dns: also offer DoT

This commit is contained in:
Markus 2020-11-04 23:16:27 +01:00
parent 1464ef73cb
commit f6c4f927f4
3 changed files with 22 additions and 2 deletions

View File

@ -5,3 +5,6 @@
with_items: with_items:
- pdns - pdns
- pdns-recursor - pdns-recursor
- name: Restart dnsdist
service: name=dnsdist state=restarted

View File

@ -3,6 +3,7 @@
- name: Install powerdns - name: Install powerdns
apt: apt:
name: name:
- dnsdist
- pdns-backend-bind - pdns-backend-bind
- pdns-recursor - pdns-recursor
- pdns-server - pdns-server
@ -12,7 +13,6 @@
- name: Configure powerdns - name: Configure powerdns
template: src={{ item }}.j2 dest=/etc/powerdns/{{ item }} template: src={{ item }}.j2 dest=/etc/powerdns/{{ item }}
tags: dns
notify: Restart powerdns notify: Restart powerdns
with_items: with_items:
- bind/ffrgb.zone - bind/ffrgb.zone
@ -21,8 +21,13 @@
- pdns.conf - pdns.conf
- recursor.conf - recursor.conf
- name: Start the powerdns services - name: Configure dnsdist
template: src=dnsdist.conf.j2 dest=/etc/dnsdist/dnsdist.conf
notify: Restart dnsdist
- name: Start the dns services
service: name={{ item }} state=started enabled=yes service: name={{ item }} state=started enabled=yes
with_items: with_items:
- dnsdist
- pdns - pdns
- pdns-recursor - pdns-recursor

View File

@ -0,0 +1,12 @@
-- {{ ansible_managed }}
setLocal('127.0.0.1:5353')
newServer({address="127.0.0.1", qps=1, name="localhost"})
addTLSLocal('127.0.0.1','/etc/nginx/ssl/{{ ansible_fqdn }}.crt', '/etc/nginx/ssl/{{ ansible_fqdn }}.key')
addTLSLocal('{{ batman_ipv4 | ipaddr('address') }}','/etc/nginx/ssl/{{ ansible_fqdn }}.crt', '/etc/nginx/ssl/{{ ansible_fqdn }}.key')
addTLSLocal('{{ batman_ipv6 | ipaddr('address') }}','/etc/nginx/ssl/{{ ansible_fqdn }}.crt', '/etc/nginx/ssl/{{ ansible_fqdn }}.key')
-- disable security status polling via DNS
setSecurityPollSuffix("")