: "/",
-            tls: false,
-            kind: "loopback"
-          }
-        ]
-      },
-      "bind-rdnc": {
-        endpoints: [
-          {
-            family: "IPv4",
-            port: 953,
-            protocol: "tcp",
-            tls: false,
-            kind: "loopback"
-          }
-        ]
-      }
-    }
+    refresh: { ...duration_attribute_writable, default: 36000 },
+    retry: { ...duration_attribute_writable, default: 72000 },
+    expire: { ...duration_attribute_writable, default: 600000 },
+    minimum: { ...duration_attribute_writable, default: 60000 }
   }
 };
 
-function addressesStatement(prefix, objects, generateEmpty = false) {
-  const body = asArray(objects).map(name => `  ${name};`);
-
-  if (body.length || generateEmpty) {
-    return [`${prefix} {`, body, "};"];
+class BindGroup extends Base {
+  static typeDefinition = BindGroupTypeDefinition;
+  static {
+    addType(this);
   }
 
-  return [];
-}
-
-export class BindService extends ExtraSourceService {
+  access = [];
   allowedUpdates = [];
-  recordTTL = "1W";
-  hasSVRRecords = true;
+  entries = [];
+  exclude = new Set();
+  excludeInterfaceKinds = new Set();
+  notify = true;
   hasCatalog = true;
+  hasSVRRecords = true;
   hasLinkLocalAdresses =
-    BindServiceTypeDefinition.attributes.hasLinkLocalAdresses.default;
-  hasLocationRecord = true;
-  notify = true;
-  _zones = [];
-  _trusted = [];
-  _exclude = new Set([]);
-
-  excludeInterfaceKinds = new Set();
-
-  serial = Math.ceil(Date.now() / 1000);
-  refresh = 36000;
-  retry = 72000;
-  expire = 600000;
-  minimum = 60000;
-  static {
-    addType(this);
-    addServiceType(this.typeDefinition.service, this.typeDefinition.name);
-  }
-
-  static get typeDefinition() {
-    return BindServiceTypeDefinition;
-  }
-
-  constructor(owner, data) {
-    super(owner, data);
-
-    this.views = {};
-
-    for (const name of ["internal", "protected"]) {
-      this.views[name] = {
-        name,
-        access: []
-      };
-    }
-
-    this.views.protected.inView = this.views.internal;
-    this.views.protected.access = ["!internal"];
-  }
+    BindGroupTypeDefinition.attributes.hasLinkLocalAdresses.default;
 
-  get type() {
-    return BindServiceTypeDefinition.name;
-  }
+  recordTTL = "1W";
 
-  get serverType()
-  {
-    return this.primaries ? "secondary" : "primary";
+  get service() {
+    return this.owner;
   }
 
   get soaUpdates() {
     return [this.serial, this.refresh, this.retry, this.expire, this.minimum];
   }
 
-  set zones(value) {
-    this._zones.push(value);
-  }
-
-  get zones() {
-    return this._zones;
-  }
-
-  set protected(value) {
-    this.views.protected.access.push(value);
-  }
-
-  get protected() {
-    return this.views.protected.access;
-  }
-
-  set internal(value) {
-    this.views.internal.access.push(value);
-  }
+  get defaultRecords() {
+    /*
+     const ss = this.location.services.filter(s=>s.types.has('dns') && s.priority>=300);
+    const ss = [
+      ...this.location.expression("services[types['dns'] && priority>=300]")
+    ].sort(sortAscendingByPriority)
+*/
+    const nameService = this.owner; //ss[0];
+
+    console.log(
+      "nameService",
+      nameService.fullName,
+      nameService.domainName,
+      nameService.address()
+    );
 
-  get internal() {
-    return this.views.internal.access;
+    return [
+      DNSRecord(
+        "@",
+        "SOA",
+        dnsFullName(nameService.domainName),
+        dnsFullName(this.administratorEmail.replace(/@/, ".")),
+        `(${this.soaUpdates.join(" ")})`
+      ),
+      DNSRecord("@", "NS", dnsFullName(nameService.address()))
+    ];
   }
 
-  set trusted(value) {
-    this._trusted.push(value);
-  }
+  async packageContent(outputControl) {
+    let hasContent = false;
 
-  get trusted() {
-    return this._trusted;
-  }
+    if (this.access.length) {
+      hasContent ||= await this.generateACLs(outputControl);
+    }
 
