Ansible dns

dns.yml

+#!/usr/bin/env ansible-playbook
+---
+- hosts: hilbert
+  roles:
+    - bind

host_vars/hilbert.yml

 shell: "bash"
 
+dns_zones:
+  - { name: "maximebombar.fr", type: "master", forwarders: ["51.158.74.193", "2001:bc8:47c0:620::1"], transfer: ["51.158.74.193", "2001:bc8:47c0:620::1"]}
+  - { name: "satellist.fr", type: "master", forwarders: ["51.158.74.193", "2001:bc8:47c0:620::1", "213.251.188.139", "2001:41d0:1:198b::1"], transfer: ["51.158.74.193", "2001:bc8:47c0:620::1", "213.251.188.139", "2001:41d0:1:198b::1"]}

roles/bind/tasks/main.yml

+---
+- name: Install bind9
+  apt:
+    update_cache: true
+    name:
+      - bind9
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Deploy config
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: bind
+  with_items:
+    - { src: 'named.conf.local.j2', dest: '/etc/bind/named.conf.local' }
+
+- name: deploy zones
+  template:
+    src: "db.{{ item.name }}.j2"
+    dest: "/var/cache/bind/db.{{ item.name }}"
+    owner: root
+    group: bind
+  when:
+    - (item.type == "master")
+  loop: "{{ dns_zones }}"
+
+- name: Restart bind
+  systemd:
+    enabled: yes
+    state: restarted
+    name: bind9

roles/bind/templates/db.maximebombar.fr.j2

+; {{ ansible_managed }}
+
+$ORIGIN {{item.name }}.
+$TTL 10
+
+@		    IN  SOA     ns bombar.crans.org.   (
+	    	    	2020050701 ; serial
+			86400      ; refresh
+			3600  	   ; retry
+			3600000    ; expire
+			300	   ; TTL
+			)
+
+@		    IN  NS      ns
+@		    IN  NS      ns0.paulon.org.
+ns		    IN  A       51.15.204.106
+ns		    IN  AAAA    2001:bc8:4400:2c00::3:923
+
+@		    IN A      	51.15.204.106
+@		    IN AAAA   	2001:bc8:4400:2c00::3:923
+hilbert     	    IN A      	51.15.204.106
+hilbert 	    IN AAAA   	2001:bc8:4400:2c00::3:923
+
+
+enseignement	    IN CNAME  maximebombar.fr.
+gabidulin	    IN CNAME  gabidulin.servens.org.
+
+
+; IP over DNS
+hack		300 IN NS	avion
+t		10  IN NS	ns.t
+ns.hack		    IN A	185.230.78.66
+ns.t		    IN A	51.15.204.106
+avion		    IN A	185.230.78.66
+dns		    IN A	51.15.204.106

roles/bind/templates/db.satellist.fr.j2

+; {{ ansible_managed }}
+
+$ORIGIN {{item.name }}.
+$TTL 10
+
+@			      IN  SOA     ns bombar.crans.org.   (
+			       	  2020050701 ; serial
+				  86400      ; refresh
+				  3600	     ; retry
+				  3600000    ; expire
+				  300	     ; TTL
+				  )
+
+			      IN NS	ns
+                              IN NS	ns19.ovh.net.
+                              IN NS	dns19.ovh.net.
+ns			      IN  A	51.15.204.106
+ns			      IN  AAAA	2001:bc8:4400:2c00::3:923
+
+                              IN MX     100 mx3.mail.ovh.net.
+                              IN MX     5 mx2.mail.ovh.net.
+                              IN MX     1 mx1.mail.ovh.net.
+                              IN A      213.186.33.5
+                          600 IN TXT    "v=spf1 include:mx.ovh.com ~all"
+_autodiscover._tcp            IN SRV    0 0 443 mailconfig.ovh.net.
+_imaps._tcp                   IN SRV    0 0 993 ssl0.ovh.net.
+_submission._tcp              IN SRV    0 0 465 ssl0.ovh.net.
+autoconfig                    IN CNAME  mailconfig.ovh.net.
+autodiscover                  IN CNAME  mailconfig.ovh.net.
+crans                         IN MX     1 redirect.ovh.net.
+henstai                       IN MX     1 redirect.ovh.net.
+hilbert                       IN A      51.15.204.106
+hilbert                       IN AAAA   2001:bc8:4400:2c00::3:923
+imap                          IN CNAME  ssl0.ovh.net.
+liste-ca                      IN CNAME  hilbert.satellist.fr.
+mail                          IN CNAME  ssl0.ovh.net.
+pop3                          IN CNAME  ssl0.ovh.net.
+president.at.crans        600 IN TXT    "paulon@crans.org"
+president.e.at.henstai    600 IN TXT    "genital@prolaps.us"
+smtp                          IN CNAME  ssl0.ovh.net.
+www                           IN A      213.186.33.5
+www                        60 IN TXT    "2|http://satellisgp.cluster021.hosting.ovh.net/"
\ No newline at end of file

roles/bind/templates/named.conf.local.j2

+// {{ ansible_managed }}
+
+include "/etc/bind/zones.rfc1918";
+
+{% for z in dns_zones %}
+zone "{{z.name}}" IN {
+  {% if z.type == "master" -%}
+  type master;
+  file "db.{{z.name}}";
+  forwarders {
+    {% for f in z.forwarders -%}
+    {{f}};
+    {% endfor -%}
+  };
+  allow-transfer {
+    {% for f in z.transfer -%}
+    {{f}};
+    {% endfor -%}
+  };
+  notify yes;
+  {% endif -%}
+  {% if z.type == "slave" -%}
+  type slave;
+  file "bak.{{z.name}}";
+  masters {
+    {% for f in z.masters -%}
+    {{f}};
+    {% endfor -%}
+  };
+  allow-transfer { "none"; };
+  notify no;
+  {% endif -%}
+};
+{% endfor -%}