forked from infra/ansible
Add dns-server role
This commit is contained in:
parent
21aefb8633
commit
4bad44c464
7
roles/dns/handlers/main.yml
Normal file
7
roles/dns/handlers/main.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
|
||||
- name: Restart powerdns
|
||||
service: name={{item}} state=restarted
|
||||
with_items:
|
||||
- pdns
|
||||
- pdns-recursor
|
33
roles/dns/tasks/main.yml
Normal file
33
roles/dns/tasks/main.yml
Normal file
@ -0,0 +1,33 @@
|
||||
---
|
||||
|
||||
- name: Enable backports
|
||||
apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present
|
||||
|
||||
- name: Install powerdns
|
||||
apt: name={{item}} default_release=jessie-backports state=latest
|
||||
tags: dns
|
||||
with_items:
|
||||
- pdns-server
|
||||
- pdns-recursor
|
||||
|
||||
- name: Create zone directory
|
||||
file: path=/etc/powerdns/bind/ state=directory
|
||||
tags: dns
|
||||
|
||||
- name: Configure powerdns
|
||||
template: src={{item}}.j2 dest=/etc/powerdns/{{item}}
|
||||
tags: dns
|
||||
notify: Restart powerdns
|
||||
with_items:
|
||||
- pdns.conf
|
||||
- recursor.conf
|
||||
- bindbackend.conf
|
||||
- bind/23.172.in-addr.arpa.zone
|
||||
- bind/binary.kitchen.zone
|
||||
|
||||
- name: Start the powerdns services
|
||||
service: name={{item}} state=started enabled=yes
|
||||
tags: dns
|
||||
with_items:
|
||||
- pdns
|
||||
- pdns-recursor
|
52
roles/dns/templates/bind/23.172.in-addr.arpa.zone.j2
Normal file
52
roles/dns/templates/bind/23.172.in-addr.arpa.zone.j2
Normal file
@ -0,0 +1,52 @@
|
||||
$ORIGIN 23.172.in-addr.arpa. ; base for unqualified names
|
||||
$TTL 1h ; default time-to-live
|
||||
@ IN SOA ns.binary.kitchen. hostmaster.binary.kitchen. (
|
||||
2016123001; serial
|
||||
1d; refresh
|
||||
2h; retry
|
||||
4w; expire
|
||||
1h; minimum time-to-live
|
||||
)
|
||||
IN NS ns.binary.kitchen.
|
||||
; Management
|
||||
11.1 IN PTR apcusv.binary.kitchen.
|
||||
41.1 IN PTR ap01.binary.kitchen.
|
||||
42.1 IN PTR ap02.binary.kitchen.
|
||||
61.1 IN PTR kraut.binary.kitchen.
|
||||
81.1 IN PTR kraut-bmc.binary.kitchen.
|
||||
254.1 IN PTR v2301.core.binary.kitchen.
|
||||
; Services
|
||||
1.2 IN PTR aveta.binary.kitchen.
|
||||
2.2 IN PTR salat.binary.kitchen.
|
||||
4.2 IN PTR sulis.binary.kitchen.
|
||||
6.2 IN PTR nabia.binary.kitchen.
|
||||
7.2 IN PTR taranis.binary.kitchen.
|
||||
11.2 IN PTR homer.binary.kitchen.
|
||||
12.2 IN PTR lock.binary.kitchen.
|
||||
13.2 IN PTR matrix.binary.kitchen.
|
||||
35.2 IN PTR sushi.binary.kitchen.
|
||||
44.2 IN PTR cashdesk.binary.kitchen.
|
||||
60.2 IN PTR punsch.binary.kitchen.
|
||||
91.2 IN PTR spiegelei.binary.kitchen.
|
||||
254.2 IN PTR v2302.core.binary.kitchen.
|
||||
; Members
|
||||
$GENERATE 1-240 $.3 IN PTR dhcp-${0,3,d}-03.binary.kitchen.
