forked from FF-RGB/ansible
Add dns role (resolver only for now)
This commit is contained in:
parent
5d09fc43a8
commit
578e8ee510
@ -1,3 +1,6 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
batman_ipv4:
|
||||||
|
address: 10.90.0.11
|
||||||
|
|
||||||
site_code: ffrgb_stadt
|
site_code: ffrgb_stadt
|
||||||
|
@ -1,3 +1,6 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
batman_ipv4:
|
||||||
|
address: 10.90.32.21
|
||||||
|
|
||||||
site_code: ffrgb_umland
|
site_code: ffrgb_umland
|
||||||
|
@ -1,3 +1,6 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
batman_ipv4:
|
||||||
|
address: 10.90.192.31
|
||||||
|
|
||||||
site_code: ffrgb_test
|
site_code: ffrgb_test
|
||||||
|
7
roles/dns/handlers/main.yml
Normal file
7
roles/dns/handlers/main.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Restart powerdns
|
||||||
|
service: name={{ item }} state=restarted
|
||||||
|
with_items:
|
||||||
|
# - pdns
|
||||||
|
- pdns-recursor
|
24
roles/dns/tasks/main.yml
Normal file
24
roles/dns/tasks/main.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Enable backports
|
||||||
|
apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present
|
||||||
|
|
||||||
|
- name: Install powerdns
|
||||||
|
apt: name={{item}} default_release=jessie-backports state=latest
|
||||||
|
with_items:
|
||||||
|
# - pdns-server
|
||||||
|
- pdns-recursor
|
||||||
|
|
||||||
|
- name: Configure powerdns
|
||||||
|
template: src={{item}}.j2 dest=/etc/powerdns/{{item}}
|
||||||
|
tags: dns
|
||||||
|
notify: Restart powerdns
|
||||||
|
with_items:
|
||||||
|
# - pdns.conf
|
||||||
|
- recursor.conf
|
||||||
|
|
||||||
|
- name: Start the powerdns services
|
||||||
|
service: name={{item}} state=started enabled=yes
|
||||||
|
with_items:
|
||||||
|
# - pdns
|
||||||
|
- pdns-recursor
|
40
roles/dns/templates/recursor.conf.j2
Normal file
40
roles/dns/templates/recursor.conf.j2
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
#################################
|
||||||
|
# allow-from If set, only allow these comma separated netmasks to recurse
|
||||||
|
#
|
||||||
|
#allow-from=127.0.0.0/8
|
||||||
|
|
||||||
|
#################################
|
||||||
|
# daemon Operate as a daemon
|
||||||
|
#
|
||||||
|
daemon=yes
|
||||||
|
|
||||||
|
#################################
|
||||||
|
# dnssec DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
|
||||||
|
#
|
||||||
|
# dnssec=process-no-validate
|
||||||
|
dnssec=off
|
||||||
|
|
||||||
|
#################################
|
||||||
|
# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
|
||||||
|
#
|
||||||
|
local-address=127.0.0.1,{{ batman_ipv4.address }}
|
||||||
|
|
||||||
|
#################################
|
||||||
|
# local-port port to listen on
|
||||||
|
#
|
||||||
|
local-port=53
|
||||||
|
|
||||||
|
#################################
|
||||||
|
# quiet Suppress logging of questions and answers
|
||||||
|
#
|
||||||
|
quiet=on
|
||||||
|
|
||||||
|
#################################
|
||||||
|
# setgid If set, change group id to this gid for more security
|
||||||
|
#
|
||||||
|
setgid=pdns
|
||||||
|
|
||||||
|
#################################
|
||||||
|
# setuid If set, change user id to this uid for more security
|
||||||
|
#
|
||||||
|
setuid=pdns
|
Loading…
Reference in New Issue
Block a user