kube/ansible-bind-primary.yml

- name: Setup primary nameserver
  hosts: ns1.k-space.ee
  tasks:
  - name: Make sure bind9 is installed
    ansible.builtin.apt:
      name: bind9
      state: present
  - name: Configure Bind
    register: bind
    copy:
      dest: /etc/bind/named.conf
      content: |
        # This file is managed by Ansible
        # https://git.k-space.ee/k-space/kube/src/branch/master/ansible-bind-primary.yml
        # Do NOT modify manually

        include "/etc/bind/named.conf.options";
        include "/etc/bind/named.conf.local";
        include "/etc/bind/readwrite.key";
        include "/etc/bind/readonly.key";

        # https://kb.isc.org/docs/aa-00723

        acl allowed {
            172.20.3.0/24;
            172.20.4.0/24;
        };

        acl rejected { !allowed; any; };

        zone "." {
            type hint;
            file "/var/lib/bind/db.root";
        };

        zone "k-space.ee" {
            type master;
            file "/var/lib/bind/db.k-space.ee";
            allow-update { !rejected; key readwrite; };
            allow-transfer { !rejected; key readonly; key readwrite; };
            notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; };
        };

        zone "k6.ee" {
            type master;
            file "/var/lib/bind/db.k6.ee";
            allow-update { !rejected; key readwrite; };
            allow-transfer { !rejected; key readonly; key readwrite; };
            notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; };
        };

        zone "kspace.ee" {
            type master;
            file "/var/lib/bind/db.kspace.ee";
            allow-update { !rejected; key readwrite; };
            allow-transfer { !rejected; key readonly; key readwrite; };
            notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; };
        };
  - name: Check Bind config
    ansible.builtin.shell: "named-checkconf"
  - name: Reload Bind config
    service:
      name: bind9
      state: reloaded
    when: bind.changed
Update whole Bind setup 2023-08-19 18:31:30 +00:00			`- name: Setup primary nameserver`
			`hosts: ns1.k-space.ee`
			`tasks:`
			`- name: Make sure bind9 is installed`
			`ansible.builtin.apt:`
			`name: bind9`
			`state: present`
			`- name: Configure Bind`
			`register: bind`
			`copy:`
			`dest: /etc/bind/named.conf`
			`content: \|`
			`# This file is managed by Ansible`
			`# https://git.k-space.ee/k-space/kube/src/branch/master/ansible-bind-primary.yml`
			`# Do NOT modify manually`

			`include "/etc/bind/named.conf.options";`
			`include "/etc/bind/named.conf.local";`
			`include "/etc/bind/readwrite.key";`
			`include "/etc/bind/readonly.key";`

			`# https://kb.isc.org/docs/aa-00723`

			`acl allowed {`
			`172.20.3.0/24;`
			`172.20.4.0/24;`
			`};`

			`acl rejected { !allowed; any; };`

			`zone "." {`
			`type hint;`
			`file "/var/lib/bind/db.root";`
			`};`

			`zone "k-space.ee" {`
			`type master;`
			`file "/var/lib/bind/db.k-space.ee";`
			`allow-update { !rejected; key readwrite; };`
			`allow-transfer { !rejected; key readonly; key readwrite; };`
			`notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; };`
			`};`

			`zone "k6.ee" {`
			`type master;`
			`file "/var/lib/bind/db.k6.ee";`
			`allow-update { !rejected; key readwrite; };`
			`allow-transfer { !rejected; key readonly; key readwrite; };`
			`notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; };`
			`};`

			`zone "kspace.ee" {`
			`type master;`
			`file "/var/lib/bind/db.kspace.ee";`
			`allow-update { !rejected; key readwrite; };`
			`allow-transfer { !rejected; key readonly; key readwrite; };`
			`notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; };`
			`};`
			`- name: Check Bind config`
			`ansible.builtin.shell: "named-checkconf"`
			`- name: Reload Bind config`
			`service:`
			`name: bind9`
			`state: reloaded`
			`when: bind.changed`