-  set exclude(value) {
-    this._exclude.add(value);
-  }
+    if (this.entries.length) {
+      hasContent ||= await this.generateZoneDefs(outputControl, this.entries);
+    }
 
-  get exclude() {
-    return this._exclude;
+    return hasContent;
   }
 
-  async *preparePackages(dir) {
-    const sources = this.zones.length ? this.zones : [this.owner];
-    const names = sources.map(a => a.fullName).join(" ");
-    const name = this.owner.owner.name || this.owner.name;
-
-    const configPackageDir = join(dir, "config") + "/";
-    const packageData = {
-      outputs: this.outputs,
-      sources: [new FileContentProvider(configPackageDir)],
-      properties: {
-        name: `named-${name}`,
-        description: `named definitions for ${names}`,
-        access: "private"
-      }
-    };
-
-    const forwarders = serviceEndpoints(this.source, {
-      services: 'type="dns" && priority>=100 && priority<200',
-      endpoints: endpoint => endpoint.family !== "dns",
-      select: e => e.address,
-      limit: 5
-    });
-
-    if (forwarders.length) {
-      await writeLines(
-        join(configPackageDir, "etc/named/options"),
-        `forwarders.conf`,
-        addressesStatement("forwarders", forwarders)
-      );
-    }
-
+  async generateACLs(outputControl) {
     const acls = addressesStatement(
-      "acl trusted",
-      addresses(this.trusted, { aggregate: true })
+      `acl ${this.name}`,
+      addresses(this.access, { aggregate: true })
     );
 
-    for (const view of Object.values(this.views)) {
-      acls.push(
-        ...addressesStatement(
-          `acl ${view.name}`,
-          addresses(view.access, { aggregate: true }),
-          true
-        )
-      );
-    }
-
-    if (this.internal?.length) {
+    if (acls.length) {
       await writeLines(
-        join(configPackageDir, "etc/named"),
-        `0-acl-${name}.conf`,
+        join(outputControl.dir, "etc/named"),
+        `0-acl-${this.name}.conf`,
         acls
       );
     }
-    if (forwarders.length || this.internal?.length) {
-      yield packageData;
-    }
-
-    const ownerAndGroup = { owner: "named", group: "named" };
-    const filePermissions = [
-      { ...ownerAndGroup, mode: 0o644 },
-      { ...ownerAndGroup, mode: 0o755 }
-    ];
-
-    const zonesPackageDir = join(dir, "zones") + "/";
-
-    packageData.sources = [
-      new FileContentProvider(zonesPackageDir, ...filePermissions)
-    ];
-    packageData.properties = {
-      name: `named-zones-${name}`,
-      description: `zone definitions for ${names}`,
-      dependencies: ["mf-named"],
-      access: "private"
-    };
-
-    yield this.generateZoneDefs(newOutputControl(packageData, zonesPackageDir), sources);
-
-    const location = "outfacing";
-
-    const outfacingZonesPackageDir = join(dir, location) + "/";
-
-    packageData.sources = [
-      new FileContentProvider(outfacingZonesPackageDir, ...filePermissions)
-    ];
-    packageData.properties = {
-      name: `named-zones-${name}-${location}`,
-      description: `${location} zone definitions for ${names}`,
-      access: "private"
-    };
-
-    yield* this.generateOutfacingDefs(newOutputControl(packageData, outfacingZonesPackageDir), sources);
-  }
-
-  async *generateOutfacingDefs(outputControl, sources) {
-    for (const source of sources) {
-      for (const host of source.hosts()) {
-        this.outfacingZones(
-          outputControl,
-          host,
-          this.views.internal,
-          this.defaultRecords
-        );
-      }
-    }
 
-    if (outputControl.configs.length) {
-      addHook(
-        outputControl.packageData,
-        "post_upgrade",
-        `/usr/bin/named-hostname-update ${outputControl.configs
-          .map(config => config.zones.map(zone => zone.id))
-          .flat()
-          .join(" ")}`
-      );
-
-      await this.writeZones(outputControl);
-
-      yield outputControl.packageData;
-    }
+    return acls.length > 0;
   }
 
   async generateZoneDefs(outputControl, sources) {
-    const view = this.views.internal;
-
     for (const source of sources) {
       console.log(
         "ZONE",
@@ -383,9 +179,8 @@ export class BindService extends ExtraSourceService {
         const reverseZones = new Map();
 
         const config = {
-          view,
           name: `${domain}.zone.conf`,
-          type: this.serverType,
+          type: this.service.serverType,
           zones: []
         };
         outputControl.configs.push(config);
@@ -498,12 +293,6 @@ export class BindService extends ExtraSourceService {
             }
           }
         }
-        outputControl.configs.push({
-          view: this.views.protected,
-          inView: this.views.protected.inView,
-          name: config.name,
-          zones: config.zones
-        });
       }
     }
 
