99 lines
2.7 KiB
Markdown
99 lines
2.7 KiB
Markdown
# Ansible Role: Unbound
|
|
|
|
Install and configure [Unbound](https://nlnetlabs.nl/projects/unbound/) DNS server.
|
|
|
|
## Variables
|
|
|
|
| Variable | Required | Default | Description |
|
|
|----------|----------|---------|-------------|
|
|
| `unbound_upstream_dns` | No | `["8.8.8.8", "1.1.1.1"]` | Upstream DNS servers |
|
|
| `unbound_allow_access` | Yes | `[]` | Networks allowed to query DNS |
|
|
| `unbound_zones` | Yes | `[]` | DNS zones to configure |
|
|
|
|
## Example
|
|
|
|
```yaml
|
|
unbound_upstream_dns:
|
|
- "1.1.1.1"
|
|
- "8.8.8.8"
|
|
|
|
unbound_allow_access:
|
|
- name: "internal-lan"
|
|
network: "10.0.0.0/8"
|
|
- name: "dmz"
|
|
network: "192.168.1.0/24"
|
|
|
|
unbound_zones:
|
|
- zone: "internal.example.com"
|
|
type: "static"
|
|
records:
|
|
|
|
# A records (default type)
|
|
- name: "server1.internal.example.com"
|
|
value: "10.0.1.10"
|
|
|
|
# AAAA record
|
|
- name: "server2.internal.example.com"
|
|
type: "AAAA"
|
|
value: "2001:db8::1"
|
|
|
|
# CNAME record
|
|
- name: "internal.example.com"
|
|
type: "CNAME"
|
|
value: "server1.internal.example.com"
|
|
|
|
# MX record
|
|
- name: "internal.example.com"
|
|
type: "MX"
|
|
priority: 10
|
|
value: "mail.internal.example.com"
|
|
|
|
# TXT record
|
|
- name: "internal.example.com"
|
|
type: "TXT"
|
|
value: "v=spf1 include:internal.example.com ~all"
|
|
|
|
# SRV record
|
|
- name: "_sip._tcp.internal.example.com"
|
|
type: "SRV"
|
|
priority: 10
|
|
weight: 60
|
|
port: 5060
|
|
value: "server1.internal.example.com"
|
|
|
|
# PTR record (manual reverse DNS)
|
|
- name: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"
|
|
type: "PTR"
|
|
value: "server1.internal.example.com"
|
|
```
|
|
|
|
## Supported Record Types
|
|
|
|
| Type | Required Fields | Description |
|
|
|------|----------------|-------------|
|
|
| `A` (default) | `name`, `value` | IPv4 address record |
|
|
| `AAAA` | `name`, `value`, `type` | IPv6 address record |
|
|
| `CNAME` | `name`, `value`, `type` | Canonical name |
|
|
| `MX` | `name`, `value`, `type`, `priority` | Mail exchange |
|
|
| `TXT` | `name`, `value`, `type` | Text record |
|
|
| `SRV` | `name`, `value`, `type`, `priority`, `weight`, `port` | Service locator |
|
|
| `PTR` | `name`, `value`, `type` | Pointer record |
|
|
|
|
## Reverse DNS
|
|
|
|
Reverse DNS (PTR) records are **automatically generated** for IPv4 A records in the following networks:
|
|
|
|
- `192.168.x.x/16`
|
|
- `10.8.x.x/16`
|
|
- `10.0.x.x/16`
|
|
|
|
**IPv6 reverse DNS is not auto-generated.** Use manual PTR records in a dedicated zone instead:
|
|
|
|
```yaml
|
|
- zone: "8.b.d.0.1.0.0.2.ip6.arpa"
|
|
type: "static"
|
|
records:
|
|
- name: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"
|
|
type: "PTR"
|
|
value: "server1.internal.example.com"
|
|
```
|