replace powerdns with BIND
This commit is contained in:
parent
721623c8fc
commit
304a3bbe34
10 changed files with 79 additions and 76 deletions
|
@ -22,4 +22,4 @@
|
||||||
roles:
|
roles:
|
||||||
- {role: apt, tags: apt}
|
- {role: apt, tags: apt}
|
||||||
- {role: dnsmasq, tags: dnsmasq}
|
- {role: dnsmasq, tags: dnsmasq}
|
||||||
- {role: powerdns, tags: powerdns}
|
- {role: bertvv.bind, tags: bind}
|
||||||
|
|
|
@ -1,9 +1,6 @@
|
||||||
apt_install_packages:
|
apt_install_packages:
|
||||||
- qemu-guest-agent
|
- qemu-guest-agent
|
||||||
- dnsutils
|
- dnsutils
|
||||||
- pdns-server
|
|
||||||
- pdns-backend-pgsql
|
|
||||||
- postgresql-client
|
|
||||||
|
|
||||||
ssh_ca_dir: /root/ssh_ca
|
ssh_ca_dir: /root/ssh_ca
|
||||||
ssh_ca_user_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
|
ssh_ca_user_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
|
||||||
|
@ -65,20 +62,81 @@ ssh_ca_host_ca_private_key: !vault |
|
||||||
39393734393061653639313365633931373963666635316138663538356265386562373837393530
|
39393734393061653639313365633931373963666635316138663538356265386562373837393530
|
||||||
6537646639613534666533626339356335396634613765616664
|
6537646639613534666533626339356335396634613765616664
|
||||||
|
|
||||||
api_key: !vault |
|
bind_zone_ttl: 1h
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
bind_allow_query:
|
||||||
65376335393463353232386437613533396261383332653738323764633965393262363239376165
|
- any
|
||||||
3566666139376135643833343535663130353631326466610a623161633238363338633461383434
|
bind_listen_ipv4:
|
||||||
63373365613765663830613565313164323938336338616666313365623261663037626132623531
|
- any
|
||||||
3638653833626532300a656632356563613631633162643464356236396635633237376133323433
|
bind_dnssec_enable: false
|
||||||
37363261376535306161393039396333656430323534616462393366643662306631306339346363
|
bind_zones:
|
||||||
3065303163643732613435323561663035646365383237643464
|
- name: kun.is
|
||||||
|
|
||||||
postgresql_password: !vault |
|
primaries:
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
- 192.168.30.7
|
||||||
64646633623535383761356434643064383736626638333738323363393037393133363130623361
|
|
||||||
3965323132656263393365366131343732646239316564390a613263386166383438366162303561
|
name_servers:
|
||||||
63626162656337313034663830626432303437363764653336613338393038393737663238313737
|
- ns1.kun.is.
|
||||||
3164323834393165380a393138363265393963613835376331623735303538316162343036306230
|
- ns2.kun.is.
|
||||||
63633335343332313861393135366332313061353064306265653631613735336631653438383066
|
|
||||||
3034323733323333646532613233666333323363643534336233
|
hosts:
|
||||||
|
- name: ns
|
||||||
|
ip: 84.245.14.149
|
||||||
|
- name: ns1
|
||||||
|
ip: 84.245.14.149
|
||||||
|
- name: ns2
|
||||||
|
ip: 84.245.14.149
|
||||||
|
- name: '*'
|
||||||
|
ip: 84.245.14.149
|
||||||
|
- name: fcfe5d31d5b7ae1af0b352a6b4c75d3f
|
||||||
|
aliases:
|
||||||
|
- verify.bing.com.
|
||||||
|
text:
|
||||||
|
- name: '@'
|
||||||
|
text: "\\\"google-site-verification=sznWJNdSZfiAESJhnDQEJ6hf06W9vndvhMi6wP_HH04\\\""
|
||||||
|
|
||||||
|
- name: geokunis2.nl
|
||||||
|
primaries:
|
||||||
|
- 192.168.30.7
|
||||||
|
|
||||||
|
name_servers:
|
||||||
|
- ns.geokunis2.nl.
|
||||||
|
- ns0.transip.net.
|
||||||
|
- ns1.transip.nl.
|
||||||
|
- ns2.transip.eu.