@@ -512,77 +301,31 @@ export class BindService extends ExtraSourceService {
     return outputControl.packageData;
   }
 
-  outfacingZones(outputControl, host, view, records) {
-    host.foreignDomainNames.map(domain => {
-      const wildcard = domain.startsWith("*.");
-      if (wildcard) {
-        domain = domain.substring(2);
-      }
+  assignCatalog(outputControl, zone, name) {
+    if (!this.hasCatalog) {
+      return;
+    }
 
-      const zone = {
-        id: domain,
-        file: `${host.location.name}/outfacing/${domain}.zone`,
-        records: new Set(records)
+    const directory = dirname(zone.file);
+
+    let catalogZone = outputControl.catalogs.get(directory);
+
+    if (!catalogZone) {
+      catalogZone = {
+        catalog: true,
+        id: `catalog.${name}`,
+        file: `${directory}/catalog.${name}.zone`,
+        records: new Set([
+          ...this.defaultRecords,
+          DNSRecord("version", "TXT", '"2"')
+        ])
       };
+      outputControl.catalogs.set(directory, catalogZone);
+
       const config = {
-        view,
-        name: `${domain}.zone.conf`,
-        type: this.serverType,
-        zones: [zone]
-      };
-      zone.config = config;
-      outputControl.configs.push(config);
-
-      if (this.hasLocationRecord) {
-        zone.records.add(DNSRecord("location", "TXT", host.location.name));
-      }
-      for (const na of host.networkAddresses(
-        na => na.networkInterface.kind !== "loopback"
-      )) {
-        zone.records.add(
-          DNSRecord("@", dnsRecordTypeForAddressFamily(na.family), na.address)
-        );
-
-        if (wildcard) {
-          zone.records.add(
-            DNSRecord("*", dnsRecordTypeForAddressFamily(na.family), na.address)
-          );
-        }
-      }
-
-      this.assignCatalog(
-        outputControl,
-        zone,
-        `outfacting.${host.location.name}`
-      );
-    });
-  }
-
-  assignCatalog(outputControl, zone, name) {
-    if (!this.hasCatalog) {
-      return;
-    }
-
-    const directory = dirname(zone.file);
-
-    let catalogZone = outputControl.catalogs.get(directory);
-
-    if (!catalogZone) {
-      catalogZone = {
-        catalog: true,
-        id: `catalog.${name}`,
-        file: `${directory}/catalog.${name}.zone`,
-        records: new Set([
-          ...this.defaultRecords,
-          DNSRecord("version", "TXT", '"2"')
-        ])
-      };
-      outputControl.catalogs.set(directory, catalogZone);
-      const config = {
-        view: zone.config.view,
-        name: `catalog.${name}.zone.conf`,
-        type: this.serverType,
-        zones: [catalogZone]
+        name: `catalog.${name}.zone.conf`,
+        type: this.service.serverType,
+        zones: [catalogZone]
       };
       catalogZone.config = config;
       outputControl.configs.push(config);
@@ -597,25 +340,9 @@ export class BindService extends ExtraSourceService {
     return catalogZone;
   }
 
-  get defaultRecords() {
-    const nameService = this.findService('in("dns",types) && priority>=300');
-
-    const SOARecord = DNSRecord(
-      "@",
-      "SOA",
-      dnsFullName(nameService.domainName),
-      dnsFullName(this.administratorEmail.replace(/@/, ".")),
-      `(${[...this.soaUpdates].join(" ")})`
-    );
-
-    const NSRecord = DNSRecord("@", "NS", dnsFullName(nameService.address()));
-
-    return [SOARecord, NSRecord];
-  }
-
   async writeZones(outputControl) {
     for (const config of outputControl.configs) {
-      console.log(`config: ${config.view.name}/${config.name}`);
+      console.log(`config: ${this.name}/${config.name}`);
 
       const content = [];
 
@@ -624,8 +351,8 @@ export class BindService extends ExtraSourceService {
 
         content.push(`zone \"${zone.id}\" {`);
 
