77 lines
2.1 KiB
YAML
77 lines
2.1 KiB
YAML
- name: Setup primary nameserver
|
|
hosts: ns1.k-space.ee
|
|
tasks:
|
|
- name: Make sure bind9 is installed
|
|
ansible.builtin.apt:
|
|
name: bind9
|
|
state: present
|
|
|
|
- name: Configure Bind
|
|
register: bind
|
|
copy:
|
|
dest: /etc/bind/named.conf
|
|
content: |
|
|
# This file is managed by Ansible
|
|
# https://git.k-space.ee/k-space/kube/src/branch/master/ansible-bind-primary.yml
|
|
# Do NOT modify manually
|
|
|
|
include "/etc/bind/named.conf.local";
|
|
include "/etc/bind/readwrite.key";
|
|
include "/etc/bind/readonly.key";
|
|
|
|
options {
|
|
directory "/var/cache/bind";
|
|
version "";
|
|
listen-on { any; };
|
|
listen-on-v6 { any; };
|
|
pid-file "/var/run/named/named.pid";
|
|
notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; };
|
|
allow-recursion { none; };
|
|
recursion no;
|
|
check-names master ignore;
|
|
dnssec-validation no;
|
|
auth-nxdomain no;
|
|
};
|
|
|
|
# https://kb.isc.org/docs/aa-00723
|
|
|
|
acl allowed {
|
|
172.20.3.0/24;
|
|
172.20.4.0/24;
|
|
};
|
|
|
|
acl rejected { !allowed; any; };
|
|
|
|
zone "." {
|
|
type hint;
|
|
file "/var/lib/bind/db.root";
|
|
};
|
|
|
|
zone "k-space.ee" {
|
|
type master;
|
|
file "/var/lib/bind/db.k-space.ee";
|
|
allow-update { !rejected; key readwrite; };
|
|
allow-transfer { !rejected; key readonly; key readwrite; };
|
|
};
|
|
|
|
zone "k6.ee" {
|
|
type master;
|
|
file "/var/lib/bind/db.k6.ee";
|
|
allow-update { !rejected; key readwrite; };
|
|
allow-transfer { !rejected; key readonly; key readwrite; };
|
|
};
|
|
|
|
zone "kspace.ee" {
|
|
type master;
|
|
file "/var/lib/bind/db.kspace.ee";
|
|
allow-update { !rejected; key readwrite; };
|
|
allow-transfer { !rejected; key readonly; key readwrite; };
|
|
};
|
|
- name: Check Bind config
|
|
ansible.builtin.shell: "named-checkconf"
|
|
- name: Reload Bind config
|
|
service:
|
|
name: bind9
|
|
state: reloaded
|
|
when: bind.changed
|