|
||||||
|
|
||||||
|
hosts:
|
||||||
|
- name: '@'
|
||||||
|
ip: 84.245.14.149
|
||||||
|
ipv6: 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||||
|
- name: mail
|
||||||
|
ip: 84.245.14.149
|
||||||
|
- name: wg
|
||||||
|
ip: 84.245.14.149
|
||||||
|
ipv6: 2a02:58:1:e::1afb
|
||||||
|
- name: wg4
|
||||||
|
ip: 84.245.14.149
|
||||||
|
- name: wg6
|
||||||
|
ipv6: 2a02:58:1:e::1afb
|
||||||
|
- name: tuindersweijde
|
||||||
|
ip: 84.245.14.149
|
||||||
|
- name: ns
|
||||||
|
ip: 84.245.14.149
|
||||||
|
ipv6: 2a02:58:19a:f730:c8fe:c0ff:feff:ee07
|
||||||
|
- name: files
|
||||||
|
ip: 84.245.14.149
|
||||||
|
ipv6: 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||||
|
- name: cyberchef
|
||||||
|
ip: 84.245.14.149
|
||||||
|
ipv6: 2a02:58:19a:f730:c8fe:c0ff:feff:ee03
|
||||||
|
- name: inbucket
|
||||||
|
ip: 84.245.14.149
|
||||||
|
- name: kms
|
||||||
|
ip: 84.245.14.149
|
||||||
|
|
||||||
|
mail_servers:
|
||||||
|
- name: mail
|
||||||
|
preference: 10
|
||||||
|
|
||||||
|
caa:
|
||||||
|
- name: '@'
|
||||||
|
text: "0 issue \\\"letsencrypt.org\\\""
|
||||||
|
|
|
@ -7,3 +7,4 @@
|
||||||
- name: postgresql_database
|
- name: postgresql_database
|
||||||
src: https://git.kun.is/home/ansible-role-postgresql-database
|
src: https://git.kun.is/home/ansible-role-postgresql-database
|
||||||
scm: git
|
scm: git
|
||||||
|
- name: bertvv.bind
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
api=yes
|
|
||||||
api-key={{ api_key }}
|
|
||||||
webserver-address=0.0.0.0
|
|
||||||
webserver-port=3000
|
|
||||||
webserver-allow-from=0.0.0.0/0
|
|
|
@ -1,5 +0,0 @@
|
||||||
launch=gpgsql
|
|
||||||
gpgsql-host=192.168.30.10
|
|
||||||
gpgsql-dbname=powerdns
|
|
||||||
gpgsql-user=powerdns
|
|
||||||
gpgsql-password={{ postgresql_password }}
|
|
|
@ -1,4 +0,0 @@
|
||||||
- name: restart powerdns
|
|
||||||
systemd:
|
|
||||||
name: pdns
|
|
||||||
state: restarted
|
|
|
@ -1,4 +0,0 @@
|
||||||
local-address=192.168.30.7, 127.0.0.1, ::
|
|
||||||
default-soa-content=ns.@ noreply.@ 0 10800 3600 604800 3600
|
|
||||||
# allow zone transfers from Transip ip's. see also: https://www.transip.nl/knowledgebase/artikel/26-nameservers-instellen-transip-nameservers-secondary/
|
|
||||||
allow-axfr-ips=87.253.155.96/27,157.97.168.160/27
|
|
|
@ -1,28 +0,0 @@
|
||||||
- name: Remove BIND powerdns config
|
|
||||||
file:
|
|
||||||
path: /etc/powerdns/pdns.d/bind.conf
|
|
||||||
state: absent
|
|
||||||
notify: restart powerdns
|
|
||||||
|
|
||||||
- name: Copy postgresql powerdns config
|
|
||||||
template:
|
|
||||||
src: gpgsql.conf.j2
|
|
||||||
dest: /etc/powerdns/pdns.d/gpgsql.conf
|
|
||||||
notify: restart powerdns
|
|
||||||
|
|
||||||
- name: Add API powerdns config
|
|
||||||
template:
|
|
||||||
src: api.conf.j2
|
|
||||||
dest: /etc/powerdns/pdns.d/api.conf
|
|
||||||
notify: restart powerdns
|
|
||||||
|
|
||||||
- name: Overwrite powerdns config
|
|
||||||
copy:
|
|
||||||
src: overwrite.conf
|
|
||||||
dest: /etc/powerdns/pdns.d/overwrite.conf
|
|
||||||
notify: restart powerdns
|
|
||||||
|
|
||||||
- name: Start powerdns
|
|
||||||
systemd:
|
|
||||||
name: pdns
|
|
||||||
state: started
|
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: hermes
|
|
||||||
tasks:
|
|
||||||
- name: Read dnsmasq leases
|
|
||||||
command: cat /mnt/data/dnsmasq.leases
|
|
||||||
register: leases
|
|
||||||
|
|
||||||
- name: Print dnsmasq leases
|
|
||||||
debug:
|
|
||||||
msg: "{{ leases.stdout_lines }}"
|
|
Loading…
Reference in a new issue