-        if (config.inView) {
-          content.push(`  in-view ${config.inView.name};`);
+        if (this.sharedWith) {
+          content.push(`  in-view ${this.sharedWith.name};`);
         } else {
           content.push(`  type ${config.type};`);
           content.push(`  file \"${zone.file}\";`);
@@ -657,7 +384,7 @@ export class BindService extends ExtraSourceService {
       }
 
       await writeLines(
-        join(outputControl.dir, `etc/named/${config.view.name}`),
+        join(outputControl.dir, `etc/named/${this.name}`),
         config.name,
         content
       );
@@ -665,6 +392,315 @@ export class BindService extends ExtraSourceService {
   }
 }
 
+const BindServiceTypeDefinition = {
+  name: "bind",
+  extends: ExtraSourceServiceTypeDefinition,
+  specializationOf: ServiceTypeDefinition,
+  owners: ServiceTypeDefinition.owners,
+  key: "name",
+  attributes: {
+    groups: {
+      ...default_attribute_writable,
+      type: BindGroupTypeDefinition,
+      collection: true,
+      writable: true
+    },
+    primaries: {
+      ...default_attribute_writable,
+      type: networkAddressType,
+      collection: true
+    }
+  },
+  service: {
+    systemdService: "bind.service",
+    extends: ["dns"],
+    services: {
+      "bind-statistics": {
+        endpoints: [
+          {
+            family: "IPv4",
+            port: 19521,
+            protocol: "tcp",
+            pathname: "/",
+            tls: false,
+            kind: "loopback"
+          },
+          {
+            family: "IPv6",
+            port: 19521,
+            protocol: "tcp",
+            pathname: "/",
+            tls: false,
+            kind: "loopback"
+          }
+        ]
+      },
+      "bind-rdnc": {
+        endpoints: [
+          {
+            family: "IPv4",
+            port: 953,
+            protocol: "tcp",
+            tls: false,
+            kind: "loopback"
+          }
+        ]
+      }
+    }
+  }
+};
+
+function addressesStatement(prefix, objects, generateEmpty = false) {
+  const body = asArray(objects).map(name => `  ${name};`);
+
+  if (body.length || generateEmpty) {
+    return [`${prefix} {`, body, "};"];
+  }
+
+  return [];
+}
+
+export class BindService extends ExtraSourceService {
+  static typeDefinition = BindServiceTypeDefinition;
+
+  static {
+    addType(this);
+    addServiceType(this.typeDefinition.service, this.typeDefinition.name);
+  }
+
+  groups = {};
+
+  get type() {
+    return BindServiceTypeDefinition.name;
+  }
+
+  materializeExtends() {
+    super.materializeExtends();
+
+    //console.log("ME", this.fullName, this.extends);
+    for (const service of this.walkDirections(["extends"])) {
+      console.log(
+        "BindService materializeExtends",
+        this.fullName,
+        service.fullName
+      );
+
+      for (const group of Object.values(service.groups)) {
+        const present = this.groups[group.name];
+
+        if (present) {
+          //console.log("LINK", present.fullName, group.fullName);
+          present.extends.push(group);
+        } else {
+          this.groups[group.name] = group.forOwner(this);
+
+          console.log(
+            group.fullName,
+            this.groups[group.name].entries.map(e => e.fullName)
+          );
+        }
+
+        /*
+      console.log(
+        eg.fullName,
+        eg.entries.map(e => e.fullName)
+      );*/
+        //console.log("EXTENDS", this.fullName, service.fullName, eg.fullName, eg.owner.fullName);
+      }
+    }
+  }
+
+  _traverse(...args) {
+    if (super._traverse(...args)) {
+      for (const group of Object.values(this.groups)) {
+        group._traverse(...args);
+      }
+      return true;
+    }
+
+    return false;
+  }
+
+  typeNamed(type, name) {
+    if (type === BindGroupTypeDefinition.name) {
+      return this.groups[name];
+    }
+
+    return super.typeNamed(type, name);
+  }
+
+  get serverType() {
+    return this.primaries ? "secondary" : "primary";
+  }
+
+  async writeForwarders(outputControl) {
+    const forwarders = serviceEndpoints(this.source, {
+      services: 'services[types[dns]" && priority>=100 && priority<200]',
+      endpoints: endpoint => endpoint.family !== "dns",
+      select: e => e.address,
+      limit: 5
+    });
+
+    if (forwarders.length) {
+      await writeLines(
+        join(outputControl.dir, "etc/named/options"),
