crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bind-recursive] boum boum

main
_shirenn 2022-11-29 13:46:01 +01:00
parent e083e995d4
commit 9d161f18e6
9 changed files with 0 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plays/dns-recursive.yml
View File

@ -1,6 +0,0 @@
#!/usr/bin/env ansible-playbook
---
# Deploy recursive DNS cache server
- hosts: dns_recursive
roles:
- bind-recursive

5
roles/bind-recursive/handlers/main.yml
View File

@ -1,5 +0,0 @@
---
- name: Reload bind9
systemd:
name: bind9
state: reloaded

22
roles/bind-recursive/tasks/main.yml
View File

@ -1,22 +0,0 @@
---
- name: Install Bind9
apt:
update_cache: true
name: bind9
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Deploy Bind9 configuration
template:
src: bind/{{ item }}.j2
dest: /etc/bind/{{ item }}
mode: 0644
loop:
- named.conf
- named.conf.acl
# - named.conf.options
- named.conf.local
- named.conf.default-zones
- db.infra
notify: Reload bind9

24
roles/bind-recursive/templates/bind/db.infra.j2
View File

@ -1,24 +0,0 @@
{{ ansible_header | comment(decoration='; ') }}
$TTL 0
@ IN SOA silice.crans.org root.crans.org (
0 ; serial
3600 ; refresh (1hr)
1800 ; retry (30mn)
604800 ; expire (7dy)
0 ; TTL (0s)
)
@ IN NS passerelle.infra.crans.org
passerelle.infra.crans.org IN A {{ (query('ldap', 'ip', 'passerelle', 'infra') | ansible.utils.ipv4)[0] }}
* IN CNAME crans.org
*.org IN CNAME crans.org
*.fr IN CNAME crans.org
*.com IN CNAME crans.org
intranet.crans.org IN A 172.16.32.156 ; (query('ldap', 'ip', 'intranet', 'infra') | ansible.utils.ipv4)[0]
intranet.infra.crans.org IN A 172.16.32.156
unifi.infra.crans.org IN A {{ (query('ldap', 'ip', 'unifi', 'infra') | ansible.utils.ipv4)[0] }}

31
roles/bind-recursive/templates/bind/named.conf.acl.j2
View File

@ -1,31 +0,0 @@
{{ ansible_header | comment(decoration='// ') }}
acl "srv" {
{{ query('ldap', 'network', 'srv') }};
2a0c:700:{{ query('ldap', 'vlanid', 'srv') }}::/48;
};
acl "srv-nat" {
{{ query('ldap', 'network', 'srv-nat') }};
2a0c:700:{{ query('ldap', 'vlanid', 'srv-nat') }}::/48;
};
acl "adm" {
{{ query('ldap', 'network', 'adm') }};
fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64;
};
acl "infra" {
{{ query('ldap', 'network', 'infra') }};
fd00:0:0:{{ query('ldap', 'vlanid', 'infra') }}::/64;
};
acl "adh" {
{{ query('ldap', 'network', 'adh') }};
2a0c:700:{{ query('ldap', 'vlanid', 'adh') }}::/48;
};
acl "adh-nat" {
{{ query('ldap', 'network', 'adh-nat') }};
2a0c:700:{{ query('ldap', 'vlanid', 'adh-nat') }}::/48;
};

34
roles/bind-recursive/templates/bind/named.conf.default-zones.j2
View File

@ -1,34 +0,0 @@
{{ ansible_header | comment(decoration='// ') }}
view "default" {
match-clients { any; };
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
};

14
roles/bind-recursive/templates/bind/named.conf.j2
View File

@ -1,14 +0,0 @@
{{ ansible_header | comment(decoration='// ') }}
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.acl";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

15
roles/bind-recursive/templates/bind/named.conf.local.j2
View File

@ -1,15 +0,0 @@
{{ ansible_header | comment(decoration='// ') }}
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
view "infra" {
match-clients { infra; };
recursion no;
zone "." {
type master;
file "/etc/bind/db.infra";
};
};

26
roles/bind-recursive/templates/bind/named.conf.options.j2
View File

@ -1,26 +0,0 @@
{{ ansible_header | comment(decoration='// ') }}
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};