Add unbound to zm hosts

2021-04-01 22:46:01 +00:00 · 2021-04-01 22:46:01 +00:00 · 525b3cbe99
commit 525b3cbe99
parent 9cff4cae44
2 changed files with 49 additions and 0 deletions
--- a/playbooks/zm.yml
+++ b/playbooks/zm.yml
@ -55,3 +55,17 @@
        path: /etc/chrony.conf
        regexp: "^#?allow .*"
        line: "allow 172.20.26.0/24"
+
+    - name: copy dns zone files
+      copy:
+        dest: "/var/lib/unbound/{{ item }}"
+        src: "/srv/dns/{{ item }}"
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+      notify: restart unbound
+      with_items:
+        - 26.20.172.in-addr.arpa
+        - cam.foo.sh
+    - import_role:
+        name: unbound
--- a/roles/unbound/files/unbound.conf.zm02.home.foo.sh
+++ b/roles/unbound/files/unbound.conf.zm02.home.foo.sh
@ -0,0 +1,35 @@
+
+server:
+    interface: 0.0.0.0
+    interface: ::0
+
+    access-control: 127.0.0.0/8 allow
+    access-control: ::1 allow
+    access-control: 172.20.26.1/32 allow
+    access-control: 172.20.26.2/32 allow
+    access-control: 172.20.26.3/32 allow
+    access-control: 172.20.26.0/24 refuse_non_local
+
+    hide-identity: yes
+    hide-version: yes
+
+    chroot: ""
+
+    unblock-lan-zones: yes
+
+remote-control:
+    control-enable: yes
+    control-interface: /var/run/unbound.sock
+
+forward-zone:
+    name: "."
+    forward-addr: 172.20.20.10
+    forward-addr: 172.20.21.1
+    forward-addr: 172.20.21.2
+
+auth-zone:
+    name: "cam.foo.sh"
+    zonefile: "/var/lib/unbound/cam.foo.sh"
+auth-zone:
+    name: "26.20.172.in-addr.arpa"
+    zonefile: "/var/lib/unbound/26.20.172.in-addr.arpa"