dns/application: Added config for bind9

- Enabled dnssec by default
5 years ago · 93891c25a5
parent befbff3c7e
commit 93891c25a5
3 changed files with 21 additions and 0 deletions
--- a/roles/dns/application/defaults/main.yml
+++ b/roles/dns/application/defaults/main.yml
@ -2,5 +2,6 @@

 dns_user: "bind"
 dns_configuration_directory: "/etc/bind"
+dns_options_configuration: "{{ dns_configuration_directory }}/named.conf.options"
 dns_zones_configuration: "{{ dns_configuration_directory }}/named.conf.local"
 dns_zones_directory: "{{ dns_configuration_directory }}/zones"
--- a/roles/dns/application/tasks/main.yml
+++ b/roles/dns/application/tasks/main.yml
@ -11,6 +11,15 @@
    path: "{{ dns_zones_directory }}"
    state: directory

+- name: Configure bind9 options
+  template:
+    src: named.conf.options
+    dest: "{{ dns_options_configuration }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reload bind9
+
 - name: Enable bind9 service
  systemd:
    name: bind9
--- a/roles/dns/application/templates/named.conf.options
+++ b/roles/dns/application/templates/named.conf.options
@ -0,0 +1,11 @@
+options {
+    // set main directory
+    directory "/var/cache/bind";
+    // configure dnssec
+    dnssec-enable yes;
+    dnssec-validation yes;
+    dnssec-lookaside auto;
+    // etc
+    auth-nxdomain no;
+    listen-on-v6 { any; };
+};