Skip to content
Snippets Groups Projects
Commit 095f184d authored by Philipp Rothmann's avatar Philipp Rothmann
Browse files

Add dnsdist

parent d2732b8b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/base/files/dnsdist/dnsdist.conf 0 → 100644
+ 22
0
View file @ 095f184d
-- see https://doc.powerdns.com/authoritative/guides/recursion.html#scenario-2-authoritative-server-as-recursor-for-clients-and-serving-public-domains
setLocal('::')
addLocal('0.0.0.0')
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access
newServer({address='127.0.0.1:5300', pool='auth'})
newServer({address='127.0.0.1:5301', pool='recursor'})
-- todo use host_vars
recursive_ips = newNMG()
recursive_ips:addMask('10.130.0.0/16')
recursive_ips:addMask('2001:67c:2d50::/48')
recursive_ips:addMask('fdef:ffc0:3dd7::/48')
recursive_ips:addMask('fe80::/10')
recursive_ips:addMask('::1/128')
addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
addAction(AllRule(), PoolAction('auth'))
-- disable security status
setSecurityPollSuffix("")
roles/base/files/powerdns/recursor.conf
+ 3
4
View file @ 095f184d
...@@ -9,8 +9,7 @@ hint-file=/usr/share/dns/root.hints ...@@ -9,8 +9,7 @@ hint-file=/usr/share/dns/root.hints
webserver=yes webserver=yes
webserver-address=0.0.0.0 webserver-address=0.0.0.0
webserver-allow-from=10.130.0.10/32 webserver-allow-from=10.130.0.10/32
local-port=5301
local-address=0.0.0.0 :: local-address=127.0.0.1 ::1
# allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 2001:67c:2d50::/48 allow-from=127.0.0.1/32, ::1/128
allow-from=0.0.0.0/0, ::/0
forward-zones-file=/etc/powerdns/forward-zones.conf forward-zones-file=/etc/powerdns/forward-zones.conf
roles/base/tasks/powerdns.yml
+ 16
0
View file @ 095f184d
--- ---
- name: install packages
apt:
autoremove: yes
update_cache: yes
state: present
name:
- dnsdist
- pdns-recursor
- pdns-server
- pdns-backend-bind
- name: copy powerdns configs - name: copy powerdns configs
copy: copy:
src: powerdns src: powerdns
dest: /etc/ dest: /etc/
- name: copy dnsdist configs
copy:
src: dnsdist
dest: /etc/
- name: clone dns-repo - name: clone dns-repo
git: git:
repo: "{{ dns_repo_url }}" repo: "{{ dns_repo_url }}"
...@@ -27,3 +42,4 @@ ...@@ -27,3 +42,4 @@
- pdns-recursor.service - pdns-recursor.service
- pdns.service - pdns.service
- update-ffhl-dns.timer - update-ffhl-dns.timer
- dnsdist
roles/base/tasks/software.yml
+ 0
3
View file @ 095f184d
...@@ -26,9 +26,6 @@ ...@@ -26,9 +26,6 @@
- iptables-persistent - iptables-persistent
- isc-dhcp-server - isc-dhcp-server
- openssh-server - openssh-server
- pdns-recursor
- pdns-server
- pdns-backend-bind
- prometheus-node-exporter - prometheus-node-exporter
- python-apt - python-apt
- radvd - radvd
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Hosted with love by Chaotikum e.V. Support us if you can