aboutsummaryrefslogtreecommitdiffstats
path: root/roles/dns/tasks
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-02-21 11:51:44 +0800
committerAaron LI <aly@aaronly.me>2018-02-21 11:51:44 +0800
commitbc59213a33e609f177093a8e955f44b3999c8b56 (patch)
tree9a1e3af3bdb40d72b5bb8f9f2e6ed82632d44435 /roles/dns/tasks
parent5cc888e1c9384ae4f0a6f71718ab2acc97c0269d (diff)
downloadansible-dfly-vps-bc59213a33e609f177093a8e955f44b3999c8b56.tar.bz2
Add role dns to setup unbound service
Diffstat (limited to 'roles/dns/tasks')
-rw-r--r--roles/dns/tasks/main.yml35
1 files changed, 35 insertions, 0 deletions
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
new file mode 100644
index 0000000..59522a8
--- /dev/null
+++ b/roles/dns/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- name: install unbound and nsd
+ pkgng:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - unbound
+ - nsd
+
+# "root-hints" is the file which contains the listing of primary root
+# DNS servers. Unbound does have a listing of root DNS servers in its
+# code, but we want to make sure we have the most up to date copy.
+# We normally update our copy once every 6 months.
+#
+# References:
+# * Unbound DNS Server Tutorial
+# https://calomel.org/unbound_dns.html
+#
+- name: unbound - fetch root.hints
+ command: >
+ fetch -o /usr/local/etc/unbound/root.hints
+ "https://www.internic.net/domain/named.cache"
+
+- name: unbound - copy configuration
+ copy:
+ src: unbound.conf
+ dest: /usr/local/etc/unbound/unbound.conf
+
+- name: unbound - enable and start service
+ command: rcenable unbound
+
+- name: setup resolv.conf
+ copy:
+ src: resolv.conf
+ dest: /etc/resolv.conf