ansible-role-bind9/defaults/main.yml

122 lines
2.6 KiB
YAML
Raw Normal View History

2022-02-21 20:41:31 +00:00
---
bind9_acls:
- name: internalnets
permissions: []
# - "111.222.111.222"
bind9_logging:
categories:
- name: "security"
channels:
- "security_file"
channels:
- name: "security_file"
2023-02-11 15:00:33 +00:00
file:
2022-02-21 20:41:31 +00:00
path: "/var/log/named/security.log"
options: "versions 3 size 30m"
severity: "dynamic"
print_times: "yes"
bind9_options:
allow_query: []
allow_query_on: []
allow_query_cache: []
allow_query_cache_on: []
allow_recursion:
- "localhost"
- "localnets"
- "internalnets"
allow_recursion_on: []
allow_transfer: []
allow_update: []
allow_update_forwarding: []
auth_nxdomain: false
blackhole: []
2023-01-18 22:35:36 +00:00
dnssec_validation: true
2022-02-21 20:41:31 +00:00
forwarders:
- ip: "8.8.8.8" # Google IPv4
port: "53"
- ip: "8.8.4.4" # Google IPv4
port: "53"
- ip: "2001:4860:4860::8888" # Google IPv6
port: "53"
- ip: "2001:4860:4860::8844" # Google IPv6
port: "53"
- ip: "208.67.222.222" # OpenDNS IPv4
port: "53"
- ip: "208.67.220.220" # OpenDNS IPv4
port: "53"
- ip: "2620:0:ccc::2" # OpenDNS IPv6
port: "53"
- ip: "2620:0:ccd::2" # OpenDNS IPv6
port: "53"
2022-02-21 20:41:31 +00:00
interface_interval: 0
listen_on_ipv4:
- "127.0.0.1"
listen_on_ipv6:
- "::1"
max_transfer_time: "60"
minimal_responses: "no"
notify: "yes"
recursion: "yes"
2023-01-18 22:35:36 +00:00
update_policies: []
# - action: grant
# identity: keyname
# ruletype: name
# name: _acme-challenge.example.com.
# types:
# - TXT
2022-02-21 20:41:31 +00:00
transfer_format: "many-answers"
bind9_tsigkeys: []
# - name: "name"
# algorithm: "algorithm"
# secret: "secret"
bind9_views: []
# - name: external
# match_clients:
# - "!internalnets"
# - "any"
# zones:
# - allow_notify: []
# allow_query:
# - "any"
# allow_query_on: []
# allow_update: []
# allow_update_forwarding: []
# allow_transfer: []
# file: zones/external/db.local.example
# origin: "example.local."
# type: master
2023-02-08 16:56:13 +00:00
# notify: true
2022-02-21 20:41:31 +00:00
# - name: internal
# match_clients:
# - "!192.168.178.1"
# - "internalnets"
# - "127.0.0.0/8"
# zones:
# - allow_notify: []
# allow_query:
# - "any"
# allow_query_on: []
# allow_update: []
# allow_update_forwarding: []
# allow_transfer: []
# file: zones/internal/db.local.example
# origin: "example.local."
# type: master
2022-07-22 07:38:36 +00:00
# - allow_notify: []
# allow_query: []
# allow_query_on: []
# allow_update: []
# allow_update_forwarding: []
# allow_transfer: []
# forward: only
# forwarders:
# - 192.168.175.1
# origin: "glr.external.local."
# type: forward