- name: Setup primary nameserver hosts: ns1.k-space.ee tasks: - name: Make sure bind9 is installed ansible.builtin.apt: name: bind9 state: present - name: Configure Bind register: bind copy: dest: /etc/bind/named.conf content: | # This file is managed by Ansible # https://git.k-space.ee/k-space/kube/src/branch/master/ansible-bind-primary.yml # Do NOT modify manually include "/etc/bind/named.conf.local"; include "/etc/bind/readwrite.key"; include "/etc/bind/readonly.key"; options { directory "/var/cache/bind"; version ""; listen-on { any; }; listen-on-v6 { any; }; pid-file "/var/run/named/named.pid"; notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; }; allow-recursion { none; }; recursion no; check-names master ignore; dnssec-validation no; auth-nxdomain no; }; # https://kb.isc.org/docs/aa-00723 acl allowed { 172.20.3.0/24; 172.20.4.0/24; }; acl rejected { !allowed; any; }; zone "." { type hint; file "/var/lib/bind/db.root"; }; zone "k-space.ee" { type master; file "/var/lib/bind/db.k-space.ee"; allow-update { !rejected; key readwrite; }; allow-transfer { !rejected; key readonly; key readwrite; }; }; zone "k6.ee" { type master; file "/var/lib/bind/db.k6.ee"; allow-update { !rejected; key readwrite; }; allow-transfer { !rejected; key readonly; key readwrite; }; }; zone "kspace.ee" { type master; file "/var/lib/bind/db.kspace.ee"; allow-update { !rejected; key readwrite; }; allow-transfer { !rejected; key readonly; key readwrite; }; }; - name: Check Bind config ansible.builtin.shell: "named-checkconf" - name: Reload Bind config service: name: bind9 state: reloaded when: bind.changed