From 2d1f3c568d266343fe7fb1e7b76faefdc79aaa8d Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Thu, 18 Jan 2018 12:47:56 +0100 Subject: [PATCH] dns: serve ffrgb zone towards mesh --- roles/dns/tasks/main.yml | 12 +++++-- roles/dns/templates/bind/ffrgb.zone.j2 | 14 ++++++++ roles/dns/templates/bindbackend.conf.j2 | 5 +++ roles/dns/templates/pdns.conf.j2 | 46 +++++++++++++++++++++++++ roles/dns/templates/recursor.conf.j2 | 18 ++++++++-- 5 files changed, 89 insertions(+), 6 deletions(-) create mode 100644 roles/dns/templates/bind/ffrgb.zone.j2 create mode 100644 roles/dns/templates/bindbackend.conf.j2 create mode 100644 roles/dns/templates/pdns.conf.j2 diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index 4f28942..1d6eca3 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -3,19 +3,25 @@ - name: Install powerdns apt: name={{ item }} with_items: - # - pdns-server + - pdns-backend-bind - pdns-recursor + - pdns-server + +- name: Create zone directory + file: path=/etc/powerdns/bind/ state=directory - name: Configure powerdns template: src={{ item }}.j2 dest=/etc/powerdns/{{ item }} tags: dns notify: Restart powerdns with_items: - # - pdns.conf + - bind/ffrgb.zone + - bindbackend.conf + - pdns.conf - recursor.conf - name: Start the powerdns services service: name={{ item }} state=started enabled=yes with_items: - # - pdns + - pdns - pdns-recursor diff --git a/roles/dns/templates/bind/ffrgb.zone.j2 b/roles/dns/templates/bind/ffrgb.zone.j2 new file mode 100644 index 0000000..a2c4c7d --- /dev/null +++ b/roles/dns/templates/bind/ffrgb.zone.j2 @@ -0,0 +1,14 @@ +$ORIGIN ffrgb ; base for unqualified names +$TTL 1h ; default time-to-live +@ IN SOA ns.ffrgb. hostmaster.ffrgb. ( + 2018011701; serial + 1d; refresh + 2h; retry + 4w; expire + 1h; minimum time-to-live + ) + IN NS ns.ffrgb. +; Services +1.ntp.services IN AAAA {{ batman_ipv6 | ipaddr('address') }} +2.ntp.services IN AAAA {{ batman_ipv6 | ipaddr('address') }} +fw.services IN AAAA {{ batman_ipv6 | ipaddr('address') }} diff --git a/roles/dns/templates/bindbackend.conf.j2 b/roles/dns/templates/bindbackend.conf.j2 new file mode 100644 index 0000000..f7d0bfe --- /dev/null +++ b/roles/dns/templates/bindbackend.conf.j2 @@ -0,0 +1,5 @@ +zone "ffrgb" { + type master; + file "/etc/powerdns/bind/ffrgb.zone"; + allow-update { none; }; +}; diff --git a/roles/dns/templates/pdns.conf.j2 b/roles/dns/templates/pdns.conf.j2 new file mode 100644 index 0000000..f792402 --- /dev/null +++ b/roles/dns/templates/pdns.conf.j2 @@ -0,0 +1,46 @@ +# {{ ansible_managed }} + +################################# +# launch Which backends to launch and order to query them in +# +# launch= +launch=bind + +################################# +# local-address Local IP addresses to which we bind +# +# local-address=0.0.0.0 +local-address=127.0.0.1 + +################################# +# local-ipv6 Local IP address to which we bind +# +# local-ipv6=:: +local-ipv6= + +################################# +# local-port The port on which we listen +# +# local-port=53 +local-port=5300 + +################################# +# security-poll-suffix Domain name from which to query security update notifications +# +# security-poll-suffix=secpoll.powerdns.com. +security-poll-suffix= + +################################# +# setgid If set, change group id to this gid for more security +# +setgid=pdns + +################################# +# setuid If set, change user id to this uid for more security +# +setuid=pdns + +################################# +# bind-config Location of the Bind configuration file to parse. +# +bind-config=/etc/powerdns/bindbackend.conf diff --git a/roles/dns/templates/recursor.conf.j2 b/roles/dns/templates/recursor.conf.j2 index 63eb3de..c9447c3 100644 --- a/roles/dns/templates/recursor.conf.j2 +++ b/roles/dns/templates/recursor.conf.j2 @@ -6,9 +6,9 @@ #allow-from=127.0.0.0/8 ################################# -# daemon Operate as a daemon +# config-dir Location of configuration directory (recursor.conf) # -daemon=yes +config-dir=/etc/powerdns ################################# # dnssec DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate @@ -16,6 +16,12 @@ daemon=yes # dnssec=process-no-validate dnssec=off +################################# +# forward-zones Zones for which we forward queries, comma separated domain=ip pairs +# +# forward-zones= +forward-zones=ffrgb=127.0.0.1:5300 + ################################# # local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports. # @@ -29,7 +35,13 @@ local-port=53 ################################# # quiet Suppress logging of questions and answers # -quiet=on +quiet=yes + +################################# +# security-poll-suffix Domain name from which to query security update notifications +# +# security-poll-suffix=secpoll.powerdns.com. +security-poll-suffix= ################################# # setgid If set, change group id to this gid for more security