Add role dns to setup unbound service

author: Aaron LI <aly@aaronly.me> 2018-02-21 11:51:44 +0800
committer: Aaron LI <aly@aaronly.me> 2018-02-21 11:51:44 +0800
commit: bc59213a33e609f177093a8e955f44b3999c8b56 (patch)
tree: 9a1e3af3bdb40d72b5bb8f9f2e6ed82632d44435 /roles/dns/tasks/main.yml
parent: 5cc888e1c9384ae4f0a6f71718ab2acc97c0269d (diff)
download: ansible-dfly-vps-bc59213a33e609f177093a8e955f44b3999c8b56.tar.bz2
1 files changed, 35 insertions, 0 deletions
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
new file mode 100644
index 0000000..59522a8
--- /dev/null
+++ b/roles/dns/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- name: install unbound and nsd
+  pkgng:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - unbound
+    - nsd
+
+# "root-hints" is the file which contains the listing of primary root
+# DNS servers.  Unbound does have a listing of root DNS servers in its
+# code, but we want to make sure we have the most up to date copy.
+# We normally update our copy once every 6 months.
+#
+# References:
+# * Unbound DNS Server Tutorial
+#   https://calomel.org/unbound_dns.html
+#
+- name: unbound - fetch root.hints
+  command: >
+    fetch -o /usr/local/etc/unbound/root.hints
+    "https://www.internic.net/domain/named.cache"
+
+- name: unbound - copy configuration
+  copy:
+    src: unbound.conf
+    dest: /usr/local/etc/unbound/unbound.conf
+
+- name: unbound - enable and start service
+  command: rcenable unbound
+
+- name: setup resolv.conf
+  copy:
+    src: resolv.conf
+    dest: /etc/resolv.conf
author	Aaron LI <aly@aaronly.me>	2018-02-21 11:51:44 +0800
committer	Aaron LI <aly@aaronly.me>	2018-02-21 11:51:44 +0800
commit	bc59213a33e609f177093a8e955f44b3999c8b56 (patch)
tree	9a1e3af3bdb40d72b5bb8f9f2e6ed82632d44435 /roles/dns/tasks/main.yml
parent	5cc888e1c9384ae4f0a6f71718ab2acc97c0269d (diff)
download	ansible-dfly-vps-bc59213a33e609f177093a8e955f44b3999c8b56.tar.bz2