first dns setup checkpoint

deploy-nameservers.yml

@@ -0,0 +1,5 @@
+- name: basic host setup 
+  hosts: nameservers
+  roles:
+    - dnscommon
+    - nameservers

group_vars/all.yml

@@ -4,3 +4,18 @@ dns_servers:
   - 1.0.0.1
 dns_dnssec: true
 dns_domains: ["internal.simponic.xyz"]
+
+dns_zones:
+  - zone_name: simponic.xyz
+    zone_file: db.simponic.xyz
+
+  - zone_name: rainrainra.in
+    zone_file: db.rainrainra.in
+
+  - zone_name: rileyandlizzy.wedding
+    zone_file: db.rileyandlizzy.wedding
+
+dns_primary_hostname: ryo
+dns_replica_hostname: nijika
+dns_primary_ip: 107.173.19.33
+dns_replica_ip: 107.172.103.253

inventory

@@ -8,17 +8,21 @@ ryo  ansible_user=root ansible_connection=ssh
 levi  ansible_user=root ansible_connection=ssh
 #ash.internal.simponic.xyz  ansible_user=root ansible_connection=ssh
 
+[nameservers]
+ryo  ansible_user=root ansible_connection=ssh
+nijika  ansible_user=root ansible_connection=ssh
+
 [dnsprimary]
-nijika  ansible_user=root ansible_connection=ssh ansible_host=107.173.19.33   # nijika
+ryo  ansible_user=root ansible_connection=ssh
 
 [dnsreplica]
-ryo  ansible_user=root ansible_connection=ssh ansible_host=107.172.103.253 # ryo
+nijika  ansible_user=root ansible_connection=ssh
 
-[internaldns]
+[dnsinternal]
+johan ansible_user=root ansible_connection=ssh
+
+[vpn]
 johan ansible_user=root ansible_connection=ssh
 
 [mail]
 #ash  ansible_user=root ansible_connection=ssh
-
-[vpn]
-johan ansible_user=root ansible_connection=ssh

roles/dnscommon/files/named.conf.options

@@ -0,0 +1,12 @@
+options {
+  directory "/var/cache/bind";
+
+  recursion no;
+  allow-transfer { none; };
+
+  allow-query { any; };
+
+  auth-nxdomain no;    # conform to RFC1035
+
+  listen-on-v6 { any; };
+};

roles/dnscommon/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+- name: install BIND
+  apt: name=bind9 state=latest
+
+- name: copy named.conf.options
+  copy:
+    src: ../files/named.conf.options
+    dest: /etc/bind/named.conf.options
+    owner: bind
+    group: bind
+    mode: 0644
+
+- name: restart & enable BIND
+  service: name=named state=restarted enabled=yes
+
+- name: allow dns from everywhere via udp
+  ufw:
+    rule: allow
+    port: '53'
+    proto: udp
+- name: allow dns from everywhere via tcp
+  ufw:
+    rule: allow
+    port: '53'
+    proto: tcp
+
+- name: restart ufw
+  service: name=ufw state=restarted enabled=yes

roles/nameservers/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+- name: create named.conf.local for primary
+  template:
+    src: ../templates/named.conf.local.primary.j2
+    dest: /etc/bind/named.conf.local
+  when: inventory_hostname in groups['dnsprimary']
+
+- name: create primary zone files for primary
+  template:
+    src: "../templates/{{ item.zone_file }}.j2"
+    dest: "/etc/bind/{{ item.zone_file }}"
+  with_items: "{{ dns_zones }}"
+  when: inventory_hostname in groups['dnsprimary']
+
+- name: create named.conf.local for replica
+  template:
+    src: ../templates/named.conf.local.replica.j2
+    dest: /etc/bind/named.conf.local
+  when: inventory_hostname in groups['dnsreplica']
+
+- name: restart bind9
+  service:
+    name: bind9
+    state: restarted
+    enabled: true

roles/nameservers/templates/db.rainrainra.in.j2

@@ -0,0 +1,16 @@
+$TTL    604800
+@       IN      SOA     {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. (
+                              5         ; Serial
+                         604800         ; Refresh
+                          86400         ; Retry
+                        2419200         ; Expire
+                         604800 )       ; Negative Cache TTL
+;
+
+; Name servers
+rainrainra.in.    IN      NS      {{ dns_primary_hostname }}.simponic.xyz.
+rainrainra.in.    IN      NS      {{ dns_replica_hostname }}.simponic.xyz.
+
+; Other A records
+@               IN      A       129.123.76.14
+www             IN      A       129.123.76.14

roles/nameservers/templates/db.rileyandlizzy.wedding.j2

@@ -0,0 +1,16 @@
+$TTL    604800
+@       IN      SOA     {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. (
+                              5         ; Serial
+                         604800         ; Refresh
+                          86400         ; Retry
+                        2419200         ; Expire
+                         604800 )       ; Negative Cache TTL
+;
+
+; Name servers
+rileyandlizzy.wedding.    IN      NS      {{ dns_primary_hostname }}.simponic.xyz.
+rileyandlizzy.wedding.    IN      NS      {{ dns_replica_hostname }}.simponic.xyz.
+
+; Other A records
+@               IN      A       129.123.76.14
+www             IN      A       129.123.76.14

roles/nameservers/templates/db.simponic.xyz.j2

@@ -0,0 +1,20 @@
+$TTL    604800
+@       IN      SOA     {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. (
+                              5         ; Serial
+                         604800         ; Refresh
+                          86400         ; Retry
+                        2419200         ; Expire
+                         604800 )       ; Negative Cache TTL
+;
+
+; Name servers
+simponic.xyz.    IN      NS      {{ dns_primary_hostname }}.simponic.xyz.
+simponic.xyz.    IN      NS      {{ dns_replica_hostname }}.simponic.xyz.
+
+; A records for name servers
+{{ dns_primary_hostname }}             IN      A      {{ dns_primary_ip }}
+{{ dns_replica_hostname }}             IN      A      {{ dns_replica_ip }}
+
+; Other A records
+@               IN      A       129.123.76.14
+www             IN      A       129.123.76.14

roles/nameservers/templates/named.conf.local.primary.j2

@@ -0,0 +1,7 @@
+{% for zone in dns_zones %}
+zone "{{ zone.zone_name }}" {
+    type master;
+    file "/etc/bind/{{ zone.zone_file }}";
+    allow-transfer { {{ dns_replica_ip }}; };
+};
+{% endfor %}

roles/nameservers/templates/named.conf.local.replica.j2

@@ -0,0 +1,7 @@
+{% for zone in dns_zones %}
+zone "{{ zone.zone_name }}" {
+    type slave;
+    file "db.{{ zone.zone_name }}";
+    masters { {{ dns_primary_ip }}; };
+};
+{% endfor %}