diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-01 20:23:23 -0500 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-01 20:23:23 -0500 |
| commit | c0ed0a948fd574208a44b2cfb5f944cf45efca29 (patch) | |
| tree | aff8726464a32d1567c0cd8e5a10263976a0cc65 | |
| parent | 64e3ad7da4884c5c36f2e30a5af1f74c88208ff8 (diff) | |
| download | oldinfra-c0ed0a948fd574208a44b2cfb5f944cf45efca29.tar.gz oldinfra-c0ed0a948fd574208a44b2cfb5f944cf45efca29.zip | |
first dns setup checkpoint
| -rw-r--r-- | deploy-nameservers.yml | 5 | ||||
| -rw-r--r-- | group_vars/all.yml | 15 | ||||
| -rw-r--r-- | inventory | 16 | ||||
| -rw-r--r-- | roles/dnscommon/files/named.conf.options | 12 | ||||
| -rw-r--r-- | roles/dnscommon/tasks/main.yml | 28 | ||||
| -rw-r--r-- | roles/nameservers/tasks/main.yml | 25 | ||||
| -rw-r--r-- | roles/nameservers/templates/db.rainrainra.in.j2 | 16 | ||||
| -rw-r--r-- | roles/nameservers/templates/db.rileyandlizzy.wedding.j2 | 16 | ||||
| -rw-r--r-- | roles/nameservers/templates/db.simponic.xyz.j2 | 20 | ||||
| -rw-r--r-- | roles/nameservers/templates/named.conf.local.primary.j2 | 7 | ||||
| -rw-r--r-- | roles/nameservers/templates/named.conf.local.replica.j2 | 7 |
11 files changed, 161 insertions, 6 deletions
diff --git a/deploy-nameservers.yml b/deploy-nameservers.yml new file mode 100644 index 0000000..c69e361 --- /dev/null +++ b/deploy-nameservers.yml @@ -0,0 +1,5 @@ +- name: basic host setup + hosts: nameservers + roles: + - dnscommon + - nameservers diff --git a/group_vars/all.yml b/group_vars/all.yml index 82b1512..42bc03b 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -4,3 +4,18 @@ dns_servers: - 1.0.0.1 dns_dnssec: true dns_domains: ["internal.simponic.xyz"] + +dns_zones: + - zone_name: simponic.xyz + zone_file: db.simponic.xyz + + - zone_name: rainrainra.in + zone_file: db.rainrainra.in + + - zone_name: rileyandlizzy.wedding + zone_file: db.rileyandlizzy.wedding + +dns_primary_hostname: ryo +dns_replica_hostname: nijika +dns_primary_ip: 107.173.19.33 +dns_replica_ip: 107.172.103.253 @@ -8,17 +8,21 @@ ryo ansible_user=root ansible_connection=ssh levi ansible_user=root ansible_connection=ssh #ash.internal.simponic.xyz ansible_user=root ansible_connection=ssh +[nameservers] +ryo ansible_user=root ansible_connection=ssh +nijika ansible_user=root ansible_connection=ssh + [dnsprimary] -nijika ansible_user=root ansible_connection=ssh ansible_host=107.173.19.33 # nijika +ryo ansible_user=root ansible_connection=ssh [dnsreplica] -ryo ansible_user=root ansible_connection=ssh ansible_host=107.172.103.253 # ryo +nijika ansible_user=root ansible_connection=ssh -[internaldns] +[dnsinternal] johan ansible_user=root ansible_connection=ssh -[mail] -#ash ansible_user=root ansible_connection=ssh - [vpn] johan ansible_user=root ansible_connection=ssh + +[mail] +#ash ansible_user=root ansible_connection=ssh diff --git a/roles/dnscommon/files/named.conf.options b/roles/dnscommon/files/named.conf.options new file mode 100644 index 0000000..c788257 --- /dev/null +++ b/roles/dnscommon/files/named.conf.options @@ -0,0 +1,12 @@ +options { + directory "/var/cache/bind"; + + recursion no; + allow-transfer { none; }; + + allow-query { any; }; + + auth-nxdomain no; # conform to RFC1035 + + listen-on-v6 { any; }; +}; diff --git a/roles/dnscommon/tasks/main.yml b/roles/dnscommon/tasks/main.yml new file mode 100644 index 0000000..ce1bb66 --- /dev/null +++ b/roles/dnscommon/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: install BIND + apt: name=bind9 state=latest + +- name: copy named.conf.options + copy: + src: ../files/named.conf.options + dest: /etc/bind/named.conf.options + owner: bind + group: bind + mode: 0644 + +- name: restart & enable BIND + service: name=named state=restarted enabled=yes + +- name: allow dns from everywhere via udp + ufw: + rule: allow + port: '53' + proto: udp +- name: allow