|
||||
254.3 IN PTR v2303.core.binary.kitchen.
|
||||
; Guests
|
||||
$GENERATE 1-240 $.4 IN PTR dhcp-${0,3,d}-04.binary.kitchen.
|
||||
254.4 IN PTR v2304.core.binary.kitchen.
|
||||
; Management RZ
|
||||
61.8 IN PTR ruben.binary.kitchen.
|
||||
81.8 IN PTR ruben-bmc.binary.kitchen.
|
||||
254.8 IN PTR switch0.erx-rz.binary.kitchen.
|
||||
; VPN RZ
|
||||
1.10 IN PTR vtun0.erx-rz.binary.kitchen.
|
||||
$GENERATE 2-254 $.10 IN PTR vpn-${0,3,d}-10.binary.kitchen.
|
||||
; Point-to-Point
|
||||
1.96 IN PTR v4000.rtr1.binary.kitchen.
|
||||
2.96 IN PTR gi-1-0-48.core.binary.kitchen.
|
||||
; Loopback
|
||||
1.99 IN PTR core.binary.kitchen.
|
||||
2.99 IN PTR rtr1.binary.kitchen.
|
||||
3.99 IN PTR erx-bk.binary.kitchen.
|
||||
4.99 IN PTR erx-rz.binary.kitchen.
|
69
roles/dns/templates/bind/binary.kitchen.zone.j2
Normal file
69
roles/dns/templates/bind/binary.kitchen.zone.j2
Normal file
@ -0,0 +1,69 @@
|
||||
$ORIGIN binary.kitchen ; base for unqualified names
|
||||
$TTL 1h ; default time-to-live
|
||||
@ IN SOA ns.binary.kitchen. hostmaster.binary.kitchen. (
|
||||
2016123001; serial
|
||||
1d; refresh
|
||||
2h; retry
|
||||
4w; expire
|
||||
1h; minimum time-to-live
|
||||
)
|
||||
IN NS ns.binary.kitchen.
|
||||
; External
|
||||
IN A 213.166.246.4
|
||||
www IN A 213.166.246.4
|
||||
; Freifunk
|
||||
xsffr1 IN A 10.90.224.11
|
||||
xsffr2 IN A 10.90.224.12
|
||||
xsffr1-bmc IN A 10.90.224.21
|
||||
xsffr2-bmc IN A 10.90.224.22
|
||||
confluence IN A 185.53.218.134
|
||||
; Aliases
|
||||
ldap IN A 172.23.2.1
|
||||
ldap IN A 172.23.2.2
|
||||
ldap IN A 213.166.246.2
|
||||
ldap1 IN A 172.23.2.1
|
||||
ldap2 IN A 172.23.2.2
|
||||
ldapm IN A 213.166.246.2
|
||||
librenms IN A 172.23.2.6
|
||||
racktables IN A 172.23.2.6
|
||||
; Management
|
||||
apcusv IN A 172.23.1.11
|
||||
ap01 IN A 172.23.1.41
|
||||
ap02 IN A 172.23.1.42
|
||||
kraut IN A 172.23.1.61
|
||||
kraut-bmc IN A 172.23.1.81
|
||||
v2301.core IN A 172.23.1.254
|
||||
; Services
|
||||
aveta IN A 172.23.2.1
|
||||
salat IN A 172.23.2.2
|
||||
sulis IN A 172.23.2.4
|
||||
nabia IN A 172.23.2.6
|
||||
taranis IN A 172.23.2.7
|
||||
homer IN A 172.23.2.11
|
||||
lock IN A 172.23.2.12
|
||||
matrix IN A 172.23.2.13
|
||||
sushi IN A 172.23.2.35
|
||||
cashdesk IN A 172.23.2.44
|
||||
punsch IN A 172.23.2.60
|
||||
spiegelei IN A 172.23.2.91
|
||||
v2302.core IN A 172.23.2.254
|
||||
; Members
|
||||
$GENERATE 1-240 dhcp-${0,3,d}-03 IN A 172.23.3.$
|
||||
v2303.core IN A 172.23.3.254
|
||||
; Guests
|
||||
$GENERATE 1-240 dhcp-${0,3,d}-04 IN A 172.23.4.$
|
||||
v2304.core IN A 172.23.4.254
|
||||
; Management RZ
|
||||
ruben IN A 172.23.8.61
|
||||
ruben-bmc IN A 172.23.8.81
|
||||
switch0.erx-rz IN A 172.23.8.254
|
||||
; VPN RZ
|
||||
$GENERATE 2-254 vpn-${0,3,d}-10 IN A 172.23.10.$
|
||||
; Point-to-Point
|
||||
v4000.rtr1 IN A 172.23.96.1
|
||||
gi-1-0-48.core IN A 172.23.96.2
