simponic/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first dns setup checkpoint

Browse Source
This commit is contained in:
Elizabeth Hunt 2024-01-01 20:23:23 -05:00
parent 64e3ad7da4
commit c0ed0a948f
11 changed files with 161 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
deploy-nameservers.yml Normal file
View File

@ -0,0 +1,5 @@
- name: basic host setup
hosts: nameservers
roles:
- dnscommon
- nameservers

15
group_vars/all.yml
View File

@ -4,3 +4,18 @@ dns_servers:
- 1.0.0.1 - 1.0.0.1
dns_dnssec: true dns_dnssec: true
dns_domains: ["internal.simponic.xyz"] dns_domains: ["internal.simponic.xyz"]
dns_zones:
- zone_name: simponic.xyz
zone_file: db.simponic.xyz
- zone_name: rainrainra.in
zone_file: db.rainrainra.in
- zone_name: rileyandlizzy.wedding
zone_file: db.rileyandlizzy.wedding
dns_primary_hostname: ryo
dns_replica_hostname: nijika
dns_primary_ip: 107.173.19.33
dns_replica_ip: 107.172.103.253

16
inventory
View File

@ -8,17 +8,21 @@ ryo ansible_user=root ansible_connection=ssh
levi ansible_user=root ansible_connection=ssh levi ansible_user=root ansible_connection=ssh
#ash.internal.simponic.xyz ansible_user=root ansible_connection=ssh #ash.internal.simponic.xyz ansible_user=root ansible_connection=ssh
[nameservers]
ryo ansible_user=root ansible_connection=ssh
nijika ansible_user=root ansible_connection=ssh
[dnsprimary] [dnsprimary]
nijika ansible_user=root ansible_connection=ssh ansible_host=107.173.19.33 # nijika ryo ansible_user=root ansible_connection=ssh
[dnsreplica] [dnsreplica]
ryo ansible_user=root ansible_connection=ssh ansible_host=107.172.103.253 # ryo nijika ansible_user=root ansible_connection=ssh
[internaldns] [dnsinternal]
johan ansible_user=root ansible_connection=ssh
[vpn]
johan ansible_user=root ansible_connection=ssh johan ansible_user=root ansible_connection=ssh
[mail] [mail]
#ash ansible_user=root ansible_connection=ssh #ash ansible_user=root ansible_connection=ssh
[vpn]
johan ansible_user=root ansible_connection=ssh

12
roles/dnscommon/files/named.conf.options Normal file
View File

@ -0,0 +1,12 @@
options {
directory "/var/cache/bind";
recursion no;
allow-transfer { none; };
allow-query { any; };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

28
roles/dnscommon/tasks/main.yml Normal file
View File

@ -0,0 +1,28 @@
---
- name: install BIND
apt: name=bind9 state=latest
- name: copy named.conf.options
copy:
src: ../files/named.conf.options
dest: /etc/bind/named.conf.options
owner: bind
group: bind
mode: 0644
- name: restart & enable BIND
service: name=named state=restarted enabled=yes
- name: allow dns from everywhere via udp
ufw:
rule: allow
port: '53'
proto: udp
- name: allow dns from everywhere via tcp
ufw:
rule: allow
port: '53'
proto: tcp
- name: restart ufw
service: name=ufw state=restarted enabled=yes

25
roles/nameservers/tasks/main.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: create named.conf.local for primary
template:
src: ../templates/named.conf.local.primary.j2
dest: /etc/bind/named.conf.local
when: inventory_hostname in groups['dnsprimary']
- name: create primary zone files for primary
template:
src: "../templates/{{ item.zone_file }}.j2"
dest: "/etc/bind/{{ item.zone_file }}"
with_items: "{{ dns_zones }}"
when: inventory_hostname in groups['dnsprimary']
- name: create named.conf.local for replica
template:
src: ../templates/named.conf.local.replica.j2
dest: /etc/bind/named.conf.local
when: inventory_hostname in groups['dnsreplica']
- name: restart bind9
service:
name: bind9
state: restarted
enabled: true

16
roles/nameservers/templates/db.rainrainra.in.j2 Normal file
View File

@ -0,0 +1,16 @@
$TTL 604800
@ IN SOA {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; Name servers
rainrainra.in. IN NS {{ dns_primary_hostname }}.simponic.xyz.
rainrainra.in. IN NS {{ dns_replica_hostname }}.simponic.xyz.
; Other A records
@ IN A 129.123.76.14
www IN A 129.123.76.14

16
roles/nameservers/templates/db.rileyandlizzy.wedding.j2 Normal file
View File

@ -0,0 +1,16 @@
$TTL 604800
@ IN SOA {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; Name servers
rileyandlizzy.wedding. IN NS {{ dns_primary_hostname }}.simponic.xyz.
rileyandlizzy.wedding. IN NS {{ dns_replica_hostname }}.simponic.xyz.
; Other A records
@ IN A 129.123.76.14
www IN A 129.123.76.14

20
roles/nameservers/templates/db.simponic.xyz.j2 Normal file
View File

@ -0,0 +1,20 @@
$TTL 604800
@ IN SOA {{ dns_primary_hostname }}.simponic.xyz. admin.simponic.xyz. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; Name servers
simponic.xyz. IN NS {{ dns_primary_hostname }}.simponic.xyz.
simponic.xyz. IN NS {{ dns_replica_hostname }}.simponic.xyz.
; A records for name servers
{{ dns_primary_hostname }} IN A {{ dns_primary_ip }}
{{ dns_replica_hostname }} IN A {{ dns_replica_ip }}
; Other A records
@ IN A 129.123.76.14
www IN A 129.123.76.14

7
roles/nameservers/templates/named.conf.local.primary.j2 Normal file
View File

@ -0,0 +1,7 @@
{% for zone in dns_zones %}
zone "{{ zone.zone_name }}" {
type master;
file "/etc/bind/{{ zone.zone_file }}";
allow-transfer { {{ dns_replica_ip }}; };
};
{% endfor %}

7
roles/nameservers/templates/named.conf.local.replica.j2 Normal file
View File

@ -0,0 +1,7 @@
{% for zone in dns_zones %}
zone "{{ zone.zone_name }}" {
type slave;
file "db.{{ zone.zone_name }}";
masters { {{ dns_primary_ip }}; };
};
{% endfor %}