CentOS 7.x automated setup of bind dns server

From Notes_Wiki
Revision as of 15:34, 28 August 2022 by Saurabh (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > CentOS > CentOS 7.x > DevOps > Automated Configuration > Ansible > Ansible Playbooks > CentOS 7.x automated setup of bind dns server

The ansible script does basic configuration without MX records and does not supports multiple-zones with different hosts.

Variables are as follows:

zone_names
Names of zones. These must end with dot(.).
zone_address
A address of zone. That is if you defining example.com zone, what address should be resolved when you try http://example.com or ping example.com
name_server
You must have a DNS server. Hostname of DNS server from servers list defined later should be mentioned here.
servers
List of servers with name and IP


dns_servers.yaml

---
  - name: Configure DNS using bind
    hosts: dns_servers
    remote_user: root
 
    vars:
      zone_names: 
        - example.com.
      zone_address: 192.168.122.1
      allow_query_from: "10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;"
      name_server: dns1
      recursion: yes
      servers:
        - { hostname: dns1, ip: 192.168.122.97 }
        - { hostname: mail1, ip: 192.168.122.27 }
        - { hostname: mail2, ip: 192.168.122.233 }

    tasks:
    - name: Install bind and bind-utils package
      yum: name="{{item}}" state=present
      with_items:
        - bind
        - bind-utils

    - name: Create custom named.conf with desired zone
      template: src=named.conf dest=/etc/named.conf owner=root group=named mode=640
      notify:
        - restart bind

    - name: Copy zone forward files for all zones to /var/named
      template: src="zone.forward" dest="/var/named/{{item}}forward" owner=root group=named mode=640
      with_items: "{{zone_names}}"
      notify:
        - restart bind

    - name: Disable IPv6 support
      lineinfile: dest=/etc/sysconfig/named line='OPTIONS="-4"' regexp="^OPTIONS" 
      notify:
        - restart bind

    - name: Start and enable bind service
      service: name=named state=started enabled=yes

    handlers:
    - name: restart bind
      service: name=named state=restarted


named.conf

options {
	listen-on port 53 { 127.0.0.1; any; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; {{allow_query_from}} };
	recursion {{recursion}};

	dnssec-enable no;
	dnssec-validation no;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

{% for item in zone_names  %}

zone "{{item}}" IN {
   type master;
   file "{{item}}forward";
};

{% endfor %}


zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


zone.forward

$TTL 3600 
@ SOA ns.{{item}} root.{{item}} (1 15m 5m 30d 1h) 
		IN	NS	{{name_server}}
		IN	A 	{{zone_address}}

{% for server1 in servers %}

{{server1.hostname}}	IN	A	{{server1.ip}}

{% endfor %}


hosts

[dns_servers]
192.168.122.97   



Home > CentOS > CentOS 7.x > DevOps > Automated Configuration > Ansible > Ansible Playbooks > CentOS 7.x automated setup of bind dns server