ajout d'un role permettant de deployer unbound comme resolver local, avec forward zone vers une zone locales (.home, .lan, etc)

README.md

@@ -67,6 +67,9 @@ Yet another ansible's playbook repository
  * allow to configure a debian/ubuntu rudder node to report to a rudder server
  * you need a working rudder-server (https://www.rudder-project.org/doc-4.1/_install_rudder_server.html)
  * use rudder_server variable to configure your rudderserver IP (rudder advice to use IP addresses instead of DNS)
+* unbound
+ * Possibility to deploy unbound as a local resolver, with forwading zone to your local DNS server (ie .lan, .home, ...)
+ * You need to add unbound variables (see below)
 
 ## example host file
 =====
@@ -161,4 +164,7 @@ admin_email: "your_email@example.com"
 rudder_server: 192.168.0.100
 # vim: set textwidth=0 ft=yaml:
 
+unbound_local_zone: "lan"
+unbound_forward_dns: XXX.XXX.XXX.XXX
+
 ```

roles/unbound/files/localdns.conf

@@ -0,0 +1,4 @@
+server:
+	interface: 127.0.0.1
+	access-control: 127.0.0.0/8 allow
+	root-hints: /etc/unbound/root-hints.cache

roles/unbound/files/root-zones.conf

@@ -0,0 +1,3 @@
+server:
+	root-hints: /etc/unbound/root-hints.cache
+	

roles/unbound/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: restart_unbound
+  systemd: state=restarted name=unbound
+
+- name: enable_unbound
+  systemd: enabled=yes name=unbound

roles/unbound/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+
+- name: Import OS variables
+  include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install unbound
+  package:
+    name: unbound
+    state: latest
+  notify: 
+    - enable_unbound
+    - restart_unbound
+
+
+- name: upload conf for local DNS
+  copy:
+    src: localdns.conf
+    dest: "{{ unbound_conf_path }}/localdns.conf"
+  notify:
+    - restart_unbound
+
+- name: upload forward zone template
+  template:
+    src: forwardzone.conf.j2
+    dest: "{{ unbound_conf_path }}/forwardzone.conf"
+  notify: 
+    - restart_unbound
+
+- name: download root file from NIC
+  get_url:
+    url: ftp://FTP.INTERNIC.NET/domain/named.cache
+    dest: /etc/unbound/root-hints.cache
+  notify: 
+    - restart_unbound
+
+- name: Add cron to refresh root zone 
+  cron:
+    name: "refresh DNS root zone"
+    special_time: monthly
+    job: "curl -o /etc/unbound/root-hints.cache ftp://FTP.INTERNIC.NET/domain/named.cache"

roles/unbound/templates/forwardzone.conf.j2

@@ -0,0 +1,6 @@
+server:
+	domain-insecure: "{{ unbound_local_zone }}"
+
+forward-zone:
+    name: "{{ unbound_local_zone }}"
+    forward-addr: {{ unbound_forward_dns }}

roles/unbound/vars/Debian.yml

@@ -0,0 +1,4 @@
+---
+##Variables pour Debian OS
+
+unbound_conf_path: "/etc/unbound/unbound.conf.d/"

roles/unbound/vars/RedHat.yml

@@ -0,0 +1,5 @@
+---
+## Variable pour RedHat OS basee sur ansible_os_family
+## Attention, Centos, VirtuozzoLinux 4.5 et Virtuozzo 7 renvoient RedHat comme ansible_os_family
+
+unbound_conf_path: "/etc/unbound/conf.d/"

unbound.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Install and configure unbound as a local DNS with forwarding for local zones
+  hosts: all
+  user: root
+  gather_facts: yes
+  roles:
+    - unbound