Add unbound to zm hosts
This commit is contained in:
parent
9cff4cae44
commit
525b3cbe99
2 changed files with 49 additions and 0 deletions
|
|
@ -55,3 +55,17 @@
|
||||||
path: /etc/chrony.conf
|
path: /etc/chrony.conf
|
||||||
regexp: "^#?allow .*"
|
regexp: "^#?allow .*"
|
||||||
line: "allow 172.20.26.0/24"
|
line: "allow 172.20.26.0/24"
|
||||||
|
|
||||||
|
- name: copy dns zone files
|
||||||
|
copy:
|
||||||
|
dest: "/var/lib/unbound/{{ item }}"
|
||||||
|
src: "/srv/dns/{{ item }}"
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: "{{ ansible_wheel }}"
|
||||||
|
notify: restart unbound
|
||||||
|
with_items:
|
||||||
|
- 26.20.172.in-addr.arpa
|
||||||
|
- cam.foo.sh
|
||||||
|
- import_role:
|
||||||
|
name: unbound
|
||||||
|
|
|
||||||
35
roles/unbound/files/unbound.conf.zm02.home.foo.sh
Normal file
35
roles/unbound/files/unbound.conf.zm02.home.foo.sh
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
|
||||||
|
server:
|
||||||
|
interface: 0.0.0.0
|
||||||
|
interface: ::0
|
||||||
|
|
||||||
|
access-control: 127.0.0.0/8 allow
|
||||||
|
access-control: ::1 allow
|
||||||
|
access-control: 172.20.26.1/32 allow
|
||||||
|
access-control: 172.20.26.2/32 allow
|
||||||
|
access-control: 172.20.26.3/32 allow
|
||||||
|
access-control: 172.20.26.0/24 refuse_non_local
|
||||||
|
|
||||||
|
hide-identity: yes
|
||||||
|
hide-version: yes
|
||||||
|
|
||||||
|
chroot: ""
|
||||||
|
|
||||||
|
unblock-lan-zones: yes
|
||||||
|
|
||||||
|
remote-control:
|
||||||
|
control-enable: yes
|
||||||
|
control-interface: /var/run/unbound.sock
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "."
|
||||||
|
forward-addr: 172.20.20.10
|
||||||
|
forward-addr: 172.20.21.1
|
||||||
|
forward-addr: 172.20.21.2
|
||||||
|
|
||||||
|
auth-zone:
|
||||||
|
name: "cam.foo.sh"
|
||||||
|
zonefile: "/var/lib/unbound/cam.foo.sh"
|
||||||
|
auth-zone:
|
||||||
|
name: "26.20.172.in-addr.arpa"
|
||||||
|
zonefile: "/var/lib/unbound/26.20.172.in-addr.arpa"
|
||||||
Loading…
Add table
Reference in a new issue