From 1c0d2f25d269e2402d0f7794b36f304f13bcbe56 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Sat, 28 Nov 2020 23:36:50 +0100 Subject: [PATCH] dns_*: use dnsdist as frontend --- roles/dns_resolver/templates/dnsdist.conf.j2 | 2 +- roles/dns_resolver/templates/recursor.conf.j2 | 2 +- roles/dns_split/templates/dnsdist.conf.j2 | 7 +++++-- roles/dns_split/templates/recursor.conf.j2 | 4 ++-- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/roles/dns_resolver/templates/dnsdist.conf.j2 b/roles/dns_resolver/templates/dnsdist.conf.j2 index b652b18..f56da34 100644 --- a/roles/dns_resolver/templates/dnsdist.conf.j2 +++ b/roles/dns_resolver/templates/dnsdist.conf.j2 @@ -8,7 +8,7 @@ addLocal('{{ ansible_default_ipv6.address }}') addACL('194.156.22.0/24') addACL('2001:678:ddc::/48') -newServer({address='127.0.0.1:5300', qps=1, name='localhost'}) +newServer({address='127.0.0.1:5353', qps=1, name='localhost'}) addTLSLocal('{{ ansible_default_ipv4.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') addTLSLocal('{{ ansible_default_ipv6.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') diff --git a/roles/dns_resolver/templates/recursor.conf.j2 b/roles/dns_resolver/templates/recursor.conf.j2 index 2c8b2c7..c98834a 100644 --- a/roles/dns_resolver/templates/recursor.conf.j2 +++ b/roles/dns_resolver/templates/recursor.conf.j2 @@ -24,7 +24,7 @@ local-address=127.0.0.1 ################################# # local-port port to listen on # -local-port=5300 +local-port=5353 ################################# # query-local-address6 Send out local IPv6 queries from this address or addresses. Disabled by default, which also disables outgoing diff --git a/roles/dns_split/templates/dnsdist.conf.j2 b/roles/dns_split/templates/dnsdist.conf.j2 index 38e555b..2226580 100644 --- a/roles/dns_split/templates/dnsdist.conf.j2 +++ b/roles/dns_split/templates/dnsdist.conf.j2 @@ -1,8 +1,11 @@ -- {{ ansible_managed }} -setLocal('127.0.0.1:5353') +setLocal('127.0.0.1') +addLocal('::1') +addLocal('{{ batman_ipv4 | ipaddr('address') }}') +addLocal('{{ batman_ipv6 | ipaddr('address') }}') -newServer({address='127.0.0.1', qps=1, name='localhost'}) +newServer({address='127.0.0.1:5353', qps=1, name='localhost'}) addTLSLocal('{{ batman_ipv4 | ipaddr('address') }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') addTLSLocal('{{ batman_ipv6 | ipaddr('address') }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') diff --git a/roles/dns_split/templates/recursor.conf.j2 b/roles/dns_split/templates/recursor.conf.j2 index 7cbf21f..b6b20e0 100644 --- a/roles/dns_split/templates/recursor.conf.j2 +++ b/roles/dns_split/templates/recursor.conf.j2 @@ -25,12 +25,12 @@ forward-zones=ffrgb=127.0.0.1:5300,90.10.in-addr.arpa=127.0.0.1:5300 ################################# # local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports. # -local-address=127.0.0.1,{{ batman_ipv4 | ipaddr('address') }},{{ batman_ipv6 | ipaddr('address') }} +local-address=127.0.0.1 ################################# # local-port port to listen on # -local-port=53 +local-port=5353 ################################# # query-local-address6 Send out local IPv6 queries from this address or addresses. Disabled by default, which also disables outgoing