Role: unbound
This commit is contained in:
parent
e7f69a095e
commit
9078d950ad
7 changed files with 121 additions and 0 deletions
|
|
@ -5,3 +5,4 @@
|
|||
- wireguard_edge_tunnels
|
||||
- bird_base
|
||||
- bird_edge
|
||||
- unbound
|
||||
|
|
|
|||
7
roles/unbound/README.md
Normal file
7
roles/unbound/README.md
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
# Unbound recursive DNS server
|
||||
|
||||
## Variables
|
||||
|
||||
* `unbound_dn42_ds`: dict of DS DNS fields for the root zones. Found on the
|
||||
registry, at eg. `data/dns/dn42`. Each entry consists in `zone: [rdata
|
||||
list]`.
|
||||
20
roles/unbound/defaults/main.yml
Normal file
20
roles/unbound/defaults/main.yml
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
unbound_dn42_ds:
|
||||
'dn42.':
|
||||
- '64441 10 2 6dadda00f5986bd26fe4f162669742cf7eba07d212b525acac9840ee06cb2799'
|
||||
- '3096 10 2 b7c687a99bee60e172ea439bd2d3087b1d970916575db9c1cb591b7ee15d8cb1'
|
||||
'20.172.in-addr.arpa.':
|
||||
- '64441 10 2 616c149633e93d963b0e8f738719630ea0a09f4aabe211b1fbb8fc9f51304027'
|
||||
- '3096 10 2 6adf85efddf223c8747f1816b12b62feea0b9b1bdb65e7c809202f890a33740d'
|
||||
'21.172.in-addr.arpa.':
|
||||
- '64441 10 2 4cc085716ba83f18df1a7fb9f9479d10327e3d30e222c7a197109c7560ae0368'
|
||||
- '3096 10 2 506fd7f34aaad4df1b6cfa56fe8c00e157b1c32551c981def0c5fd8f65ab14ac'
|
||||
'22.172.in-addr.arpa.':
|
||||
- '64441 10 2 383a8c2714d3da76f58cee4c54566566b336b2dfa219b965f7cb706d71c54356'
|
||||
- '3096 10 2 5437ab49f1cd947d41c585c2cc9c357323013391b0e5f94784f99175142c3260'
|
||||
'23.172.in-addr.arpa.':
|
||||
- '64441 10 2 e91c0281e705317968c76689e4f36bf2207c90bdfaad071693bb9a999d15778f'
|
||||
- '3096 10 2 631b00ba00cf80a8300b356bcca2fde4c844f6ff707a2d98b4518c72e0643467'
|
||||
'd.f.ip6.arpa':
|
||||
- '64441 10 2 9057500a3b6e09bf45a60ed8891f2e649c6812d5d149c45a3c560fa0a6195c49'
|
||||
- '3096 10 2 23fb364c82e6ed1c30b18c635f58dca58bbeb2e069bbd9d90ab9a90f66b948d2'
|
||||
5
roles/unbound/handlers/main.yml
Normal file
5
roles/unbound/handlers/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: reload unbound
|
||||
systemd:
|
||||
name: unbound
|
||||
state: reloaded
|
||||
14
roles/unbound/tasks/main.yml
Normal file
14
roles/unbound/tasks/main.yml
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: Install Unbound
|
||||
apt:
|
||||
name:
|
||||
- unbound
|
||||
|
||||
- name: Deploy configuration files
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/etc/unbound/{{ item }}"
|
||||
loop:
|
||||
- unbound.conf
|
||||
- trust-anchor-dn42.zone
|
||||
notify: reload unbound
|
||||
8
roles/unbound/templates/trust-anchor-dn42.zone.j2
Normal file
8
roles/unbound/templates/trust-anchor-dn42.zone.j2
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
{{ ansible_managed | comment('plain', prefix=';', postfix=';', decoration=';')}}
|
||||
|
||||
; DS42 zones
|
||||
{% for zone, dss in unbound_dn42_ds.items() %}
|
||||
{% for ds in dss %}
|
||||
{{ zone }} IN DS {{ ds }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
66
roles/unbound/templates/unbound.conf.j2
Normal file
66
roles/unbound/templates/unbound.conf.j2
Normal file
|
|
@ -0,0 +1,66 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
|
||||
|
||||
server:
|
||||
qname-minimisation: yes
|
||||
access-control: ::/0 deny
|
||||
access-control: {{ my_net }} allow
|
||||
access-control: ::1/128 allow
|
||||
|
||||
trust-anchor-file: /etc/unbound/trust-anchor-dn42.zone
|
||||
|
||||
local-zone: "dn42" typetransparent
|
||||
local-zone: "20.172.in-addr.arpa" typetransparent
|
||||
local-zone: "21.172.in-addr.arpa" typetransparent
|
||||
local-zone: "22.172.in-addr.arpa" typetransparent
|
||||
local-zone: "23.172.in-addr.arpa" typetransparent
|
||||
|
||||
private-domain: "dn42"
|
||||
private-domain: "20.172.in-addr.arpa"
|
||||
private-domain: "21.172.in-addr.arpa"
|
||||
private-domain: "22.172.in-addr.arpa"
|
||||
private-domain: "23.172.in-addr.arpa"
|
||||
private-domain: "d.f.ip6.arpa"
|
||||
|
||||
stub-zone:
|
||||
name: "dn42"
|
||||
stub-addr: fd42:4242:2601:ac53::1
|
||||
stub-addr: fdcf:8538:9ad5:1111::2
|
||||
stub-addr: fd42:5d71:219:0:216:3eff:fe1e:22d6
|
||||
stub-addr: fd86:bad:11b7:53::1
|
||||
|
||||
stub-zone:
|
||||
name: "20.172.in-addr.arpa"
|
||||
stub-addr: fd42:4242:2601:ac53::1
|
||||
stub-addr: fdcf:8538:9ad5:1111::2
|
||||
stub-addr: fd42:5d71:219:0:216:3eff:fe1e:22d6
|
||||
stub-addr: fd86:bad:11b7:53::1
|
||||
|
||||
stub-zone:
|
||||
name: "21.172.in-addr.arpa"
|
||||
stub-addr: fd42:4242:2601:ac53::1
|
||||
stub-addr: fdcf:8538:9ad5:1111::2
|
||||
stub-addr: fd42:5d71:219:0:216:3eff:fe1e:22d6
|
||||
stub-addr: fd86:bad:11b7:53::1
|
||||
|
||||
stub-zone:
|
||||
name: "22.172.in-addr.arpa"
|
||||
stub-addr: fd42:4242:2601:ac53::1
|
||||
stub-addr: fdcf:8538:9ad5:1111::2
|
||||
stub-addr: fd42:5d71:219:0:216:3eff:fe1e:22d6
|
||||
stub-addr: fd86:bad:11b7:53::1
|
||||
|
||||
stub-zone:
|
||||
name: "23.172.in-addr.arpa"
|
||||
stub-addr: fd42:4242:2601:ac53::1
|
||||
stub-addr: fdcf:8538:9ad5:1111::2
|
||||
stub-addr: fd42:5d71:219:0:216:3eff:fe1e:22d6
|
||||
stub-addr: fd86:bad:11b7:53::1
|
||||
|
||||
stub-zone:
|
||||
name: "d.f.ip6.arpa"
|
||||
stub-addr: fd42:4242:2601:ac53::1
|
||||
stub-addr: fdcf:8538:9ad5:1111::2
|
||||
stub-addr: fd42:5d71:219:0:216:3eff:fe1e:22d6
|
||||
stub-addr: fd86:bad:11b7:53::1
|
||||
Loading…
Add table
Reference in a new issue