CHANGELOG.md

@@ -26,6 +26,9 @@ The **patch** part changes incrementally at each release.
 * redis: rewrite of the role (separate instances, better systemd units…)
 * webapps/evoadmin-web Overload templates if needed
 * webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
+* bind: enable query logging for recursive resolvers
+* bind: enable logrotate for recursive resolvers
+* bind: enable bind9 munin plugin for recursive resolvers
 
 ### Changed
 * elasticsearch: listen on local interface only by default
@@ -41,6 +44,8 @@ The **patch** part changes incrementally at each release.
 * lxc: remove useless loop in apt execution
 * lxc: update our default template to be compatible with Debian 10
 * lxc: rely on lxc_container module instead of command module
+* bind: the munin task was present, but not included
+* bind: change name of logrotate file to bind9
 
 ### Fixed
 * lxc-php: Don't remove the default pool
@@ -49,6 +54,7 @@ The **patch** part changes incrementally at each release.
 * tomcat: fix typo for default tomcat_version
 * evoadmin-web: Put the php config at the right place for Buster
 
+
 ### Security
 
 ## [9.10.1] - 2019-06-21

bind/tasks/main.yml

@@ -65,7 +65,7 @@
     group: adm
     mode: "0640"
     state: touch
-  when: bind_authoritative_server and bind_chroot_set == False
+  when: bind_chroot_set == False
 
 - name: send chroot-bind.sh in /root
   copy:
@@ -98,7 +98,7 @@
 - name: logrotate for non chroot bind
   template:
     src: logrotate_bind
-    dest: /etc/logrotate.d/bind
+    dest: /etc/logrotate.d/bind9
     owner: root
     group: root
     mode: "0644"
@@ -109,10 +109,12 @@
 - name: logrotate for chroot bind
   template:
     src: logrotate_bind_chroot.j2
-    dest: /etc/logrotate.d/bind
+    dest: /etc/logrotate.d/bind9
     owner: root
     group: root
     mode: "0644"
     force: yes
   notify: restart bind
   when: bind_chroot_set
+
+- include: munin.yml

bind/tasks/munin.yml

@@ -8,9 +8,8 @@
   tags:
     - bind
     - munin
-  when: bind_authoritative_server
 
-- name: Enable munin plugins
+- name: Enable munin plugins for authoritative server
   file:
     src: "/usr/share/munin/plugins/{{ item }}"
     dest: "/etc/munin/plugins/{{ item }}"
@@ -19,7 +18,25 @@
     - bind9
     - bind9_rndc
   notify: restart munin-node
-  when: bind_authoritative_server and munin_node_plugins_config.stat.exists
+  when:
+    - bind_authoritative_server
+    - munin_node_plugins_config.stat.exists
+  tags:
+    - bind
+    - munin
+
+- name: Enable munin plugins for recursive server
+  file:
+    src: "/usr/share/munin/plugins/{{ item }}"
+    dest: "/etc/munin/plugins/{{ item }}"
+    state: link
+  with_items:
+    - bind9
+    - bind9_rndc
+  notify: restart munin-node
+  when:
+    - bind_recursive_server
+    - munin_node_plugins_config.stat.exists
   tags:
     - bind
     - munin
@@ -33,7 +50,7 @@
     mode: "0644"
     force: yes
   notify: restart munin-node
-  when: bind_authoritative_server and munin_node_plugins_config.stat.exists
+  when: munin_node_plugins_config.stat.exists
   tags:
     - bind
     - munin

bind/templates/munin-env_bind9.j2

@@ -1,6 +1,8 @@
 [bind*]
 user root
 env.logfile {{ bind_query_file }}
+{% if bind_authoritative_server %}
 env.querystats {{ bind_chroot_path }}{{ bind_statistics_file }}
+{% endif %}
 env.MUNIN_PLUGSTATE /var/lib/munin
 timeout 120

bind/templates/named.conf.options_recursive.j2

@@ -8,9 +8,17 @@ options {
 };
 
 logging {
-        category default { default_file; };
-        channel default_file {
-                file "/var/log/bind.log";
-                severity info;
-        };
+    category default { default_file; };
+    category queries { query_logging; };
+
+    channel default_file {
+        file "/var/log/bind.log";
+        severity info;
+    };
+    channel query_logging {
+        file "/var/log/bind_queries.log" versions 2 size 128M;
+        print-category yes;
+        print-severity yes;
+        print-time yes;
+    };
 };