diff --git a/group_vars/all.yml b/group_vars/all.yml index 42bc03b..d64ccd5 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -15,6 +15,9 @@ dns_zones: - zone_name: rileyandlizzy.wedding zone_file: db.rileyandlizzy.wedding +dns_sec_zones: + - zone: simponic.xyz + dns_primary_hostname: ryo dns_replica_hostname: nijika dns_primary_ip: 107.173.19.33 diff --git a/roles/dnscommon/tasks/main.yml b/roles/dnscommon/tasks/main.yml index ce1bb66..c7547d7 100644 --- a/roles/dnscommon/tasks/main.yml +++ b/roles/dnscommon/tasks/main.yml @@ -1,6 +1,8 @@ --- - name: install BIND apt: name=bind9 state=latest +- name: install BIND-utils + apt: name=bind9-utils state=latest - name: copy named.conf.options copy: diff --git a/roles/nameservers/tasks/main.yml b/roles/nameservers/tasks/main.yml index 7f13ebd..e078c00 100644 --- a/roles/nameservers/tasks/main.yml +++ b/roles/nameservers/tasks/main.yml @@ -1,21 +1,40 @@ --- + +## PRIMARY + - name: create named.conf.local for primary template: src: ../templates/named.conf.local.primary.j2 dest: /etc/bind/named.conf.local + owner: bind + group: bind when: inventory_hostname in groups['dnsprimary'] +- name: create /etc/bind/zones if not exist + ansible.builtin.file: + path: /etc/bind/zones + state: directory + owner: bind + group: bind + - name: create primary zone files for primary template: src: "../templates/{{ item.zone_file }}.j2" - dest: "/etc/bind/{{ item.zone_file }}" + dest: "/etc/bind/zones/{{ item.zone_file }}" + owner: bind + group: bind with_items: "{{ dns_zones }}" when: inventory_hostname in groups['dnsprimary'] + +## REPLICA + - name: create named.conf.local for replica template: src: ../templates/named.conf.local.replica.j2 dest: /etc/bind/named.conf.local + owner: bind + group: bind when: inventory_hostname in groups['dnsreplica'] - name: restart bind9 diff --git a/roles/nameservers/templates/db.simponic.xyz.j2 b/roles/nameservers/templates/db.simponic.xyz.j2 index ff38293..d219beb 100644 --- a/roles/nameservers/templates/db.simponic.xyz.j2 +++ b/roles/nameservers/templates/db.simponic.xyz.j2 @@ -1,7 +1,7 @@ $TTL 604800 @ IN SOA {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. ( - 5 ; Serial - 604800 ; Refresh + 1704161086 ; Serial + 86400 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL @@ -15,6 +15,23 @@ simponic.xyz. IN NS {{ dns_replica_hostname }}.simponic.xyz. {{ dns_primary_hostname }} IN A {{ dns_primary_ip }} {{ dns_replica_hostname }} IN A {{ dns_replica_ip }} -; Other A records -@ IN A 129.123.76.14 -www IN A 129.123.76.14 +;; A Records +mail.simponic.xyz. 1 IN A 192.3.248.205 +simponic.xyz. 1 IN A 129.123.76.14 + +;; CNAME Records +s1._domainkey.simponic.xyz. 1 IN CNAME s1.domainkey.u25709709.wl210.sendgrid.net. +s2._domainkey.simponic.xyz. 1 IN CNAME s2.domainkey.u25709709.wl210.sendgrid.net. +static.simponic.xyz. 1 IN CNAME simponic.xyz. +www.simponic.xyz. 1 IN CNAME simponic.xyz. + +;; MX Records +simponic.xyz. 1 IN MX 10 mail.simponic.xyz. + +;; TXT Records +_acme-challenge.simponic.xyz. 1 IN TXT "6GcrSuBAj8pNKqiCBWUIONRJjbDVtOizadBDGngW4-U" +_acme-challenge.simponic.xyz. 1 IN TXT "IErMxNBY3v1Wc3RV06khZXKDC1f9EObYHSXETK5ZKYE" +_acme-challenge.simponic.xyz. 1 IN TXT "3jWQSVbU-SdebeymX58bir5kEHG1dVHRXYE-P_4Qao8" +_acme-challenge.simponic.xyz. 1 IN TXT "LXaVBwQCanWKF4cNxzPHHPM9N-kkjhn8_4r6RsveBqs" +dkim._domainkey.simponic.xyz. 1 IN TXT "v=DKIM1; p= MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNWLcbrcGq0z8f0fSmxLbfK/Q/ZwmnPyJEfljS2VuDIm7DUXahHIFtB8hfZ/WAocoirb8kUHTvTAgmUOXPpNxTDve3tV9S+CBBYHH2c9XBsuaZn/Vi0TR5vbBDuISmlXT6k+2cdq0LO+PYRwJI65t/JWTR5fQlCmVgxbI5gwDYFRZC0Nl5gEwuKw7pdEJg4Pymyox" "i" "zcikaGk/plXj6BDvv9pK1q8Wa+QPIkuBPFvsEh3KSApMP1p5thzHFaeNyCn5PuYEvbgkal0722px6GvYfR2W/APNRztbmWVewXH6kEWCgOYMkmWiYYLgEwz62rq2SzszP1rrl3WjVi26916wIDAQAB" +simponic.xyz. 1 IN TXT "v=spf1 mx ip4:192.3.248.205 ~all" diff --git a/roles/nameservers/templates/named.conf.local.primary.j2 b/roles/nameservers/templates/named.conf.local.primary.j2 index 0234278..44665e6 100644 --- a/roles/nameservers/templates/named.conf.local.primary.j2 +++ b/roles/nameservers/templates/named.conf.local.primary.j2 @@ -1,7 +1,7 @@ {% for zone in dns_zones %} zone "{{ zone.zone_name }}" { type master; - file "/etc/bind/{{ zone.zone_file }}"; + file "/etc/bind/zones/{{ zone.zone_file }}"; allow-transfer { {{ dns_replica_ip }}; }; }; {% endfor %}