From 71dfbbe0291218bcb3ffaa9997d8aaf6d98a3259 Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Thu, 22 Feb 2018 00:25:36 +0800 Subject: role/dns: configure NSD as the stealth master with 2 domains * Add "network" and "nsd" variables * Install and configure NSD as the authoritative stealth master server * Allow notify and transfer to slave masters: - freedns.afraid.org - 1984hosting.com * Add preliminary zone files for domains: - 233233.xyz - 1314233.xyz --- roles/dns/tasks/main.yml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'roles/dns/tasks') diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index 59522a8..6712c37 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -20,11 +20,13 @@ command: > fetch -o /usr/local/etc/unbound/root.hints "https://www.internic.net/domain/named.cache" + notify: restart-unbound - name: unbound - copy configuration copy: src: unbound.conf dest: /usr/local/etc/unbound/unbound.conf + notify: restart-unbound - name: unbound - enable and start service command: rcenable unbound @@ -33,3 +35,33 @@ copy: src: resolv.conf dest: /etc/resolv.conf + +- name: NSD - copy configuration + template: + src: nsd.conf.j2 + dest: /usr/local/etc/nsd/nsd.conf + notify: restart-nsd + +- name: NSD - check existence of control key/cert + stat: + path: /usr/local/etc/nsd/nsd_control.key + register: stat_result + +- name: NSD - generate self-signed key/cert for control + command: nsd-control-setup + when: stat_result.stat.exists == False + +- name: NSD - create zones directory + file: + path: /usr/local/etc/nsd/zones + state: directory + +- name: NSD - copy zone files + template: + src: "zones/{{ item }}.zone.j2" + dest: "/usr/local/etc/nsd/zones/{{ item }}.zone" + with_items: "{{ nsd.zones }}" + notify: restart-nsd + +- name: NSD - enable and start service + command: rcenable nsd -- cgit v1.2.2