9 files changed, 40 insertions, 107 deletions

diff --git a/roles/dnsserver/files/0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa b/roles/dnsserver/files/0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa.zone
index 93649cf..93649cf 100644
--- a/roles/dnsserver/files/0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa
+++ b/roles/dnsserver/files/0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa.zone
diff --git a/roles/dnsserver/files/117.103.247.82.in-addr.arpa b/roles/dnsserver/files/117.103.247.82.in-addr.arpa.zone
index 8c8dd90..8c8dd90 100644
--- a/roles/dnsserver/files/117.103.247.82.in-addr.arpa
+++ b/roles/dnsserver/files/117.103.247.82.in-addr.arpa.zone
diff --git a/roles/dnsserver/files/194.111.170.178.in-addr.arpa b/roles/dnsserver/files/194.111.170.178.in-addr.arpa.zone
index 93649cf..93649cf 100644
--- a/roles/dnsserver/files/194.111.170.178.in-addr.arpa
+++ b/roles/dnsserver/files/194.111.170.178.in-addr.arpa.zone
diff --git a/roles/dnsserver/files/2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa b/roles/dnsserver/files/2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone
index d24d74c..d24d74c 100644
--- a/roles/dnsserver/files/2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa
+++ b/roles/dnsserver/files/2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone
diff --git a/roles/dnsserver/files/3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa b/roles/dnsserver/files/3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone
index e69e4fd..e69e4fd 100644
--- a/roles/dnsserver/files/3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa
+++ b/roles/dnsserver/files/3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone
diff --git a/roles/dnsserver/files/4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa b/roles/dnsserver/files/4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone
index 8c8dd90..8c8dd90 100644
--- a/roles/dnsserver/files/4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa
+++ b/roles/dnsserver/files/4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone
diff --git a/roles/dnsserver/tasks/config.yml b/roles/dnsserver/tasks/config.yml
index 6d078f7..b69a6ca 100644
--- a/roles/dnsserver/tasks/config.yml
+++ b/roles/dnsserver/tasks/config.yml
@@ -14,12 +14,12 @@
   notify: reload named
   with_items:
     - casperlefantom.net.zone
-    - 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa
-    - 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa
-    - 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa
-    - 117.103.247.82.in-addr.arpa
-    - 0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa
-    - 194.111.170.178.in-addr.arpa
+    - 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone
+    - 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone
+    - 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone
+    - 117.103.247.82.in-addr.arpa.zone
+    - 0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa.zone
+    - 194.111.170.178.in-addr.arpa.zone
 
 - name: Open listening port 53
   firewalld: service=dns permanent=true state=enabled
diff --git a/roles/dnsserver/templates/named.conf.j2 b/roles/dnsserver/templates/named.conf.j2
index a96d62b..e067e2e 100644
--- a/roles/dnsserver/templates/named.conf.j2
+++ b/roles/dnsserver/templates/named.conf.j2
@@ -7,19 +7,18 @@
 // See /usr/share/doc/bind*/sample/ for example named configuration files.
 //
 acl "whitelist-recursion" {
-    localhost;
-    192.168.0.0/24;
-    2a01:e35:2f76:7750::/64;    // Réseau local
-    86.220.0.0/16;              // Plage des adresses dynamiques de Orange
-    109.28.114.38;              // Adresse fixe de SFR
-{% if ansible_default_ipv6.address != slave1_ipv6 %}
-    {{ slave1_ipv6 }}; // Adresse de NS2
-{% endif %}
-{% if ansible_default_ipv6.address != master_ipv6 %}
-    {{ master_ipv4 }}; // Réseau domestique
-{% endif %}
+{% for item in whitelist %}
+    {{ item }};
+{% endfor %}
 };
 
+{% if ansible_default_ipv6.address == master_ipv6 %}
+acl "transferlist" {
+    {{ slave1_ipv6 }};
+    {{ slave2_ipv6 }};
+};
+{% endif %}
+
 options {
 	listen-on port 53 { localhost; {{ ansible_default_ipv4.address }}; };
 	listen-on-v6 port 53 { localhost; {{ ansible_default_ipv6.address }}; };
@@ -150,103 +149,21 @@ zone "." IN {
 	file "named.ca";
 };
 
-zone "casperlefantom.net" IN {
-{% if ansible_default_ipv6.address == master_ipv6 %}
-	type master;
-	allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; };
-	file "casperlefantom.net.zone";
-	notify yes;
-{% endif %}
-{% if ansible_default_ipv6.address != master_ipv6 %}
-        type slave;
-        file "casperlefantom.net.zone";
-        masters { {{ master_ipv6 }}; };
-{% endif %}
-};
-
-zone "117.103.247.82.in-addr.arpa" IN {
-{% if ansible_default_ipv6.address == master_ipv6 %}
-        type master;
-        allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; };
-        file "117.103.247.82.in-addr.arpa";
-        notify no;
-{% endif %}
-{% if ansible_default_ipv6.address != master_ipv6 %}
-        type slave;
-        file "117.103.247.82.in-addr.arpa";
-        masters { {{ master_ipv6 }}; };
-{% endif %}
-};
-
-zone "4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa" IN {
-{% if ansible_default_ipv6.address == master_ipv6 %}
-        type master;
-        allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; };
-        file "4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa";
-        notify no;
-{% endif %}
-{% if ansible_default_ipv6.address != master_ipv6 %}
-        type slave;
-        file "4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa";
-        masters { {{ master_ipv6 }}; };
-{% endif %}
-};
-
-zone "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa" IN {
-{% if ansible_default_ipv6.address == master_ipv6 %}
-        type master;
-        allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; };
-        file "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa";
-        notify no;
-{% endif %}
-{% if ansible_default_ipv6.address != master_ipv6 %}
-        type slave;
-        file "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa";
-        masters { {{ master_ipv6 }}; };
-{% endif %}
-};
-
-zone "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa" IN {
-{% if ansible_default_ipv6.address == master_ipv6 %}
-        type master;
-        allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; };
-        file "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa";
-        notify no;
-{% endif %}
-{% if ansible_default_ipv6.address != master_ipv6 %}
-        type slave;
-        file "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa";
-        masters { {{ master_ipv6 }}; };
-{% endif %}
-};
-
-zone "194.111.170.178.in-addr.arpa" IN {
-{% if ansible_default_ipv6.address == master_ipv6 %}
-        type master;
-        allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; };
-        file "194.111.170.178.in-addr.arpa";
-        notify no;
-{% endif %}
-{% if ansible_default_ipv6.address != master_ipv6 %}
-        type slave;
-        file "194.111.170.178.in-addr.arpa";
-        masters { {{ master_ipv6 }}; };
-{% endif %}
-};
-
-zone "0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa" IN {
+{% for item in zonelist %}
+zone "{{ item }}" IN {
 {% if ansible_default_ipv6.address == master_ipv6 %}
         type master;
-        allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; };
-        file "0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa";
-        notify no;
+        allow-transfer { transferlist; };
+        file "{{ item }}.zone";
+        notify yes;
 {% endif %}
 {% if ansible_default_ipv6.address != master_ipv6 %}
         type slave;
-        file "0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa";
+        file "{{ item }}.zone";
         masters { {{ master_ipv6 }}; };
 {% endif %}
 };
+{% endfor %}
 
 {% if ansible_default_ipv6.address == slave2_ipv6 %}
 {% for item in domainlist %}
@@ -256,6 +173,6 @@ zone "{{ item }}" IN {
 };
 {% endfor %}
 {% endif %}
- 
+
 include "/etc/named.rfc1912.zones";
 include "/etc/named.root.key";
diff --git a/roles/dnsserver/vars/main.yml b/roles/dnsserver/vars/main.yml
index 298f1b2..3524227 100644
--- a/roles/dnsserver/vars/main.yml
+++ b/roles/dnsserver/vars/main.yml
@@ -7,6 +7,22 @@ slave1_ipv6: 2a00:c70:1:178:170:111:194:5000
 slave2_ipv4: 192.168.0.61
 slave2_ipv6: 2a01:e35:2f76:7750::11
 
+whitelist:
+  - localhost
+  - 192.168.0.0/24
+  - 2a01:e35:2f76:7750::/64
+  - 82.247.103.117
+  - 2a00:c70:1:178:170:111:194:5000
+
+zonelist:
+  - casperlefantom.net
+  - 117.103.247.82.in-addr.arpa
+  - 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa
+  - 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa
+  - 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa
+  - 194.111.170.178.in-addr.arpa
+  - 0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa
+
 domainlist:
   - google.com
   - google.fr