fix zone transfers

fix dns ports fixate dns server
2023-03-20 08:54:04 +01:00 · 2023-03-20 08:54:04 +01:00 · e716be6c9c
commit e716be6c9c
parent 506d39091f
5 changed files with 19 additions and 6 deletions
--- a/ansible/hermes.yml
+++ b/ansible/hermes.yml
@ -19,6 +19,10 @@
      changed_when: "'..' in cloudinit.stdout"
    - name: Gather facts
      setup:
+    - name: Copy resolv.conf
+      copy:
+        src: resolv.conf
+        dest: /etc/resolv.conf
    - name: Update repositories
      apt:
        autoremove: true
--- a/ansible/resolv.conf
+++ b/ansible/resolv.conf
@ -0,0 +1 @@
+nameserver 192.168.30.1
--- a/ansible/roles/dnsmasq/files/dnsmasq.conf
+++ b/ansible/roles/dnsmasq/files/dnsmasq.conf
@ -13,7 +13,7 @@ expand-hosts
 # Domain that is used for DHCP on this network
 domain=dmz
 # IPv4 DHCP range
-dhcp-range=192.168.30.100,192.168.30.200,infinite
+dhcp-range=192.168.30.100,192.168.30.200,15m
 # Predefined DHCP hosts
 dhcp-host=b8:27:eb:b9:ab:e2,esrom
 dhcp-host=b4:2e:99:77:1b:da,max,192.168.30.3
@ -29,11 +29,13 @@ ra-param=*,0,0
 # Alias public IP address to local
 alias=84.245.14.149,192.168.30.3
 # Override DNS servers for our domains
-server=/pizzapim.nl/192.168.30.7#5353
-server=/geokunis2.nl/192.168.30.7#5353
-server=/pim.kunis.nl/192.168.30.7#5353
+server=/pizzapim.nl/192.168.30.7
+server=/geokunis2.nl/192.168.30.7
+server=/pim.kunis.nl/192.168.30.7
 # Enable extended logging
 log-dhcp
 log-queries
 # Resolve dns.dmz to addresses on main NIC
 interface-name=hermes.dmz,ens3
+# Non-conventional port because we also run nsd on this machine
+port=5353
--- a/ansible/roles/dnsmasq/tasks/main.yml
+++ b/ansible/roles/dnsmasq/tasks/main.yml
@ -10,8 +10,9 @@
  copy:
    src: "{{ role_path }}/files/dnsmasq.conf"
    dest: "/etc/dnsmasq.conf"
+  register: config
 - name: Enable dnsmasq
  systemd:
    name: dnsmasq
    enabled: true
-    state: started
+    state: "{{ 'restarted' if config.changed else 'started' }}"
--- a/ansible/roles/nsd/files/nsd.conf
+++ b/ansible/roles/nsd/files/nsd.conf
@ -1,6 +1,6 @@
 server:
        ip-address: ens3
-	port: 5353
+	port: 53
        server-count: 1
        verbosity: 1
        hide-version: yes
@ -15,7 +15,12 @@ zone:
 zone:
 	name: pizzapim.nl
 	zonefile: pizzapim.nl
+	provide-xfr: 87.253.155.96/27 NOKEY
+        provide-xfr: 157.97.168.160/27 NOKEY
+

 zone:
 	name: geokunis2.nl
 	zonefile: geokunis2.nl
+	provide-xfr: 87.253.155.96/27 NOKEY
+        provide-xfr: 157.97.168.160/27 NOKEY