|
||||
; Loopback
|
||||
core IN A 172.23.99.1
|
||||
rtr1 IN A 172.23.99.2
|
||||
erx-bk IN A 172.23.99.3
|
||||
erx-rz IN A 172.23.99.4
|
11
roles/dns/templates/bindbackend.conf.j2
Normal file
11
roles/dns/templates/bindbackend.conf.j2
Normal file
@ -0,0 +1,11 @@
|
||||
zone "23.172.in-addr.arpa" {
|
||||
type master;
|
||||
file "/etc/powerdns/bind/23.172.in-addr.arpa.zone";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "binary.kitchen" {
|
||||
type master;
|
||||
file "/etc/powerdns/bind/binary.kitchen.zone";
|
||||
allow-update { none; };
|
||||
};
|
34
roles/dns/templates/pdns.conf.j2
Normal file
34
roles/dns/templates/pdns.conf.j2
Normal file
@ -0,0 +1,34 @@
|
||||
#################################
|
||||
# allow-recursion List of subnets that are allowed to recurse
|
||||
#
|
||||
allow-recursion=127.0.0.1,172.23.0.0/16
|
||||
|
||||
#################################
|
||||
# daemon Operate as a daemon
|
||||
#
|
||||
daemon=yes
|
||||
|
||||
#################################
|
||||
# launch Which backends to launch and order to query them in
|
||||
#
|
||||
launch=bind
|
||||
|
||||
#################################
|
||||
# recursor If recursion is desired, IP address of a recursing nameserver
|
||||
#
|
||||
recursor=127.0.0.1:5300
|
||||
|
||||
#################################
|
||||
# setgid If set, change group id to this gid for more security
|
||||
#
|
||||
setgid=pdns
|
||||
|
||||
#################################
|
||||
# setuid If set, change user id to this uid for more security
|
||||
#
|
||||
setuid=pdns
|
||||
|
||||
#################################
|
||||
# bind-config Location of the Bind configuration file to parse.
|
||||
#
|
||||
bind-config=/etc/powerdns/bindbackend.conf
|
34
roles/dns/templates/recursor.conf.j2
Normal file
34
roles/dns/templates/recursor.conf.j2
Normal file
@ -0,0 +1,34 @@
|
||||
#################################
|
||||
# allow-from If set, only allow these comma separated netmasks to recurse
|
||||
#
|
||||
allow-from=127.0.0.0/8
|
||||
|
||||
#################################
|
||||
# daemon Operate as a daemon
|
||||
#
|
||||
daemon=yes
|
||||
|
||||
#################################
|
||||
# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
|
||||
#
|
||||
local-address=127.0.0.1
|
||||
|
||||
#################################
|
||||
# local-port port to listen on
|
||||
#
|
||||
local-port=5300
|
||||
|
||||
#################################
|
||||
# quiet Suppress logging of questions and answers
|
||||
#
|
||||
quiet=on
|
||||
|
||||
#################################
|
||||
# setgid If set, change group id to this gid for more security
|
||||
#
|
||||
setgid=pdns
|
||||
|
||||
#################################
|
||||
# setuid If set, change user id to this uid for more security
|
||||
#
|
||||
setuid=pdns
|
Loading…
Reference in New Issue
Block a user