dns: also offer DoT
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Markus 2020-11-04 23:16:27 +01:00
parent 1464ef73cb
commit f6c4f927f4
3 changed files with 22 additions and 2 deletions

View File

@ -5,3 +5,6 @@
with_items:
- pdns
- pdns-recursor
- name: Restart dnsdist
service: name=dnsdist state=restarted

View File

@ -3,6 +3,7 @@
- name: Install powerdns
apt:
name:
- dnsdist
- pdns-backend-bind
- pdns-recursor
- pdns-server
@ -12,7 +13,6 @@
- name: Configure powerdns
template: src={{ item }}.j2 dest=/etc/powerdns/{{ item }}
tags: dns
notify: Restart powerdns
with_items:
- bind/ffrgb.zone
@ -21,8 +21,13 @@
- pdns.conf
- recursor.conf
- name: Start the powerdns services
- name: Configure dnsdist
template: src=dnsdist.conf.j2 dest=/etc/dnsdist/dnsdist.conf
notify: Restart dnsdist
- name: Start the dns services
service: name={{ item }} state=started enabled=yes
with_items:
- dnsdist
- pdns
- pdns-recursor

View File

@ -0,0 +1,12 @@
-- {{ ansible_managed }}
setLocal('127.0.0.1:5353')
newServer({address="127.0.0.1", qps=1, name="localhost"})
addTLSLocal('127.0.0.1','/etc/nginx/ssl/{{ ansible_fqdn }}.crt', '/etc/nginx/ssl/{{ ansible_fqdn }}.key')
addTLSLocal('{{ batman_ipv4 | ipaddr('address') }}','/etc/nginx/ssl/{{ ansible_fqdn }}.crt', '/etc/nginx/ssl/{{ ansible_fqdn }}.key')
addTLSLocal('{{ batman_ipv6 | ipaddr('address') }}','/etc/nginx/ssl/{{ ansible_fqdn }}.crt', '/etc/nginx/ssl/{{ ansible_fqdn }}.key')
-- disable security status polling via DNS
setSecurityPollSuffix("")