From c0ed0a948fd574208a44b2cfb5f944cf45efca29 Mon Sep 17 00:00:00 2001 From: Elizabeth Hunt Date: Mon, 1 Jan 2024 20:23:23 -0500 Subject: [PATCH] first dns setup checkpoint --- deploy-nameservers.yml | 5 ++++ group_vars/all.yml | 15 ++++++++++ inventory | 16 +++++++---- roles/dnscommon/files/named.conf.options | 12 ++++++++ roles/dnscommon/tasks/main.yml | 28 +++++++++++++++++++ roles/nameservers/tasks/main.yml | 25 +++++++++++++++++ .../nameservers/templates/db.rainrainra.in.j2 | 16 +++++++++++ .../templates/db.rileyandlizzy.wedding.j2 | 16 +++++++++++ .../nameservers/templates/db.simponic.xyz.j2 | 20 +++++++++++++ .../templates/named.conf.local.primary.j2 | 7 +++++ .../templates/named.conf.local.replica.j2 | 7 +++++ 11 files changed, 161 insertions(+), 6 deletions(-) create mode 100644 deploy-nameservers.yml create mode 100644 roles/dnscommon/files/named.conf.options create mode 100644 roles/dnscommon/tasks/main.yml create mode 100644 roles/nameservers/tasks/main.yml create mode 100644 roles/nameservers/templates/db.rainrainra.in.j2 create mode 100644 roles/nameservers/templates/db.rileyandlizzy.wedding.j2 create mode 100644 roles/nameservers/templates/db.simponic.xyz.j2 create mode 100644 roles/nameservers/templates/named.conf.local.primary.j2 create mode 100644 roles/nameservers/templates/named.conf.local.replica.j2 diff --git a/deploy-nameservers.yml b/deploy-nameservers.yml new file mode 100644 index 0000000..c69e361 --- /dev/null +++ b/deploy-nameservers.yml @@ -0,0 +1,5 @@ +- name: basic host setup + hosts: nameservers + roles: + - dnscommon + - nameservers diff --git a/group_vars/all.yml b/group_vars/all.yml index 82b1512..42bc03b 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -4,3 +4,18 @@ dns_servers: - 1.0.0.1 dns_dnssec: true dns_domains: ["internal.simponic.xyz"] + +dns_zones: + - zone_name: simponic.xyz + zone_file: db.simponic.xyz + + - zone_name: rainrainra.in + zone_file: db.rainrainra.in + + - zone_name: rileyandlizzy.wedding + zone_file: db.rileyandlizzy.wedding + +dns_primary_hostname: ryo +dns_replica_hostname: nijika +dns_primary_ip: 107.173.19.33 +dns_replica_ip: 107.172.103.253 diff --git a/inventory b/inventory index 0df2ee2..42d53e0 100644 --- a/inventory +++ b/inventory @@ -8,17 +8,21 @@ ryo ansible_user=root ansible_connection=ssh levi ansible_user=root ansible_connection=ssh #ash.internal.simponic.xyz ansible_user=root ansible_connection=ssh +[nameservers] +ryo ansible_user=root ansible_connection=ssh +nijika ansible_user=root ansible_connection=ssh + [dnsprimary] -nijika ansible_user=root ansible_connection=ssh ansible_host=107.173.19.33 # nijika +ryo ansible_user=root ansible_connection=ssh [dnsreplica] -ryo ansible_user=root ansible_connection=ssh ansible_host=107.172.103.253 # ryo +nijika ansible_user=root ansible_connection=ssh -[internaldns] +[dnsinternal] +johan ansible_user=root ansible_connection=ssh + +[vpn] johan ansible_user=root ansible_connection=ssh [mail] #ash ansible_user=root ansible_connection=ssh - -[vpn] -johan ansible_user=root ansible_connection=ssh diff --git a/roles/dnscommon/files/named.conf.options b/roles/dnscommon/files/named.conf.options new file mode 100644 index 0000000..c788257 --- /dev/null +++ b/roles/dnscommon/files/named.conf.options @@ -0,0 +1,12 @@ +options { + directory "/var/cache/bind"; + + recursion no; + allow-transfer { none; }; + + allow-query { any; }; + + auth-nxdomain no; # conform to RFC1035 + + listen-on-v6 { any; }; +}; diff --git a/roles/dnscommon/tasks/main.yml b/roles/dnscommon/tasks/main.yml new file mode 100644 index 0000000..ce1bb66 --- /dev/null +++ b/roles/dnscommon/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: install BIND + apt: name=bind9 state=latest + +- name: copy named.conf.options + copy: + src: ../files/named.conf.options + dest: /etc/bind/named.conf.options + owner: bind + group: bind + mode: 0644 + +- name: restart & enable BIND + service: name=named state=restarted enabled=yes + +- name: allow dns from everywhere via udp + ufw: + rule: allow + port: '53' + proto: udp +- name: allow dns from everywhere via tcp + ufw: + rule: allow + port: '53' + proto: tcp + +- name: restart ufw + service: name=ufw state=restarted enabled=yes diff --git a/roles/nameservers/tasks/main.yml b/roles/nameservers/tasks/main.yml new file mode 100644 index 0000000..7f13ebd --- /dev/null +++ b/roles/nameservers/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: create named.conf.local for primary + template: + src: ../templates/named.conf.local.primary.j2 + dest: /etc/bind/named.conf.local + when: inventory_hostname in groups['dnsprimary'] + +- name: create primary zone files for primary + template: + src: "../templates/{{ item.zone_file }}.j2" + dest: "/etc/bind/{{ item.zone_file }}" + with_items: "{{ dns_zones }}" + when: inventory_hostname in groups['dnsprimary'] + +- name: create named.conf.local for replica + template: + src: ../templates/named.conf.local.replica.j2 + dest: /etc/bind/named.conf.local + when: inventory_hostname in groups['dnsreplica'] + +- name: restart bind9 + service: + name: bind9 + state: restarted + enabled: true diff --git a/roles/nameservers/templates/db.rainrainra.in.j2 b/roles/nameservers/templates/db.rainrainra.in.j2 new file mode 100644 index 0000000..38a522e --- /dev/null +++ b/roles/nameservers/templates/db.rainrainra.in.j2 @@ -0,0 +1,16 @@ +$TTL 604800 +@ IN SOA {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. ( + 5 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; + +; Name servers +rainrainra.in. IN NS {{ dns_primary_hostname }}.simponic.xyz. +rainrainra.in. IN NS {{ dns_replica_hostname }}.simponic.xyz. + +; Other A records +@ IN A 129.123.76.14 +www IN A 129.123.76.14 diff --git a/roles/nameservers/templates/db.rileyandlizzy.wedding.j2 b/roles/nameservers/templates/db.rileyandlizzy.wedding.j2 new file mode 100644 index 0000000..e000923 --- /dev/null +++ b/roles/nameservers/templates/db.rileyandlizzy.wedding.j2 @@ -0,0 +1,16 @@ +$TTL 604800 +@ IN SOA {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. ( + 5 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; + +; Name servers +rileyandlizzy.wedding. IN NS {{ dns_primary_hostname }}.simponic.xyz. +rileyandlizzy.wedding. IN NS {{ dns_replica_hostname }}.simponic.xyz. + +; Other A records +@ IN A 129.123.76.14 +www IN A 129.123.76.14 diff --git a/roles/nameservers/templates/db.simponic.xyz.j2 b/roles/nameservers/templates/db.simponic.xyz.j2 new file mode 100644 index 0000000..ff38293 --- /dev/null +++ b/roles/nameservers/templates/db.simponic.xyz.j2 @@ -0,0 +1,20 @@ +$TTL 604800 +@ IN SOA {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. ( + 5 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; + +; Name servers +simponic.xyz. IN NS {{ dns_primary_hostname }}.simponic.xyz. +simponic.xyz. IN NS {{ dns_replica_hostname }}.simponic.xyz. + +; A records for name servers +{{ dns_primary_hostname }} IN A {{ dns_primary_ip }} +{{ dns_replica_hostname }} IN A {{ dns_replica_ip }} + +; Other A records +@ IN A 129.123.76.14 +www IN A 129.123.76.14 diff --git a/roles/nameservers/templates/named.conf.local.primary.j2 b/roles/nameservers/templates/named.conf.local.primary.j2 new file mode 100644 index 0000000..0234278 --- /dev/null +++ b/roles/nameservers/templates/named.conf.local.primary.j2 @@ -0,0 +1,7 @@ +{% for zone in dns_zones %} +zone "{{ zone.zone_name }}" { + type master; + file "/etc/bind/{{ zone.zone_file }}"; + allow-transfer { {{ dns_replica_ip }}; }; +}; +{% endfor %} diff --git a/roles/nameservers/templates/named.conf.local.replica.j2 b/roles/nameservers/templates/named.conf.local.replica.j2 new file mode 100644 index 0000000..bb14d7d --- /dev/null +++ b/roles/nameservers/templates/named.conf.local.replica.j2 @@ -0,0 +1,7 @@ +{% for zone in dns_zones %} +zone "{{ zone.zone_name }}" { + type slave; + file "db.{{ zone.zone_name }}"; + masters { {{ dns_primary_ip }}; }; +}; +{% endfor %}