dns: serve ffrgb zone towards mesh

roles/dns/tasks/main.yml

@@ -3,19 +3,25 @@
 - name: Install powerdns
   apt: name={{ item }}
   with_items:
-  # - pdns-server
+   - pdns-backend-bind
    - pdns-recursor
+   - pdns-server
+
+- name: Create zone directory
+  file: path=/etc/powerdns/bind/ state=directory
 
 - name: Configure powerdns
   template: src={{ item }}.j2 dest=/etc/powerdns/{{ item }}
   tags: dns
   notify: Restart powerdns
   with_items:
-  # - pdns.conf
+   - bind/ffrgb.zone
+   - bindbackend.conf
+   - pdns.conf
    - recursor.conf
 
 - name: Start the powerdns services
   service: name={{ item }} state=started enabled=yes
   with_items:
-  # - pdns
+   - pdns
    - pdns-recursor

roles/dns/templates/bind/ffrgb.zone.j2

@@ -0,0 +1,14 @@
+$ORIGIN ffrgb			; base for unqualified names
+$TTL 1h				; default time-to-live
+@				IN	      SOA ns.ffrgb. hostmaster.ffrgb. (
+					2018011701; serial
+					1d; refresh
+					2h; retry
+					4w; expire
+					1h; minimum time-to-live
+				)
+				IN	NS	ns.ffrgb.
+; Services
+1.ntp.services				IN	AAAA	{{ batman_ipv6 | ipaddr('address') }}
+2.ntp.services				IN	AAAA	{{ batman_ipv6 | ipaddr('address') }}
+fw.services				IN	AAAA	{{ batman_ipv6 | ipaddr('address') }}

roles/dns/templates/bindbackend.conf.j2

@@ -0,0 +1,5 @@
+zone "ffrgb" {
+	type master;
+	file "/etc/powerdns/bind/ffrgb.zone";
+	allow-update { none; };
+};

roles/dns/templates/pdns.conf.j2

@@ -0,0 +1,46 @@
+# {{ ansible_managed }}
+
+#################################
+# launch        Which backends to launch and order to query them in
+#
+# launch=
+launch=bind
+
+#################################
+# local-address Local IP addresses to which we bind
+#
+# local-address=0.0.0.0
+local-address=127.0.0.1
+
+#################################
+# local-ipv6    Local IP address to which we bind
+#
+# local-ipv6=::
+local-ipv6=
+
+#################################
+# local-port    The port on which we listen
+#
+# local-port=53
+local-port=5300
+
+#################################
+# security-poll-suffix  Domain name from which to query security update notifications
+#
+# security-poll-suffix=secpoll.powerdns.com.
+security-poll-suffix=
+
+#################################
+# setgid        If set, change group id to this gid for more security
+#
+setgid=pdns
+
+#################################
+# setuid        If set, change user id to this uid for more security
+#
+setuid=pdns
+
+#################################
+# bind-config   Location of the Bind configuration file to parse.
+#
+bind-config=/etc/powerdns/bindbackend.conf

roles/dns/templates/recursor.conf.j2

@@ -6,9 +6,9 @@
 #allow-from=127.0.0.0/8
 
 #################################
-# daemon        Operate as a daemon
+# config-dir    Location of configuration directory (recursor.conf)
 #
-daemon=yes
+config-dir=/etc/powerdns
 
 #################################
 # dnssec        DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
@@ -16,6 +16,12 @@ daemon=yes
 # dnssec=process-no-validate
 dnssec=off
 
+#################################
+# forward-zones Zones for which we forward queries, comma separated domain=ip pairs
+#
+# forward-zones=
+forward-zones=ffrgb=127.0.0.1:5300
+
 #################################
 # local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
 #
@@ -29,7 +35,13 @@ local-port=53
 #################################
 # quiet Suppress logging of questions and answers
 #
-quiet=on
+quiet=yes
+
+#################################
+# security-poll-suffix  Domain name from which to query security update notifications
+#
+# security-poll-suffix=secpoll.powerdns.com.
+security-poll-suffix=
 
 #################################
 # setgid        If set, change group id to this gid for more security