diff --git a/roles/ns/defaults/main.yml b/roles/ns/defaults/main.yml index daeccf4..4b1213f 100644 --- a/roles/ns/defaults/main.yml +++ b/roles/ns/defaults/main.yml @@ -18,12 +18,12 @@ bind_config_templates: - { src: 'dhcp.key', dest: '/etc/bind/keys/dhcp.key', mode: 'u=rw,g=r,o=' } - { src: 'isp1.ns', dest: '/root/scripts/switch-isp', mode: 'u=rw,g=rw,o=r' } - { src: 'isp2.ns', dest: '/root/scripts/switch-isp', mode: 'u=rw,g=rw,o=r' } + - { src: 'delete.ns', dest: '/root/scripts/switch-isp', mode: 'u=rw,g=rw,o=r' } directory: - { path: '/root/scripts', owner: 'root', group: 'root', mode: 'u=rwx,g=rx,o=rx' } - { path: '/etc/bind/keys', owner: 'root', group: 'bind', mode: 'u=rwx,g=rxs,o=rx' } - { path: '/root/scripts/switch-isp', owner: 'root', group: 'bind', mode: 'u=rwx,g=rxs,o=rx' } required_files: - - { src: 'delete.ns', dest: '/root/scripts/switch-isp', owner: 'root', group: 'bind', mode: 'u=rw,g=rw,o=r' } - { src: 'switch-isp.sh', dest: '/root/scripts', owner: 'root', group: 'root', mode: 'u=rwx,g=rx,o=rx' } - { src: 'sync-conf', dest: '/root/scripts', owner: 'root', group: 'root', mode: 'u=rwx,g=rx,o=rx' } - { src: 'gen-key.sh', dest: '/root/scripts', owner: 'root', group: 'bind', mode: 'u=rwx,g=rx,o=rx' } diff --git a/roles/ns/files/delete.ns b/roles/ns/files/delete.ns deleted file mode 100644 index cbb97ad..0000000 --- a/roles/ns/files/delete.ns +++ /dev/null @@ -1,14 +0,0 @@ -update delete verdnatura.es A -update delete kube-proxy.verdnatura.es A -update delete smtp.verdnatura.es A -update delete imap.verdnatura.es A -update delete autodiscover.verdnatura.es A -update delete time1.verdnatura.es A -update delete time2.verdnatura.es A -update delete dc-ip01.verdnatura.es A -update delete dc-ip02.verdnatura.es A -update delete dc-ip03.verdnatura.es A -update delete dc-ip04.verdnatura.es A -update delete mailgw1.verdnatura.es A -update delete mailgw2.verdnatura.es A -send diff --git a/roles/ns/tasks/ns.yml b/roles/ns/tasks/ns.yml index 7943efa..beb5d3a 100644 --- a/roles/ns/tasks/ns.yml +++ b/roles/ns/tasks/ns.yml @@ -6,6 +6,13 @@ name: "{{ bind_packages }}" state: present install_recommends: no +- name: Ensure BIND9 starts with IPv4 only (-4) + lineinfile: + path: /etc/default/named + regexp: '^OPTIONS=' + line: 'OPTIONS="-u bind -4"' + backrefs: yes + notify: restart-dns - name: Create directory file: path: "{{ item.path }}" diff --git a/roles/ns/templates/delete.ns b/roles/ns/templates/delete.ns new file mode 100644 index 0000000..899f5cc --- /dev/null +++ b/roles/ns/templates/delete.ns @@ -0,0 +1,4 @@ +{% for record in dns_records_delete %} +update delete {{ record.name.ljust(30) }} A +{% endfor %} +send diff --git a/roles/ns/templates/named.conf.master.j2 b/roles/ns/templates/named.conf.master.j2 index dc63834..e923cc5 100644 --- a/roles/ns/templates/named.conf.master.j2 +++ b/roles/ns/templates/named.conf.master.j2 @@ -27,6 +27,12 @@ view "lan" { {% endfor %} }; + plugin query "filter-aaaa.so" { + filter-aaaa-on-v4 yes; + filter-aaaa-on-v6 yes; + filter-aaaa { any; }; + }; + recursion yes; allow-recursion { any; }; empty-zones-enable yes; diff --git a/roles/ns/templates/named.conf.slave.j2 b/roles/ns/templates/named.conf.slave.j2 index c1142a1..cfe4ade 100644 --- a/roles/ns/templates/named.conf.slave.j2 +++ b/roles/ns/templates/named.conf.slave.j2 @@ -20,17 +20,22 @@ masters master-ips { view "lan" { match-clients { - {% for item in key_match_clients_lan_master if item.startswith("!key") %} + {%- for item in key_match_clients_lan_master if item.startswith("!key") -%} {{ item }}; {% endfor %} -{% for item in acl_match_clients %} +{%- for item in acl_match_clients -%} {{ item }}; {% endfor %} -{% for item in key_match_clients_lan_slave if not item.startswith("!key") %} +{%- for item in key_match_clients_lan_slave if not item.startswith("!key") -%} {{ item }}; {% endfor %} }; + plugin query "filter-aaaa.so" { + filter-aaaa-on-v4 yes; + filter-aaaa-on-v6 yes; + filter-aaaa { any; }; + }; recursion yes; allow-recursion { any; }; empty-zones-enable yes;