Commit 44848021 authored by klafyvel's avatar klafyvel

DNS

parent 2fd5046e
---
# Install Matrix Synapse on corresponding containers
- hosts: dns
remote_user: root
vars_prompt:
- name: service_daemon_pass
prompt: "Enter the password for the service user to connect to re2o"
private: yes
roles:
- dns
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
include "/etc/bind/named.conf.logging";
acl local {
127.0.0.0/8;
10.0.0.0/8; // Résidents natés
193.48.225.0/24; // IP publique
193.48.224.0/24; // Ecole
193.54.24.0/24; // Ecole
};
acl supelec-ns {
193.48.224.212; // 193.48.224.212 : DNS Primaire de Supelec Metz (école)
193.48.224.116; // 193.48.224.116 : DNS Secondaire de Supelec Metz (école)
};
// Identification de era vis à vis de lui même.
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; };
// allow { 127.0.0.1; } keys { "rndckey"; };
};
view "internal" {
match-clients { local; };
allow-recursion { local; };
minimal-responses no;
max-journal-size 10M;
// Zone locale uniquement dans la vue interne
include "/var/local/dns/zones_rezo";
include "/etc/bind/named.conf.default";
};
zone "rez" IN {
type master;
file "/usr/local/dns/generated/dns.rez.zone";
// Duplication autorisée pour les NS Supélec
allow-transfer { supelec-ns; 10.13.0.246; 193.48.225.246; };
};
zone "taime" IN {
type master;
file "/usr/local/dns/generated/dns.taime.zone";
// Duplication autorisée pour les NS Supélec
allow-transfer { supelec-ns; 10.13.0.246; 193.48.225.246; };
};
zone "rezometz.org" IN {
type master;
file "/usr/local/dns/generated/dns.rezometz.org";
// Duplication autorisée pour tous
allow-transfer { any; };
};
zone "69.10.in-addr.arpa" {
type master;
file "/var/local/dns/db_10.69.0.0";
// Duplication autorisée pour les NS Supélec
allow-transfer { supelec-ns; };
};
zone "0.7.10.in-addr.arpa" {
type master;
file "/var/local/dns/db_10.7.0.0";
// Duplication autorisée pour les NS Supélec
allow-transfer { supelec-ns; };
};
zone "1.7.10.in-addr.arpa" {
type master;
file "/var/local/dns/db_10.7.1.0";
// Duplication autorisée pour les NS Supélec
allow-transfer { supelec-ns; };
};
zone "8.10.in-addr.arpa" {
type master;
file "/var/local/dns/db_10.8.0.0";
// Duplication autorisée pour les NS Supélec
allow-transfer { supelec-ns; };
};
zone "225.48.193.in-addr.arpa" {
type master;
file "/var/local/dns/db_193.48.225.0";
// Duplication autorisée pour les NS Supélec
allow-transfer { supelec-ns; };
};
- name: Install bind9
apt:
name: isc-dhcp-server
- file:
path: /var/log/named
state: directory
mode: 0755
- file:
path: /var/log/named/bind.log
owner: bind
group: bind
- name: Copy configuration
copy:
src: named.conf.local
dest: /etc/bind/named.conf.local
mode: 0644
owner: root
group: bind
- name: Copy zone rezo
copy:
src: zone_rezo
dest: /var/local/dns/zones_rezo
mode: 0644
owner: root
group: bind
- name: Install iso8601
apt:
name: python3-iso8601
- name: Get re2o-service for dns
git:
repo: https://gitlab.federez.net/re2o/dns.git
dest: /usr/local/dns
force: yes
- name: Create generated directory
file:
path: /usr/local/dns/generated
state: directory
mode: 0755
- name: Configure service
template:
src: config.ini.j2
dest: /usr/local/dhcp/config.ini
mode: 0600
- name: Create crontab
cron:
cron_file: re2o-services
name: Update dns entries
user: root
job: "cd /usr/local/dns/ && /usr/bin/python3 /usr/local/dhcp/main.py > /dev/null 2>&1 && systemctl reload bind9"
[Re2o]
hostname = {{ re2o_address }}
username = {{ service_user }}
password = {{ service_daemon_pass }}
failover peer "dhcp-failover" {
{% if primary %}
primary;
split 255;
{% else %}
secondary;
{% endif %}
mclt 3600;
address {{ address }};
port 647;
peer address {{ peer_address }};
peer port 647;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
}
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
default-lease-time 18000;
max-lease-time 21600;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
option ntp-servers {{ ntp_server }};
option www-server {{ www_server|join(', ') }};
option irc-server {{ irc_server }};
option smtp-server {{ smtp_server }};
include "/etc/dhcp/dhcp-failover.conf";
#Vlan federez
subnet {{ federez.subnet }} netmask {{ federez.subnet_mask }} {
interface {{ federez.interface }};
option routers {{ federez.routers }};
option domain-name-servers {{ federez.dns }};
option subnet-mask {{ federez.subnet_mask }};
option broadcast-address {{ federez.subnet_mask }};
pool {
range {{ federez.pool_begin }} {{ federez.pool_end }};
failover peer "dhcp-failover";
}
}
{% for list in lists %}
include "/usr/local/dhcp/generated/{{ list }}.list";
{% endfor %}
{% for subnet in subnets %}
# Subnet {{ subnet.name }}
subnet {{ subnet.subnet }} netmask {{ subnet.netmask }} {
interface {{ subnet.interface }};
option subnet-mask {{ subnet.netmask }};
option broadcast-address {{ subnet.broadcast }};
{% if 'routers' in subnet %}
option routers {{ subnet.routers }};
{% endif %}
option domain-name-servers {{ subnet.dns | join(", ") }};
option domain-name {{ subnet.domain_name }};
deny unknown-clients;
}
{% endfor %}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment