diff options
-rw-r--r-- | roles/dnsserver/files/0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa.zone (renamed from roles/dnsserver/files/0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa) | 0 | ||||
-rw-r--r-- | roles/dnsserver/files/117.103.247.82.in-addr.arpa.zone (renamed from roles/dnsserver/files/117.103.247.82.in-addr.arpa) | 0 | ||||
-rw-r--r-- | roles/dnsserver/files/194.111.170.178.in-addr.arpa.zone (renamed from roles/dnsserver/files/194.111.170.178.in-addr.arpa) | 0 | ||||
-rw-r--r-- | roles/dnsserver/files/2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone (renamed from roles/dnsserver/files/2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa) | 0 | ||||
-rw-r--r-- | roles/dnsserver/files/3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone (renamed from roles/dnsserver/files/3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa) | 0 | ||||
-rw-r--r-- | roles/dnsserver/files/4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone (renamed from roles/dnsserver/files/4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa) | 0 | ||||
-rw-r--r-- | roles/dnsserver/tasks/config.yml | 12 | ||||
-rw-r--r-- | roles/dnsserver/templates/named.conf.j2 | 119 | ||||
-rw-r--r-- | roles/dnsserver/vars/main.yml | 16 |
9 files changed, 40 insertions, 107 deletions
diff --git a/roles/dnsserver/files/0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa b/roles/dnsserver/files/0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa.zone index 93649cf..93649cf 100644 --- a/roles/dnsserver/files/0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa +++ b/roles/dnsserver/files/0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa.zone diff --git a/roles/dnsserver/files/117.103.247.82.in-addr.arpa b/roles/dnsserver/files/117.103.247.82.in-addr.arpa.zone index 8c8dd90..8c8dd90 100644 --- a/roles/dnsserver/files/117.103.247.82.in-addr.arpa +++ b/roles/dnsserver/files/117.103.247.82.in-addr.arpa.zone diff --git a/roles/dnsserver/files/194.111.170.178.in-addr.arpa b/roles/dnsserver/files/194.111.170.178.in-addr.arpa.zone index 93649cf..93649cf 100644 --- a/roles/dnsserver/files/194.111.170.178.in-addr.arpa +++ b/roles/dnsserver/files/194.111.170.178.in-addr.arpa.zone diff --git a/roles/dnsserver/files/2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa b/roles/dnsserver/files/2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone index d24d74c..d24d74c 100644 --- a/roles/dnsserver/files/2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa +++ b/roles/dnsserver/files/2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone diff --git a/roles/dnsserver/files/3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa b/roles/dnsserver/files/3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone index e69e4fd..e69e4fd 100644 --- a/roles/dnsserver/files/3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa +++ b/roles/dnsserver/files/3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone diff --git a/roles/dnsserver/files/4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa b/roles/dnsserver/files/4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone index 8c8dd90..8c8dd90 100644 --- a/roles/dnsserver/files/4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa +++ b/roles/dnsserver/files/4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone diff --git a/roles/dnsserver/tasks/config.yml b/roles/dnsserver/tasks/config.yml index 6d078f7..b69a6ca 100644 --- a/roles/dnsserver/tasks/config.yml +++ b/roles/dnsserver/tasks/config.yml @@ -14,12 +14,12 @@ notify: reload named with_items: - casperlefantom.net.zone - - 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa - - 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa - - 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa - - 117.103.247.82.in-addr.arpa - - 0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa - - 194.111.170.178.in-addr.arpa + - 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone + - 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone + - 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa.zone + - 117.103.247.82.in-addr.arpa.zone + - 0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa.zone + - 194.111.170.178.in-addr.arpa.zone - name: Open listening port 53 firewalld: service=dns permanent=true state=enabled diff --git a/roles/dnsserver/templates/named.conf.j2 b/roles/dnsserver/templates/named.conf.j2 index a96d62b..e067e2e 100644 --- a/roles/dnsserver/templates/named.conf.j2 +++ b/roles/dnsserver/templates/named.conf.j2 @@ -7,19 +7,18 @@ // See /usr/share/doc/bind*/sample/ for example named configuration files. // acl "whitelist-recursion" { - localhost; - 192.168.0.0/24; - 2a01:e35:2f76:7750::/64; // Réseau local - 86.220.0.0/16; // Plage des adresses dynamiques de Orange - 109.28.114.38; // Adresse fixe de SFR -{% if ansible_default_ipv6.address != slave1_ipv6 %} - {{ slave1_ipv6 }}; // Adresse de NS2 -{% endif %} -{% if ansible_default_ipv6.address != master_ipv6 %} - {{ master_ipv4 }}; // Réseau domestique -{% endif %} +{% for item in whitelist %} + {{ item }}; +{% endfor %} }; +{% if ansible_default_ipv6.address == master_ipv6 %} +acl "transferlist" { + {{ slave1_ipv6 }}; + {{ slave2_ipv6 }}; +}; +{% endif %} + options { listen-on port 53 { localhost; {{ ansible_default_ipv4.address }}; }; listen-on-v6 port 53 { localhost; {{ ansible_default_ipv6.address }}; }; @@ -150,103 +149,21 @@ zone "." IN { file "named.ca"; }; -zone "casperlefantom.net" IN { -{% if ansible_default_ipv6.address == master_ipv6 %} - type master; - allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; }; - file "casperlefantom.net.zone"; - notify yes; -{% endif %} -{% if ansible_default_ipv6.address != master_ipv6 %} - type slave; - file "casperlefantom.net.zone"; - masters { {{ master_ipv6 }}; }; -{% endif %} -}; - -zone "117.103.247.82.in-addr.arpa" IN { -{% if ansible_default_ipv6.address == master_ipv6 %} - type master; - allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; }; - file "117.103.247.82.in-addr.arpa"; - notify no; -{% endif %} -{% if ansible_default_ipv6.address != master_ipv6 %} - type slave; - file "117.103.247.82.in-addr.arpa"; - masters { {{ master_ipv6 }}; }; -{% endif %} -}; - -zone "4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa" IN { -{% if ansible_default_ipv6.address == master_ipv6 %} - type master; - allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; }; - file "4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa"; - notify no; -{% endif %} -{% if ansible_default_ipv6.address != master_ipv6 %} - type slave; - file "4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa"; - masters { {{ master_ipv6 }}; }; -{% endif %} -}; - -zone "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa" IN { -{% if ansible_default_ipv6.address == master_ipv6 %} - type master; - allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; }; - file "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa"; - notify no; -{% endif %} -{% if ansible_default_ipv6.address != master_ipv6 %} - type slave; - file "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa"; - masters { {{ master_ipv6 }}; }; -{% endif %} -}; - -zone "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa" IN { -{% if ansible_default_ipv6.address == master_ipv6 %} - type master; - allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; }; - file "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa"; - notify no; -{% endif %} -{% if ansible_default_ipv6.address != master_ipv6 %} - type slave; - file "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa"; - masters { {{ master_ipv6 }}; }; -{% endif %} -}; - -zone "194.111.170.178.in-addr.arpa" IN { -{% if ansible_default_ipv6.address == master_ipv6 %} - type master; - allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; }; - file "194.111.170.178.in-addr.arpa"; - notify no; -{% endif %} -{% if ansible_default_ipv6.address != master_ipv6 %} - type slave; - file "194.111.170.178.in-addr.arpa"; - masters { {{ master_ipv6 }}; }; -{% endif %} -}; - -zone "0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa" IN { +{% for item in zonelist %} +zone "{{ item }}" IN { {% if ansible_default_ipv6.address == master_ipv6 %} type master; - allow-transfer { {{ slave1_ipv6 }}; {{ slave2_ipv6 }}; }; - file "0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa"; - notify no; + allow-transfer { transferlist; }; + file "{{ item }}.zone"; + notify yes; {% endif %} {% if ansible_default_ipv6.address != master_ipv6 %} type slave; - file "0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa"; + file "{{ item }}.zone"; masters { {{ master_ipv6 }}; }; {% endif %} }; +{% endfor %} {% if ansible_default_ipv6.address == slave2_ipv6 %} {% for item in domainlist %} @@ -256,6 +173,6 @@ zone "{{ item }}" IN { }; {% endfor %} {% endif %} - + include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; diff --git a/roles/dnsserver/vars/main.yml b/roles/dnsserver/vars/main.yml index 298f1b2..3524227 100644 --- a/roles/dnsserver/vars/main.yml +++ b/roles/dnsserver/vars/main.yml @@ -7,6 +7,22 @@ slave1_ipv6: 2a00:c70:1:178:170:111:194:5000 slave2_ipv4: 192.168.0.61 slave2_ipv6: 2a01:e35:2f76:7750::11 +whitelist: + - localhost + - 192.168.0.0/24 + - 2a01:e35:2f76:7750::/64 + - 82.247.103.117 + - 2a00:c70:1:178:170:111:194:5000 + +zonelist: + - casperlefantom.net + - 117.103.247.82.in-addr.arpa + - 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa + - 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa + - 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.7.7.6.7.f.2.5.3.e.0.1.0.a.2.ip6.arpa + - 194.111.170.178.in-addr.arpa + - 0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa + domainlist: - google.com - google.fr |