infra
/
ansible
4
5
Fork 5
Code Issues 6 Pull Requests Activity

dns-intern: use future-proof pdns config

This commit is contained in:
Markus 2019-10-14 18:34:43 +02:00
parent 986392237c
commit 91d95b190c
2 changed files with 37 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
roles/dns-intern/templates/pdns.conf.j2
View File

@ -1,22 +1,28 @@
################################# # {{ ansible_managed }}
# allow-recursion List of subnets that are allowed to recurse
#
allow-recursion=127.0.0.1,172.23.0.0/16
#################################
# daemon Operate as a daemon
#
daemon=yes
################################# #################################
# launch Which backends to launch and order to query them in # launch Which backends to launch and order to query them in
# #
# launch=
launch=bind launch=bind
################################# #################################
# recursor If recursion is desired, IP address of a recursing nameserver # local-address Local IP addresses to which we bind
# #
recursor=127.0.0.1:5300 # local-address=0.0.0.0
local-address=127.0.0.1
#################################
# local-ipv6 Local IP address to which we bind
#
# local-ipv6=::
local-ipv6=
#################################
# local-port The port on which we listen
#
# local-port=53
local-port=5300
################################# #################################
# security-poll-suffix Domain name from which to query security update notifications # security-poll-suffix Domain name from which to query security update notifications

25
roles/dns-intern/templates/recursor.conf.j2
View File

@ -1,12 +1,14 @@
# {{ ansible_managed }}
################################# #################################
# allow-from If set, only allow these comma separated netmasks to recurse # allow-from If set, only allow these comma separated netmasks to recurse
# #
allow-from=127.0.0.0/8 #allow-from=127.0.0.0/8
################################# #################################
# daemon Operate as a daemon # config-dir Location of configuration directory (recursor.conf)
# #
daemon=yes config-dir=/etc/powerdns
################################# #################################
# dnssec DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate # dnssec DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
@ -14,15 +16,28 @@ daemon=yes
# dnssec=process-no-validate # dnssec=process-no-validate
dnssec=off dnssec=off
#################################
# forward-zones Zones for which we forward queries, comma separated domain=ip pairs
#
# forward-zones=
forward-zones=binary.kitchen=127.0.0.1:5300,23.172.in-addr.arpa=127.0.0.1:5300
################################# #################################
# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports. # local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
# #
local-address=127.0.0.1 local-address=127.0.0.1,{{ ansible_default_ipv4.address }}
################################# #################################
# local-port port to listen on # local-port port to listen on
# #
local-port=5300 local-port=53
#################################
# query-local-address6 Send out local IPv6 queries from this address or addresses. Disabled by default, which also disables outgoing
#
{% if global_ipv6 is defined %}
query-local-address6={{ global_ipv6 | ipaddr('address') }}
{% endif %}
################################# #################################
# quiet Suppress logging of questions and answers # quiet Suppress logging of questions and answers