Add bind playbook
This commit is contained in:
parent
5d49f8ddac
commit
78bca0bd72
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
- name: Bind configuration
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Install chrony
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- bind9
|
||||
|
||||
- name: Install conf file
|
||||
ansible.builtin.copy:
|
||||
src: bind/conf
|
||||
dest: /etc/bind/named.conf.local
|
||||
owner: root # TODO check
|
||||
mode: '0600' # TODO check
|
||||
# directory_mode: '0700' # TODO check
|
||||
|
||||
- name: Install zone file
|
||||
ansible.builtin.copy:
|
||||
src: bind/zones
|
||||
dest: /etc/bind/zones/db.golem.linux.it
|
||||
owner: root # TODO check
|
||||
mode: '0600' # TODO check
|
||||
# directory_mode: '0700' # TODO check
|
||||
|
||||
- name: Restart bind to apply changes
|
||||
ansible.builtin.systemd:
|
||||
name: bind9.service
|
||||
state: restarted
|
|
@ -0,0 +1,11 @@
|
|||
zone "golem.linux.it" {
|
||||
type master;
|
||||
file "/etc/bind/db.golem.linux.it";
|
||||
allow-transfer {
|
||||
213.254.12.144/28; // Tutta ILS
|
||||
2001:1418:10:5::0/64; // Tutta (?) ILS IPv6 (?)
|
||||
2001:4b78:2000::/48; // Tutto Marco d'Itri (BOFH)
|
||||
85.94.204.144/28; // Tutto Marco d'Itri (BOFH)
|
||||
2001:470:c844::/48; // GOLEM network
|
||||
};
|
||||
};
|
|
@ -0,0 +1,93 @@
|
|||
; +================+
|
||||
; BIND data file for | GOLEM.LINUX.IT |
|
||||
; +================+
|
||||
;
|
||||
; IMPORTANT: Always remember to update the Serial number after any change,
|
||||
; otherwise new records will not be retrieved by other DNS servers,
|
||||
; and they will not propagate.
|
||||
$TTL 3600
|
||||
@ IN SOA vostok.giomba.it. info.golem.linux.it. (
|
||||
2024032600 ; Serial
|
||||
3600 ; Refresh
|
||||
86400 ; Retry
|
||||
86400 ; Expire
|
||||
86400 ) ; Negative Cache TTL
|
||||
|
||||
; name servers - NS records
|
||||
IN NS vostok.giomba.it.
|
||||
IN NS ns.linux.it.
|
||||
IN NS ns.giomba.it.
|
||||
|
||||
; dynamic name server for computers in Officina
|
||||
andromeda.officina.golem.linux.it. IN AAAA 2001:470:c844:200:2e0:81ff:fed0:ec03
|
||||
|
||||
; mail -- mailbox.org
|
||||
golem.linux.it. IN MX 10 mxext1.mailbox.org.
|
||||
golem.linux.it. IN MX 10 mxext2.mailbox.org.
|
||||
golem.linux.it. IN MX 20 mxext3.mailbox.org.
|
||||
0c11bf06d09019ef480ae8d7a6a3ebe5c269405d.golem.linux.it. IN TXT 2593cd5dd048c3264223b52a5290fb9e0f6fedba
|
||||
golem.linux.it. IN TXT "v=spf1 include:mailbox.org -all"
|
||||
golem.linux.it. IN A 152.228.140.73
|
||||
|
||||
; hosts - A records
|
||||
ns.golem.linux.it. IN A 152.228.140.73
|
||||
ns.golem.linux.it. IN AAAA 2001:470:c844::2
|
||||
|
||||
; VPS
|
||||
atena IN A 152.228.140.73
|
||||
atena IN AAAA 2001:470:c844::11
|
||||
ipv4.atena IN A 152.228.140.73
|
||||
ipv6.atena IN AAAA 2001:41d0:404:200::947f
|
||||
; use ipv4 or ipv6 to only get the ipv4 or ipv6 address -- needed for some buggy apps
|
||||
ipv4.golem.linux.it. IN A 152.228.140.73
|
||||
ipv6.golem.linux.it. IN AAAA 2001:470:c844::2
|
||||
; "Gestionale dei soci", migrated on VPS
|
||||
argento IN CNAME atena
|
||||
|
||||
; vital mnemonic services
|
||||
ns6.golem.linux.it. IN CNAME ipv6.golem.linux.it.
|
||||
www.golem.linux.it. IN CNAME golem.linux.it.
|
||||
|
||||
; Network equipment
|
||||
porceddu.net IN AAAA 2001:470:c844:200::1
|
||||
scatolotto.net IN AAAA 2001:470:c844::200
|
||||
|
||||
; VPN
|
||||
vpn IN CNAME ipv4.atena
|
||||
|
||||
; web
|
||||
archivio IN CNAME atena
|
||||
blog IN CNAME atena
|
||||
build IN CNAME atena
|
||||
cgi IN CNAME atena
|
||||
ci IN CNAME atena
|
||||
cloud IN CNAME atena
|
||||
digitalecivile IN CNAME atena
|
||||
git IN CNAME atena
|
||||
hub.docker IN CNAME atena
|
||||
matrix IN CNAME atena
|
||||
websdr IN CNAME atena
|
||||
wiki IN CNAME atena
|
||||
|
||||
; servers in Officina
|
||||
backupper IN AAAA 2001:470:c844:200:4c9a:3fff:fe98:663c
|
||||
builder IN AAAA 2001:470:c844:200:b867:2ff:fe66:f76b
|
||||
cassone IN AAAA 2001:470:c844:200:ec5b:2bff:febd:d71a
|
||||
cerbero IN AAAA 2001:470:c844:200::1111:4242
|
||||
screensy IN AAAA 2001:470:c844:200:1447:55ff:fe54:279e
|
||||
; Dead servers, their services are moved
|
||||
cassiopea IN CNAME cerbero
|
||||
servirtualozzo.cassiopea IN CNAME cassone
|
||||
vupiuesse.andromeda IN CNAME cassone
|
||||
|
||||
; workstations in Officina
|
||||
stampante3d.officina IN AAAA 2001:470:c844:200:10ab:2782:dcdf:8ebb
|
||||
golem-sala-corsi.officina IN AAAA 2001:470:c844:200:4c47:aaf:6c2d:a08c
|
||||
laptopless.officina IN AAAA 2001:470:c844:200:2c0:9fff:fefc:123c
|
||||
limortouch.officina IN AAAA 2001:470:c844:200:167e:8920:7567:a49b
|
||||
|
||||
; soci
|
||||
spookyh-vm0.soci IN AAAA 2001:470:c844:200:3467:6bff:fe6b:1045
|
||||
|
||||
; tests
|
||||
comment-0 IN TXT "There has been an error in the authoritative DNS for years and we only discover it now?"
|
Loading…
Reference in New Issue