+        `forwarders.conf`,
+        addressesStatement("forwarders", forwarders)
+      );
+    }
+
+    return forwarders.length > 0;
+  }
+
+  async *preparePackages(dir) {
+    const basePackageDir = dir;
+    const packageData = this.packageData;
+    packageData.sources.push(new FileContentProvider(basePackageDir));
+
+    const outputControl = newOutputControl(packageData, basePackageDir);
+
+    let hasContent = false;
+
+    console.log("PAKAGE", Object.keys(this.groups));
+
+    for (const group of Object.values(this.groups)) {
+      hasContent ||= await group.packageContent(outputControl);
+    }
+
+    hasContent ||= await this.writeForwarders(outputControl);
+
+    if (hasContent) {
+      yield packageData;
+    }
+
+    /*
+    const sources = this.zones.length ? this.zones : [this.owner];
+    const names = sources.map(a => a.fullName).join(" ");
+    const name = this.owner.owner.name || this.owner.name;
+
+    Object.assign(packageData.properties, {
+      name: `named-${name}`,
+      description: `named definitions for ${names}`
+    });
+
+    const ownerAndGroup = { owner: "named", group: "named" };
+    const filePermissions = [
+      { ...ownerAndGroup, mode: 0o644 },
+      { ...ownerAndGroup, mode: 0o755 }
+    ];
+
+    const zonesPackageDir = join(dir, "zones") + "/";
+
+    packageData.sources = [
+      new FileContentProvider(zonesPackageDir, ...filePermissions)
+    ];
+    packageData.properties = {
+      name: `named-zones-${name}`,
+      description: `zone definitions for ${names}`,
+      dependencies: ["mf-named"],
+      access: "private"
+    };
+
+    yield this.generateZoneDefs(
+      newOutputControl(packageData, zonesPackageDir),
+      sources
+    );
+
+    const location = "outfacing";
+
+    const outfacingZonesPackageDir = join(dir, location) + "/";
+
+    packageData.sources = [
+      new FileContentProvider(outfacingZonesPackageDir, ...filePermissions)
+    ];
+    packageData.properties = {
+      name: `named-zones-${name}-${location}`,
+      description: `${location} zone definitions for ${names}`,
+      access: "private"
+    };
+
+    yield* this.generateOutfacingDefs(
+      newOutputControl(packageData, outfacingZonesPackageDir),
+      sources
+    );
+    */
+  }
+
+  async *generateOutfacingDefs(outputControl, sources) {
+    for (const source of sources) {
+      for (const host of source.hosts) {
+        this.outfacingZones(
+          outputControl,
+          host,
+          this.groups.internal,
+          this.defaultRecords
+        );
+      }
+    }
+
+    if (outputControl.configs.length) {
+      addHook(
+        outputControl.packageData,
+        "post_upgrade",
+        `/usr/bin/named-hostname-update ${outputControl.configs
+          .map(config => config.zones.map(zone => zone.id))
+          .flat()
+          .join(" ")}`
+      );
+
+      await this.writeZones(outputControl);
+
+      yield outputControl.packageData;
+    }
+  }
+
+  outfacingZones(outputControl, host, group, records) {
+    host.foreignDomainNames.map(domain => {
+      const wildcard = domain.startsWith("*.");
+      if (wildcard) {
+        domain = domain.substring(2);
+      }
+
+      const zone = {
+        id: domain,
+        file: `${host.location.name}/outfacing/${domain}.zone`,
+        records: new Set(records)
+      };
+      const config = {
+        group,
+        name: `${domain}.zone.conf`,
+        type: this.serverType,
+        zones: [zone]
+      };
+      zone.config = config;
+      outputControl.configs.push(config);
+
+      if (this.hasLocationRecord) {
+        zone.records.add(DNSRecord("location", "TXT", host.location.name));
+      }
+      for (const na of host.networkAddresses(
+        na => na.networkInterface.kind !== "loopback"
+      )) {
+        zone.records.add(
+          DNSRecord("@", dnsRecordTypeForAddressFamily(na.family), na.address)
+        );
+
+        if (wildcard) {
+          zone.records.add(
+            DNSRecord("*", dnsRecordTypeForAddressFamily(na.family), na.address)
+          );
+        }
+      }
+
+      this.assignCatalog(
+        outputControl,
+        zone,
+        `outfacting.${host.location.name}`
+      );
+    });
+  }
+}
+
 function newOutputControl(packageData, dir) {
   return { configs: [], catalogs: new Map(), packageData, dir };
 }