Initial Commit

roles/bind_dhcp/templates/dhcpd.conf.j2

@@ -0,0 +1,37 @@
+authoritative;
+ddns-update-style interim;
+ignore client-updates;
+
+{% for key in dhcpd_keys %}
+key "{{ key.name }}" {
+  algorithm {{ key.algorithm }};
+  secret "{{ key.secret }}";
+}
+{% endfor %}
+
+{% for zone in dhcpd_zones %}
+zone {{ zone.name }} {
+  primary {{ zone.primary }};
+  key "{{ zone.key }}";
+}
+{% endfor %}
+
+subnet {{ dhcpd_network_start }} netmask {{ dhcpd_network_netmask }} {
+  interface {{ dhcpd_interface }};
+
+  range {{ dhcpd_network_range }};
+
+  default-lease-time {{ dhcpd_default_lease_time }};
+  max-lease-time {{ dhcpd_max_lease_time }};
+  min-lease-time {{ dhcpd_min_lease_time }};
+
+  ddns-domainname "{{ dhcpd_ddns_domainname }}";
+
+  update-static-leases on;
+
+  option broadcast-address {{ dhcpd_option_broadcast_address }};
+  option domain-name "{{ dhcpd_option_domain_name }}";
+  option domain-name-servers {{ dhcpd_option_domain_name_servers }};
+  option routers {{ dhcpd_option_routers }};
+  option subnet-mask {{ dhcpd_option_subnet_mask }};
+}

roles/bind_dhcp/templates/named.conf.j2

@@ -0,0 +1,129 @@
+//
+// named.conf
+//
+// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
+// server as a caching only nameserver (as a localhost DNS resolver only).
+//
+// See /usr/share/doc/bind*/sample/ for example named configuration files.
+//
+
+options {
+  listen-on port 53 {
+{% for ip in bind9_listen_on_ipv4 %}
+    {{ ip }};
+{% endfor %}
+    127.0.0.1;
+  };
+
+  listen-on-v6 port 53 {
+{% for ip in bind9_listen_on_ipv6 %}
+    {{ ip }};
+{% endfor %}
+    ::1;
+  };
+
+  directory           "/var/named";
+  dump-file           "/var/named/data/cache_dump.db";
+  statistics-file     "/var/named/data/named_stats.txt";
+  memstatistics-file  "/var/named/data/named_mem_stats.txt";
+  secroots-file       "/var/named/data/named.secroots";
+  recursing-file      "/var/named/data/named.recursing";
+
+  allow-query {
+{% for ip in bind9_global_allow_query %}
+    {{ ip }};
+{% endfor %}
+    localhost;
+  };
+
+  /*
+   - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
+   - If you are building a RECURSIVE (caching) DNS server, you need to enable
+     recursion.
+   - If your recursive DNS server has a public IP address, you MUST enable access
+     control to limit queries to your legitimate users. Failing to do so will
+     cause your server to become part of large scale DNS amplification
+     attacks. Implementing BCP38 within your network would greatly
+     reduce such attack surface
+  */
+  recursion yes;
+
+  dnssec-validation yes;
+
+  managed-keys-directory "/var/named/dynamic";
+  geoip-directory "/usr/share/GeoIP";
+
+  pid-file "/run/named/named.pid";
+  session-keyfile "/run/named/session.key";
+
+  /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
+  include "/etc/crypto-policies/back-ends/bind.config";
+};
+
+logging {
+  channel default_debug {
+    file "data/named.run";
+    severity dynamic;
+  };
+};
+
+zone "." IN {
+  type hint;
+  file "named.ca";
+};
+
+{% for zone in bind9_forward_zones %}
+zone "{{ zone.origin }}" {
+
+  allow-query {
+{% for entry in zone.allow_query %}
+    {{ entry }};
+{% endfor %}
+  };
+
+  allow-update {
+{% for entry in zone.allow_update %}
+    key {{ entry }};
+{% endfor %}
+  };
+
+  file "/etc/named/{{ zone.origin }}db";
+
+  type {{ zone.type }};
+
+};
+{% endfor %}
+
+
+
+{% for zone in bind9_reverse_zones %}
+zone "{{ zone.origin }}" {
+
+  allow-query {
+{% for entry in zone.allow_query %}
+    {{ entry }};
+{% endfor %}
+  };
+
+  allow-update {
+{% for entry in zone.allow_update %}
+    key {{ entry }};
+{% endfor %}
+  };
+
+  file "/etc/named/{{ zone.origin }}db";
+
+  type {{ zone.type }};
+
+};
+{% endfor %}
+
+{% for key in bind9_keys %}
+key "{{ key.name }}" {
+  algorithm {{ key.algorithm }};
+  secret "{{ key.secret }}";
+};
+{% endfor %}
+
+include "/etc/named.rfc1912.zones";
+include "/etc/named.root.key";

roles/bind_dhcp/templates/zone.j2

@@ -0,0 +1,6 @@
+$ORIGIN {{ item.origin }}
+$TTL {{ item.ttl }}
+
+{% for record in item.records %}
+{{ record.name }} {{ record.class | default('IN') }} {{ record.type | default('A') }} {{ record.value }}
+{% endfor %}