[bind-recursive] boum boum

2022-11-29 13:46:01 +01:00 · 2022-11-29 13:46:01 +01:00 · 9d161f18e6
parent e083e995d4
commit 9d161f18e6
9 changed files with 0 additions and 177 deletions
--- a/plays/dns-recursive.yml
+++ b/plays/dns-recursive.yml
@ -1,6 +0,0 @@
-#!/usr/bin/env ansible-playbook
---
-# Deploy recursive DNS cache server
- hosts: dns_recursive
-  roles:
-    - bind-recursive
--- a/roles/bind-recursive/handlers/main.yml
+++ b/roles/bind-recursive/handlers/main.yml
@ -1,5 +0,0 @@
---
- name: Reload bind9
-  systemd:
-    name: bind9
-    state: reloaded
--- a/roles/bind-recursive/tasks/main.yml
+++ b/roles/bind-recursive/tasks/main.yml
@ -1,22 +0,0 @@
---
- name: Install Bind9
-  apt:
-    update_cache: true
-    name: bind9
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
- name: Deploy Bind9 configuration
-  template:
-    src: bind/{{ item }}.j2
-    dest: /etc/bind/{{ item }}
-    mode: 0644
-  loop:
-    - named.conf
-    - named.conf.acl
-    # - named.conf.options
-    - named.conf.local
-    - named.conf.default-zones
-    - db.infra
-  notify: Reload bind9
--- a/roles/bind-recursive/templates/bind/db.infra.j2
+++ b/roles/bind-recursive/templates/bind/db.infra.j2
@ -1,24 +0,0 @@
-{{ ansible_header | comment(decoration='; ') }}
-
-$TTL 0
-
-@ IN SOA silice.crans.org root.crans.org (
-	0 ; serial
-	3600 ; refresh (1hr)
-	1800 ; retry (30mn)
-	604800 ; expire (7dy)
-	0 ; TTL (0s)
-	)
-
-@ IN NS passerelle.infra.crans.org
-passerelle.infra.crans.org IN A {{ (query('ldap', 'ip', 'passerelle', 'infra') | ansible.utils.ipv4)[0] }}
-
-* IN CNAME crans.org
-*.org IN CNAME crans.org
-*.fr IN CNAME crans.org
-*.com IN CNAME crans.org
-
-intranet.crans.org IN A 172.16.32.156 ; (query('ldap', 'ip', 'intranet', 'infra') | ansible.utils.ipv4)[0]
-intranet.infra.crans.org IN A 172.16.32.156
-
-unifi.infra.crans.org IN A {{ (query('ldap', 'ip', 'unifi', 'infra') | ansible.utils.ipv4)[0] }}
--- a/roles/bind-recursive/templates/bind/named.conf.acl.j2
+++ b/roles/bind-recursive/templates/bind/named.conf.acl.j2
@ -1,31 +0,0 @@
-{{ ansible_header | comment(decoration='// ') }}
-
-acl "srv" {
-	{{ query('ldap', 'network', 'srv') }};
-	2a0c:700:{{ query('ldap', 'vlanid', 'srv') }}::/48;
-};
-
-acl "srv-nat" {
-	{{ query('ldap', 'network', 'srv-nat') }};
-	2a0c:700:{{ query('ldap', 'vlanid', 'srv-nat') }}::/48;
-};
-
-acl "adm" {
-	{{ query('ldap', 'network', 'adm') }};
-	fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64;
-};
-
-acl "infra" {
-	{{ query('ldap', 'network', 'infra') }};
-	fd00:0:0:{{ query('ldap', 'vlanid', 'infra') }}::/64;
-};
-
-acl "adh" {
-	{{ query('ldap', 'network', 'adh') }};
-	2a0c:700:{{ query('ldap', 'vlanid', 'adh') }}::/48;
-};
-
-acl "adh-nat" {
-	{{ query('ldap', 'network', 'adh-nat') }};
-	2a0c:700:{{ query('ldap', 'vlanid', 'adh-nat') }}::/48;
-};
--- a/roles/bind-recursive/templates/bind/named.conf.default-zones.j2
+++ b/roles/bind-recursive/templates/bind/named.conf.default-zones.j2
@ -1,34 +0,0 @@
-{{ ansible_header | comment(decoration='// ') }}
-
-view "default" {
-	match-clients { any; };
-
-	// prime the server with knowledge of the root servers
-	zone "." {
-		type hint;
-		file "/usr/share/dns/root.hints";
-	};
-
-	// be authoritative for the localhost forward and reverse zones, and for
-	// broadcast zones as per RFC 1912
-
-	zone "localhost" {
-		type master;
-		file "/etc/bind/db.local";
-	};
-
-	zone "127.in-addr.arpa" {
-		type master;
-		file "/etc/bind/db.127";
-	};
-
-	zone "0.in-addr.arpa" {
-		type master;
-		file "/etc/bind/db.0";
-	};
-
-	zone "255.in-addr.arpa" {
-		type master;
-		file "/etc/bind/db.255";
-	};
-};
--- a/roles/bind-recursive/templates/bind/named.conf.j2
+++ b/roles/bind-recursive/templates/bind/named.conf.j2
@ -1,14 +0,0 @@
-{{ ansible_header | comment(decoration='// ') }}
-
-// This is the primary configuration file for the BIND DNS server named.
-//
-// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
-// structure of BIND configuration files in Debian, *BEFORE* you customize
-// this configuration file.
-//
-// If you are just adding zones, please do that in /etc/bind/named.conf.local
-
-include "/etc/bind/named.conf.acl";
-include "/etc/bind/named.conf.options";
-include "/etc/bind/named.conf.local";
-include "/etc/bind/named.conf.default-zones";
--- a/roles/bind-recursive/templates/bind/named.conf.local.j2
+++ b/roles/bind-recursive/templates/bind/named.conf.local.j2
@ -1,15 +0,0 @@
-{{ ansible_header | comment(decoration='// ') }}
-
-// Consider adding the 1918 zones here, if they are not used in your
-// organization
-//include "/etc/bind/zones.rfc1918";
-
-view "infra" {
-	match-clients { infra; };
-	recursion no;
-
-	zone "." {
-		type master;
-		file "/etc/bind/db.infra";
-	};
-};
--- a/roles/bind-recursive/templates/bind/named.conf.options.j2
+++ b/roles/bind-recursive/templates/bind/named.conf.options.j2
@ -1,26 +0,0 @@
-{{ ansible_header | comment(decoration='// ') }}
-
-options {
-	directory "/var/cache/bind";
-
-	// If there is a firewall between you and nameservers you want
-	// to talk to, you may need to fix the firewall to allow multiple
-	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
-
-	// If your ISP provided one or more IP addresses for stable
-	// nameservers, you probably want to use them as forwarders.
-	// Uncomment the following block, and insert the addresses replacing
-	// the all-0's placeholder.
-
-	// forwarders {
-	// 	0.0.0.0;
-	// };
-
-	//========================================================================
-	// If BIND logs error messages about the root key being expired,
-	// you will need to update your keys.  See https://www.isc.org/bind-keys
-	//========================================================================
-	dnssec-validation auto;
-
-	listen-on-v6 { any; };
-};