This commit is contained in:
parent
90bdec9e98
commit
38b4533838
@ -5,6 +5,14 @@ bind9_acls:
|
|||||||
permissions: []
|
permissions: []
|
||||||
# - "111.222.111.222"
|
# - "111.222.111.222"
|
||||||
|
|
||||||
|
bind9_controls: []
|
||||||
|
# - acls:
|
||||||
|
# - localhost
|
||||||
|
# inet: "127.0.0.1"
|
||||||
|
# port: "953"
|
||||||
|
# tsig_keys:
|
||||||
|
# - rndc
|
||||||
|
|
||||||
bind9_logging:
|
bind9_logging:
|
||||||
categories:
|
categories:
|
||||||
- name: "security"
|
- name: "security"
|
||||||
@ -70,6 +78,11 @@ bind9_options:
|
|||||||
|
|
||||||
transfer_format: "many-answers"
|
transfer_format: "many-answers"
|
||||||
|
|
||||||
|
bind9_rndc_key:
|
||||||
|
name: ""
|
||||||
|
algorithm: ""
|
||||||
|
secret: ""
|
||||||
|
|
||||||
bind9_statics:
|
bind9_statics:
|
||||||
enabled: true
|
enabled: true
|
||||||
channels:
|
channels:
|
||||||
|
@ -41,14 +41,6 @@
|
|||||||
state: absent
|
state: absent
|
||||||
with_items: "{{ files_to_delete.files }}"
|
with_items: "{{ files_to_delete.files }}"
|
||||||
|
|
||||||
|
|
||||||
# - name: copy zone files
|
|
||||||
# ansible.builtin.include_tasks: copy_zone_files.yml
|
|
||||||
# with_items:
|
|
||||||
# - "{{ bind9_views }}"
|
|
||||||
# loop_control:
|
|
||||||
# loop_var: view
|
|
||||||
|
|
||||||
- name: Create DNS-Zone files
|
- name: Create DNS-Zone files
|
||||||
ansible.builtin.include_tasks: template_zone_files.yml
|
ansible.builtin.include_tasks: template_zone_files.yml
|
||||||
with_items:
|
with_items:
|
||||||
@ -86,3 +78,14 @@
|
|||||||
name: named
|
name: named
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
- name: Create rndc.key
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: etc/rndc.key.j2
|
||||||
|
dest: /etc/rndc.key
|
||||||
|
owner: "{{ bind_unix_user }}"
|
||||||
|
group: "{{ bind_unix_group }}"
|
||||||
|
mode: "0600"
|
||||||
|
when: bind9_rndc_key.name | length > 0 and
|
||||||
|
bind9_rndc_key.algorithm | length > 0 and
|
||||||
|
bind9_rndc_key.secret | length > 0
|
||||||
|
@ -2,6 +2,23 @@
|
|||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
|
|
||||||
|
{% if bind9_controls is defined and bind9_controls | length > 0 %}
|
||||||
|
controls {
|
||||||
|
{% for control in bind9_controls %}
|
||||||
|
inet {{ control.inet }} port {{ control.port }} allow {
|
||||||
|
{% for acl in control.acls %}
|
||||||
|
{{ acl }};
|
||||||
|
{% endfor %}
|
||||||
|
} keys {
|
||||||
|
{% for name in control.tsig_keys %}
|
||||||
|
"{{ name }}";
|
||||||
|
{% endfor %}
|
||||||
|
};
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
|
};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
options {
|
options {
|
||||||
|
|
||||||
# This specifies which hosts are allowed to ask ordinary DNS questions.
|
# This specifies which hosts are allowed to ask ordinary DNS questions.
|
||||||
|
7
templates/etc/rndc.key.j2
Normal file
7
templates/etc/rndc.key.j2
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
#
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
#
|
||||||
|
key "{{ bind9_rndc_key.name }}" {
|
||||||
|
algorithm {{ bind9_rndc_key.algorithm }};
|
||||||
|
secret "{{ bind9_rndc_key.secret }}";
|
||||||
|
};
|
Loading…
Reference in New Issue
Block a user