dns-intern: use future-proof pdns config

2019-10-14 18:34:43 +02:00 · 2019-10-14 18:34:43 +02:00 · 91d95b190c
commit 91d95b190c
parent 986392237c
2 changed files with 37 additions and 16 deletions
--- a/roles/dns-intern/templates/pdns.conf.j2
+++ b/roles/dns-intern/templates/pdns.conf.j2
@ -1,22 +1,28 @@
-#################################
+# {{ ansible_managed }}
 # allow-recursion       List of subnets that are allowed to recurse
 #
 allow-recursion=127.0.0.1,172.23.0.0/16
 #################################
 # daemon        Operate as a daemon
 #
 daemon=yes
 #################################
 # launch        Which backends to launch and order to query them in
 #
 # launch=
 launch=bind
 #################################
-# recursor      If recursion is desired, IP address of a recursing nameserver
+# local-address Local IP addresses to which we bind
 #
-recursor=127.0.0.1:5300
+# local-address=0.0.0.0
 local-address=127.0.0.1
 #################################
 # local-ipv6    Local IP address to which we bind
 #
 # local-ipv6=::
 local-ipv6=
 #################################
 # local-port    The port on which we listen
 #
 # local-port=53
 local-port=5300
 #################################
 # security-poll-suffix  Domain name from which to query security update notifications
--- a/roles/dns-intern/templates/recursor.conf.j2
+++ b/roles/dns-intern/templates/recursor.conf.j2
@ -1,12 +1,14 @@
 # {{ ansible_managed }}
 #################################
 # allow-from    If set, only allow these comma separated netmasks to recurse
 #
-allow-from=127.0.0.0/8
+#allow-from=127.0.0.0/8
 #################################
-# daemon        Operate as a daemon
+# config-dir    Location of configuration directory (recursor.conf)
 #
-daemon=yes
+config-dir=/etc/powerdns
 #################################
 # dnssec        DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
@ -14,15 +16,28 @@ daemon=yes
 # dnssec=process-no-validate
 dnssec=off
 #################################
 # forward-zones Zones for which we forward queries, comma separated domain=ip pairs
 #
 # forward-zones=
 forward-zones=binary.kitchen=127.0.0.1:5300,23.172.in-addr.arpa=127.0.0.1:5300
 #################################
 # local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
 #
-local-address=127.0.0.1
+local-address=127.0.0.1,{{ ansible_default_ipv4.address }}
 #################################
 # local-port    port to listen on
 #
-local-port=5300
+local-port=53
 #################################
 # query-local-address6 Send out local IPv6 queries from this address or addresses. Disabled by default, which also disables outgoing
 #
 {% if global_ipv6 is defined %}
 query-local-address6={{ global_ipv6 | ipaddr('address') }}
 {% endif %}
 #################################
 # quiet Suppress logging of questions and answers