diff options
Diffstat (limited to 'roles/install_bind')
| -rw-r--r-- | roles/install_bind/tasks/main.yml | 24 | ||||
| -rw-r--r-- | roles/install_bind/templates/named.conf.j2 | 78 |
2 files changed, 102 insertions, 0 deletions
diff --git a/roles/install_bind/tasks/main.yml b/roles/install_bind/tasks/main.yml new file mode 100644 index 0000000..31a833c --- /dev/null +++ b/roles/install_bind/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: install bind + pacman: + name: bind + state: present + +- name: create named zone backup folder + file: + path: /var/named/bak + state: directory + owner: named + group: named + +- name: bind config + template: + src: named.conf.j2 + dest: /etc/named.conf + register: named_conf + +- name: reload bind + when: named_conf.changed + systemd: + name: named.service + state: reloaded diff --git a/roles/install_bind/templates/named.conf.j2 b/roles/install_bind/templates/named.conf.j2 new file mode 100644 index 0000000..ac2f9bd --- /dev/null +++ b/roles/install_bind/templates/named.conf.j2 @@ -0,0 +1,78 @@ +// vim:set ts=4 sw=4 et: + +options { + directory "/var/named"; + pid-file "/run/named/named.pid"; + + dnssec-enable yes; + dnssec-validation yes; + dnssec-lookaside auto; + + auth-nxdomain no; # conform to RFC1035 + + listen-on-v6 { {{ bat0_ipv6 }}; }; + listen-on port 53 { 127.0.0.1; {{ bat0_ipv4 }}; }; + + allow-recursion { 127.0.0.1; 10.222.0.0/16; 2a01:198:70a:ff::/64; }; + allow-transfer { none; }; + allow-update { none; }; + + //forwarders { + // 85.214.20.141; + // 213.73.91.35; + //}; + + version none; + hostname none; + server-id none; +}; + +zone "localhost" IN { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.arpa" IN { + type master; + file "127.0.0.zone"; +}; + +zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { + type master; + file "localhost.ip6.zone"; +}; + +zone "255.in-addr.arpa" IN { + type master; + file "empty.zone"; +}; + +zone "0.in-addr.arpa" IN { + type master; + file "empty.zone"; +}; + +zone "." IN { + type hint; + file "root.hint"; +}; + +zone "ffmyk" IN { + type slave; + file "bak/ffmyk.zone"; + allow-query { any; }; + masters { 10.222.100.1; }; +}; + +//logging { +// channel xfer-log { +// file "/var/log/named.log"; +// print-category yes; +// print-severity yes; +// severity info; +// }; +// category xfer-in { xfer-log; }; +// category xfer-out { xfer-log; }; +// category notify { xfer-log; }; +//}; + |