diff --git a/README.md b/README.md index 4d2f6f0..12edbfa 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,9 @@ Yet another ansible's playbook repository * allow to configure a debian/ubuntu rudder node to report to a rudder server * you need a working rudder-server (https://www.rudder-project.org/doc-4.1/_install_rudder_server.html) * use rudder_server variable to configure your rudderserver IP (rudder advice to use IP addresses instead of DNS) +* unbound + * Possibility to deploy unbound as a local resolver, with forwading zone to your local DNS server (ie .lan, .home, ...) + * You need to add unbound variables (see below) ## example host file ===== @@ -161,4 +164,7 @@ admin_email: "your_email@example.com" rudder_server: 192.168.0.100 # vim: set textwidth=0 ft=yaml: +unbound_local_zone: "lan" +unbound_forward_dns: XXX.XXX.XXX.XXX + ``` diff --git a/roles/unbound/files/localdns.conf b/roles/unbound/files/localdns.conf new file mode 100644 index 0000000..e626217 --- /dev/null +++ b/roles/unbound/files/localdns.conf @@ -0,0 +1,4 @@ +server: + interface: 127.0.0.1 + access-control: 127.0.0.0/8 allow + root-hints: /etc/unbound/root-hints.cache diff --git a/roles/unbound/files/root-zones.conf b/roles/unbound/files/root-zones.conf new file mode 100644 index 0000000..c68953b --- /dev/null +++ b/roles/unbound/files/root-zones.conf @@ -0,0 +1,3 @@ +server: + root-hints: /etc/unbound/root-hints.cache + \ No newline at end of file diff --git a/roles/unbound/handlers/main.yml b/roles/unbound/handlers/main.yml new file mode 100644 index 0000000..daa8c35 --- /dev/null +++ b/roles/unbound/handlers/main.yml @@ -0,0 +1,5 @@ +- name: restart_unbound + systemd: state=restarted name=unbound + +- name: enable_unbound + systemd: enabled=yes name=unbound \ No newline at end of file diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml new file mode 100644 index 0000000..0d281be --- /dev/null +++ b/roles/unbound/tasks/main.yml @@ -0,0 +1,40 @@ +--- + +- name: Import OS variables + include_vars: "{{ ansible_os_family }}.yml" + +- name: install unbound + package: + name: unbound + state: latest + notify: + - enable_unbound + - restart_unbound + + +- name: upload conf for local DNS + copy: + src: localdns.conf + dest: "{{ unbound_conf_path }}/localdns.conf" + notify: + - restart_unbound + +- name: upload forward zone template + template: + src: forwardzone.conf.j2 + dest: "{{ unbound_conf_path }}/forwardzone.conf" + notify: + - restart_unbound + +- name: download root file from NIC + get_url: + url: ftp://FTP.INTERNIC.NET/domain/named.cache + dest: /etc/unbound/root-hints.cache + notify: + - restart_unbound + +- name: Add cron to refresh root zone + cron: + name: "refresh DNS root zone" + special_time: monthly + job: "curl -o /etc/unbound/root-hints.cache ftp://FTP.INTERNIC.NET/domain/named.cache" \ No newline at end of file diff --git a/roles/unbound/templates/forwardzone.conf.j2 b/roles/unbound/templates/forwardzone.conf.j2 new file mode 100644 index 0000000..269a7b9 --- /dev/null +++ b/roles/unbound/templates/forwardzone.conf.j2 @@ -0,0 +1,6 @@ +server: + domain-insecure: "{{ unbound_local_zone }}" + +forward-zone: + name: "{{ unbound_local_zone }}" + forward-addr: {{ unbound_forward_dns }} \ No newline at end of file diff --git a/roles/unbound/vars/Debian.yml b/roles/unbound/vars/Debian.yml new file mode 100644 index 0000000..2467159 --- /dev/null +++ b/roles/unbound/vars/Debian.yml @@ -0,0 +1,4 @@ +--- +##Variables pour Debian OS + +unbound_conf_path: "/etc/unbound/unbound.conf.d/" \ No newline at end of file diff --git a/roles/unbound/vars/RedHat.yml b/roles/unbound/vars/RedHat.yml new file mode 100644 index 0000000..ad5832e --- /dev/null +++ b/roles/unbound/vars/RedHat.yml @@ -0,0 +1,5 @@ +--- +## Variable pour RedHat OS basee sur ansible_os_family +## Attention, Centos, VirtuozzoLinux 4.5 et Virtuozzo 7 renvoient RedHat comme ansible_os_family + +unbound_conf_path: "/etc/unbound/conf.d/" \ No newline at end of file diff --git a/unbound.yml b/unbound.yml new file mode 100644 index 0000000..c906f26 --- /dev/null +++ b/unbound.yml @@ -0,0 +1,8 @@ +--- + +- name: Install and configure unbound as a local DNS with forwarding for local zones + hosts: all + user: root + gather_facts: yes + roles: + - unbound