From c524ffb472fce052ac16553b721daca91debf41a Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Thu, 6 Jun 2024 11:06:34 +0200 Subject: [PATCH] bind: New variables to change IPs bind will listen on & send notify/transfer commands --- CHANGELOG.md | 1 + bind/defaults/main.yml | 26 +++++++++++++----- .../named.conf.options_authoritative.j2 | 27 ++++++++++++------- 3 files changed, 38 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a76a1dd4..0a613056 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The **patch** part is incremented if multiple releases happen the same month ### Added +* bind: New variables to change IPs bind will listen on & send notify/transfer commands * evolinux-base: install evobackup-client (default: true) * munin: add linux_psi contrib plugin * evolinux-base: Create custom SSH configuration file diff --git a/bind/defaults/main.yml b/bind/defaults/main.yml index c34490f8..bb4099a9 100644 --- a/bind/defaults/main.yml +++ b/bind/defaults/main.yml @@ -1,12 +1,26 @@ --- -bind_recursive_server: False -bind_authoritative_server: True -bind_chroot_set: True -# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths. -#bind_chroot_path: /var/chroot-bind +bind_recursive_server: false +bind_authoritative_server: true +bind_chroot_set: true + bind_systemd_service_path: /etc/systemd/system/bind9.service + bind_statistics_file: /var/run/named.stats bind_log_file: /var/log/bind.log bind_query_file: /var/log/bind_queries.log -bind_query_file_enabled: False +bind_query_file_enabled: false bind_cache_dir: /var/cache/bind + +# String (bind syntax) of IPv4/ to listen on (or any by default) +# eg. "192.0.2.1; 192.0.2.3" or all interfaces : "any ;" +bind_listen_on_ipv4: "any;" + +# String (bind syntax) of IPv6 to listen on (or any by default) +# eg. "2001:db8::1; 2001:db8::42" or all interfaces : "any ;" or not at all "none;" +bind_listen_on_ipv6: "any;" + +# For server with multiples IP Adresses, enforce the usage of a specific IP for NOTIFY commands +bind_notify_source: '' + +# For server with multiples IP Adresses, enforce the usage of a specific IP for TRANSFER commands +bind_transfer_source: '' diff --git a/bind/templates/named.conf.options_authoritative.j2 b/bind/templates/named.conf.options_authoritative.j2 index 4b6065b6..0810459d 100644 --- a/bind/templates/named.conf.options_authoritative.j2 +++ b/bind/templates/named.conf.options_authoritative.j2 @@ -4,18 +4,25 @@ // }; options { - directory "{{ bind_cache_dir }}"; - version "Bingo"; - auth-nxdomain no; - masterfile-format text; - statistics-file "{{ bind_statistics_file }}"; + directory "{{ bind_cache_dir }}"; + version "Bingo"; + auth-nxdomain no; + masterfile-format text; + statistics-file "{{ bind_statistics_file }}"; - listen-on-v6 { any; }; - listen-on { any; }; + listen-on { {{ bind_listen_on_ipv4 }} }; + listen-on-v6 { {{ bind_listen_on_ipv6 }} }; - allow-query { localhost; }; - allow-recursion { localhost; }; - allow-transfer { localhost; }; +{% if bind_notify_source is defined and bind_notify_source|length %} + notify-source {{ bind_notify_source }}; +{% endif %} +{% if bind_transfer_source is defined and bind_transfer_source|length %} + transfer-source {{ bind_transfer_source }}; +{% endif %} + + allow-query { localhost; }; + allow-recursion { localhost; }; + allow-transfer { localhost; }; }; logging {