ansible-role-bind9/defaults/main.yml

169 lines
3.7 KiB
YAML
Raw Normal View History

2022-02-21 20:41:31 +00:00
---
bind9_acls:
- name: internalnets
permissions: []
# - "111.222.111.222"
2023-06-09 07:46:02 +00:00
bind9_controls: []
# - acls:
# - localhost
# inet: "127.0.0.1"
# port: "953"
# tsig_keys:
# - rndc
2022-02-21 20:41:31 +00:00
bind9_logging:
categories:
- name: "security"
channels:
- "security_file"
channels:
- name: "security_file"
2023-02-11 15:00:33 +00:00
file:
2022-02-21 20:41:31 +00:00
path: "/var/log/named/security.log"
options: "versions 3 size 30m"
severity: "dynamic"
print_times: "yes"
bind9_options:
allow_query: []
allow_query_on: []
allow_query_cache: []
allow_query_cache_on: []
allow_recursion:
- "localhost"
- "localnets"
- "internalnets"
allow_recursion_on: []
allow_transfer: []
allow_update: []
allow_update_forwarding: []
auth_nxdomain: false
blackhole: []
2024-05-22 18:22:17 +00:00
dnssec_accept_expired: false
dnssec_validation: "auto"
2022-02-21 20:41:31 +00:00
forwarders:
- ip: "8.8.8.8" # Google IPv4
port: "53"
- ip: "8.8.4.4" # Google IPv4
port: "53"
- ip: "2001:4860:4860::8888" # Google IPv6
port: "53"
- ip: "2001:4860:4860::8844" # Google IPv6
port: "53"
- ip: "208.67.222.222" # OpenDNS IPv4
port: "53"
- ip: "208.67.220.220" # OpenDNS IPv4
port: "53"
- ip: "2620:0:ccc::2" # OpenDNS IPv6
port: "53"
- ip: "2620:0:ccd::2" # OpenDNS IPv6
port: "53"
2022-02-21 20:41:31 +00:00
interface_interval: 0
2024-05-22 18:22:17 +00:00
key_directory: "/var/named/dnssec-keys"
2022-02-21 20:41:31 +00:00
listen_on_ipv4:
- "127.0.0.1"
listen_on_ipv6:
- "::1"
max_transfer_time: "60"
minimal_responses: "no"
notify: "yes"
recursion: "yes"
2023-01-18 22:35:36 +00:00
update_policies: []
# - action: grant
# identity: keyname
# ruletype: name
# name: _acme-challenge.example.com.
# types:
# - TXT
2022-02-21 20:41:31 +00:00
transfer_format: "many-answers"
2023-06-09 07:46:02 +00:00
bind9_rndc_key:
name: ""
algorithm: ""
secret: ""
2024-05-22 18:22:17 +00:00
bind9_dnssec_keys: []
# - origin: "hellenthal.cryptic.systems"
# key_signing_key:
# private:
# filename: "{{ bind9_options.key_directory }}/example.com.private"
# content: "private key"
# public:
# filename: "{{ bind9_options.key_directory }}/example.com.private"
# content: "public key"
# zone_signing_key:
# private:
# filename: "{{ bind9_options.key_directory }}/example.com.private"
# content: "private key"
# public:
# filename: "{{ bind9_options.key_directory }}/example.com.private"
# content: "public key"
bind9_statics:
enabled: true
channels:
- inet: "127.0.0.1"
port: "8053"
acls:
- "localhost"
2022-02-21 20:41:31 +00:00
bind9_tsigkeys: []
# - name: "name"
# algorithm: "algorithm"
# secret: "secret"
bind9_views: []
# - name: external
# match_clients:
# - "!internalnets"
# - "any"
# zones:
2024-05-22 18:22:17 +00:00
# - config:
# allow_notify: []
# allow_query:
# - "any"
# allow_query_on: []
# allow_update: []
# allow_update_forwarding: []
# allow_transfer: []
# file: zones/external/db.local.example
# origin: "example.local."
# type: master
# notify: true
2022-02-21 20:41:31 +00:00
# file: zones/external/db.local.example
# - name: internal
# match_clients:
# - "!192.168.178.1"
# - "internalnets"
# - "127.0.0.0/8"
# zones:
2024-05-22 18:22:17 +00:00
# - config:
# allow_notify: []
# allow_query:
# - "any"
# allow_query_on: []
# allow_update: []
# allow_update_forwarding: []
# allow_transfer: []
# file: zones/internal/db.local.example
# origin: "example.local."
# type: master
2022-02-21 20:41:31 +00:00
# file: zones/internal/db.local.example
2024-05-22 18:22:17 +00:00
# - config:
# allow_notify: []
# allow_query: []
# allow_query_on: []
# allow_update: []
# allow_update_forwarding: []
# allow_transfer: []
# forward: only
# forwarders:
# - 192.168.175.1
# origin: "gitlab-runner.external.local"
# type: forward
# file: "gitlab-runner.external.local"