Add dns role (resolver only for now)

host_vars/gw11.regensburg.freifunk.net

@@ -1,3 +1,6 @@
 ---
 
+batman_ipv4:
+  address: 10.90.0.11
+
 site_code: ffrgb_stadt

host_vars/gw21.regensburg.freifunk.net

@@ -1,3 +1,6 @@
 ---
 
+batman_ipv4:
+  address: 10.90.32.21
+
 site_code: ffrgb_umland

host_vars/gw31.regensburg.freifunk.net

@@ -1,3 +1,6 @@
 ---
 
+batman_ipv4:
+  address: 10.90.192.31
+
 site_code: ffrgb_test

roles/dns/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Restart powerdns
+  service: name={{ item }} state=restarted
+  with_items:
+  # - pdns
+   - pdns-recursor

roles/dns/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Enable backports
+  apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present
+
+- name: Install powerdns
+  apt: name={{item}} default_release=jessie-backports state=latest
+  with_items:
+  # - pdns-server
+   - pdns-recursor
+
+- name: Configure powerdns
+  template: src={{item}}.j2 dest=/etc/powerdns/{{item}}
+  tags: dns
+  notify: Restart powerdns
+  with_items:
+  # - pdns.conf
+   - recursor.conf
+
+- name: Start the powerdns services
+  service: name={{item}} state=started enabled=yes
+  with_items:
+  # - pdns
+   - pdns-recursor

roles/dns/templates/recursor.conf.j2

@@ -0,0 +1,40 @@
+#################################
+# allow-from    If set, only allow these comma separated netmasks to recurse
+#
+#allow-from=127.0.0.0/8
+
+#################################
+# daemon        Operate as a daemon
+#
+daemon=yes
+
+#################################
+# dnssec        DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
+#
+# dnssec=process-no-validate
+dnssec=off
+
+#################################
+# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
+#
+local-address=127.0.0.1,{{ batman_ipv4.address }}
+
+#################################
+# local-port    port to listen on
+#
+local-port=53
+
+#################################
+# quiet Suppress logging of questions and answers
+#
+quiet=on
+
+#################################
+# setgid        If set, change group id to this gid for more security
+#
+setgid=pdns
+
+#################################
+# setuid        If set, change user id to this uid for more security
+#
+setuid=pdns

site.yml

@@ -11,6 +11,7 @@
   hosts: gw31.regensburg.freifunk.net
   roles:
   - fastd
+  - dns
 
 - name: Setup confluence server
   hosts: confluence.regensburg.freifunk.net