feat: support rndc

2023-06-09 09:46:02 +02:00 · 2023-06-09 09:46:02 +02:00 · 38b4533838
commit 38b4533838
parent 90bdec9e98
4 changed files with 49 additions and 9 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -5,6 +5,14 @@ bind9_acls:
  permissions: []
  # - "111.222.111.222"

+bind9_controls: []
+# - acls:
+#   - localhost
+#   inet: "127.0.0.1"
+#   port: "953"
+#   tsig_keys:
+#   - rndc
+
 bind9_logging:
  categories:
  - name: "security"
@ -70,6 +78,11 @@ bind9_options:

  transfer_format: "many-answers"

+bind9_rndc_key:
+  name: ""
+  algorithm: ""
+  secret: ""
+
 bind9_statics:
  enabled: true
  channels:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -41,14 +41,6 @@
      state: absent
    with_items: "{{ files_to_delete.files }}"

-
-#  - name: copy zone files
-#   ansible.builtin.include_tasks: copy_zone_files.yml
-#   with_items:
-#   - "{{ bind9_views }}"
-#   loop_control:
-#     loop_var: view
-
 - name: Create DNS-Zone files
  ansible.builtin.include_tasks: template_zone_files.yml
  with_items:
@ -86,3 +78,14 @@
    name: named
    state: started
    enabled: true
+
+- name: Create rndc.key
+  ansible.builtin.template:
+    src: etc/rndc.key.j2
+    dest: /etc/rndc.key
+    owner: "{{ bind_unix_user }}"
+    group: "{{ bind_unix_group }}"
+    mode: "0600"
+  when: bind9_rndc_key.name | length > 0 and
+        bind9_rndc_key.algorithm | length > 0 and
+        bind9_rndc_key.secret | length > 0
--- a/templates/etc/named/named.conf.options.j2
+++ b/templates/etc/named/named.conf.options.j2
@ -2,6 +2,23 @@
 # {{ ansible_managed }}
 #

+{% if bind9_controls is defined and bind9_controls | length > 0 %}
+controls {
+{% for control in bind9_controls %}
+  inet {{ control.inet }} port {{ control.port }} allow {
+{% for acl in control.acls %}
+    {{ acl }};
+{% endfor %}
+  } keys {
+{% for name in control.tsig_keys %}
+    "{{ name }}";
+{% endfor %}
+  };
+
+{% endfor %}
+};
+{% endif %}
+
 options {

  # This specifies which hosts are allowed to ask ordinary DNS questions.
@ -246,4 +263,4 @@ statistics-channels {
  };
 {% endfor %}
 };
-{% endif %}
+{% endif %}
--- a/templates/etc/rndc.key.j2
+++ b/templates/etc/rndc.key.j2
@ -0,0 +1,7 @@
+#
+# {{ ansible_managed }}
+#
+key "{{ bind9_rndc_key.name }}" {
+  algorithm {{ bind9_rndc_key.algorithm }};
+  secret "{{ bind9_rndc_key.secret }}";
+};