dns from everywhere via tcp + ufw: + rule: allow + port: '53' + proto: tcp + +- name: restart ufw + service: name=ufw state=restarted enabled=yes diff --git a/roles/nameservers/tasks/main.yml b/roles/nameservers/tasks/main.yml new file mode 100644 index 0000000..7f13ebd --- /dev/null +++ b/roles/nameservers/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: create named.conf.local for primary + template: + src: ../templates/named.conf.local.primary.j2 + dest: /etc/bind/named.conf.local + when: inventory_hostname in groups['dnsprimary'] + +- name: create primary zone files for primary + template: + src: "../templates/{{ item.zone_file }}.j2" + dest: "/etc/bind/{{ item.zone_file }}" + with_items: "{{ dns_zones }}" + when: inventory_hostname in groups['dnsprimary'] + +- name: create named.conf.local for replica + template: + src: ../templates/named.conf.local.replica.j2 + dest: /etc/bind/named.conf.local + when: inventory_hostname in groups['dnsreplica'] + +- name: restart bind9 + service: + name: bind9 + state: restarted + enabled: true diff --git a/roles/nameservers/templates/db.rainrainra.in.j2 b/roles/nameservers/templates/db.rainrainra.in.j2 new file mode 100644 index 0000000..38a522e --- /dev/null +++ b/roles/nameservers/templates/db.rainrainra.in.j2 @@ -0,0 +1,16 @@ +$TTL 604800 +@ IN SOA {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. ( + 5 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; + +; Name servers +rainrainra.in. IN NS {{ dns_primary_hostname }}.simponic.xyz. +rainrainra.in. IN NS {{ dns_replica_hostname }}.simponic.xyz. + +; Other A records +@ IN A 129.123.76.14 +www IN A 129.123.76.14 diff --git a/roles/nameservers/templates/db.rileyandlizzy.wedding.j2 b/roles/nameservers/templates/db.rileyandlizzy.wedding.j2 new file mode 100644 index 0000000..e000923 --- /dev/null +++ b/roles/nameservers/templates/db.rileyandlizzy.wedding.j2 @@ -0,0 +1,16 @@ +$TTL 604800 +@ IN SOA {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. ( + 5 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; + +; Name servers +rileyandlizzy.wedding. IN NS {{ dns_primary_hostname }}.simponic.xyz. +rileyandlizzy.wedding. IN NS {{ dns_replica_hostname }}.simponic.xyz. + +; Other A records +@ IN A 129.123.76.14 +www IN A 129.123.76.14 diff --git a/roles/nameservers/templates/db.simponic.xyz.j2 b/roles/nameservers/templates/db.simponic.xyz.j2 new file mode 100644 index 0000000..ff38293 --- /dev/null +++ b/roles/nameservers/templates/db.simponic.xyz.j2 @@ -0,0 +1,20 @@ +$TTL 604800 +@ IN SOA {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. ( + 5 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; + +; Name servers +simponic.xyz. IN NS {{ dns_primary_hostname }}.simponic.xyz. +simponic.xyz. IN NS {{ dns_replica_hostname }}.simponic.xyz. + +; A records for name servers +{{ dns_primary_hostname }} IN A {{ dns_primary_ip }} +{{ dns_replica_hostname }} IN A {{ dns_replica_ip }} + +; Other A records +@ IN A 129.123.76.14 +www IN A 129.123.76.14 diff --git a/roles/nameservers/templates/named.conf.local.primary.j2 b/roles/nameservers/templates/named.conf.local.primary.j2 new file mode 100644 index 0000000..0234278 --- /dev/null +++ b/roles/nameservers/templates/named.conf.local.primary.j2 @@ -0,0 +1,7 @@ +{% for zone in dns_zones %} +zone "{{ zone.zone_name }}" { + type master; + file "/etc/bind/{{ zone.zone_file }}"; + allow-transfer { {{ dns_replica_ip }}; }; +}; +{% endfor %} diff --git a/roles/nameservers/templates/named.conf.local.replica.j2 b/roles/nameservers/templates/named.conf.local.replica.j2 new file mode 100644 index 0000000..bb14d7d --- /dev/null +++ b/roles/nameservers/templates/named.conf.local.replica.j2 @@ -0,0 +1,7 @@ +{% for zone in dns_zones %} +zone "{{ zone.zone_name }}" { + type slave; + file "db.{{ zone.zone_name }}"; + masters { {{ dns_primary_ip }}; }; +}; +{% endfor %} |