space_server: named: use named instead of unbound

This reverts commit 3b795796bd03488a385f3ad42b10b8c0d61282c1, "space_server: unbound: use unbound instad of bind". Unlike unbound, bind supports synthesizing DNS64 answers only for certain clients, so only requests from the Labitat NAT64 network will get DNS64 answers.
author: Emil Renner Berthing <esmil@labitat.dk> 2019-03-31 19:45:52 +0200
committer: Emil Renner Berthing <esmil@labitat.dk> 2019-04-01 13:07:23 +0200
commit: 88756850d1a5cb28b897bdcc9337fcb6977aad0b (patch)
tree: ebe21e61ac6e234fa19e2b555c21d1b647556d84 /roles/space_server/templates
parent: 48ffd1b69723dc6ddd023d803fc0edd8034ce386 (diff)
download: labitat-ansible-88756850d1a5cb28b897bdcc9337fcb6977aad0b.tar.gz
labitat-ansible-88756850d1a5cb28b897bdcc9337fcb6977aad0b.tar.xz
labitat-ansible-88756850d1a5cb28b897bdcc9337fcb6977aad0b.zip
2 files changed, 21 insertions, 128 deletions
diff --git a/roles/space_server/templates/s.zone.j2 b/roles/space_server/templates/s.zone.j2
new file mode 100644
index 0000000..6bf9718
--- /dev/null
+++ b/roles/space_server/templates/s.zone.j2
@@ -0,0 +1,21 @@
+s.              600    IN   SOA     space.labitat.dk. esmil.labitat.dk. 2019040101 7200 3600 604800 86400
+s.              600    IN   NS      space.labitat.dk.
+
+s.              600    IN   A       10.42.1.1
+s.              600    IN   AAAA    2a01:4260:1ab::
+
+labitrack.s.    600    IN   A     185.38.175.70
+labitrack.s.    600    IN   AAAA  2a01:4262:1ab::cafe
+track.s.        600    IN   A     185.38.175.70
+track.s.        600    IN   AAAA  2a01:4262:1ab::cafe
+{% for host in local_hosts %}
+
+{% if 'ips' in host and host.ips|length > 0 %}
+{% for ip in host.ips|ipv4 %}
+{{ host.name }}.s. 600 IN A {{ ip }}
+{% endfor %}
+{% for ip in host.ips|ipv6 %}
+{{ host.name }}.s. 600 IN AAAA {{ ip }}
+{% endfor %}
+{% endif %}
+{% endfor %}
diff --git a/roles/space_server/templates/unbound.conf.j2 b/roles/space_server/templates/unbound.conf.j2
deleted file mode 100644
index 26b7006..0000000
--- a/roles/space_server/templates/unbound.conf.j2
+++ /dev/null
@@ -1,128 +0,0 @@
-server:
-	pidfile: "/run/unbound/unbound.pid"
-	verbosity: 1
-	statistics-interval: 0
-	statistics-cumulative: no
-	extended-statistics: yes
-	num-threads: 1
-
-	define-tag: "local"
-
-	interface: 127.0.0.1
-	interface: ::1
-	interface: 185.38.175.0
-	interface: 2a01:4262:1ab::
-
-	outgoing-interface: 185.38.175.0
-	outgoing-interface: 2a01:4262:1ab::
-	outgoing-port-permit: 32768-60999
-	outgoing-port-avoid: 0-32767
-
-	so-reuseport: yes
-	ip-transparent: yes
-	max-udp-size: 3072
-
-	access-control-tag: 127.0.0.1/32 "local"
-	access-control-tag: ::1/128 "local"
-
-	access-control: 185.38.175.0/24 allow
-	access-control: 10.42.0.0/16 allow
-	access-control-tag: 10.42.0.0/24 "local"
-	access-control-tag: 10.42.1.0/24 "local"
-	access-control-tag: 10.42.2.0/24 "local"
-	# not free wifi     10.42.3.0/24
-	access-control-tag: 10.42.4.0/24 "local"
-	access-control-tag: 10.42.5.0/24 "local"
-	access-control: 2a01:4262:1ab::/48 allow
-	access-control-tag: 2a01:4262:1ab:a::/64 "local"
-	access-control-tag: 2a01:4262:1ab:b::/64 "local"
-	access-control-tag: 2a01:4262:1ab:c::/64 "local"
-	# not free wifi     2a01:4262:1ab:d::/64
-	access-control-tag: 2a01:4262:1ab:e::/64 "local"
-	access-control-tag: 2a01:4262:1ab:f::/64 "local"
-
-	chroot: ""
-	username: "unbound"
-	directory: "/etc/unbound"
-
-	use-syslog: yes
-	log-time-ascii: yes
-
-	harden-glue: yes
-	harden-dnssec-stripped: yes
-	harden-below-nxdomain: yes
-	harden-referral-path: yes
-	qname-minimisation: yes
-
-	prefetch: yes
-	prefetch-key: yes
-	rrset-roundrobin: yes
-	minimal-responses: yes
-
-	module-config: "dns64 validator iterator"
-
-	dns64-prefix: 2a01:4262:1ab:0:0:f::/96
-
-	trust-anchor-signaling: yes
-
-	trusted-keys-file: /etc/unbound/keys.d/*.key
-	auto-trust-anchor-file: "/var/lib/unbound/root.key"
-
-	val-clean-additional: yes
-	val-permissive-mode: no
-	serve-expired: yes
-	val-log-level: 1
-
-	local-zone: a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
-	local-data: "a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
-	local-data: "a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
-
-	local-zone: b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
-	local-data: "b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
-	local-data: "b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
-
-	local-zone: c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
-	local-data: "c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
-	local-data: "c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
-
-	local-zone: d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
-	local-data: "d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
-	local-data: "d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
-
-	local-zone: e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
-	local-data: "e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
-	local-data: "e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
-
-	local-zone: f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
-	local-data: "f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
-	local-data: "f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
-
-	local-zone: s. static
-	local-zone-tag: s. "local"
-	local-data: "s.              IN SOA   space.labitat.dk. esmil.labitat.dk. 20171119 3600 1200 604800 10800"
-	local-data: "s.              IN NS    space.labitat.dk."
-	local-data: "s.              IN A     10.42.1.1"
-	local-data: "s.              IN AAAA  2a01:4262:1ab::"
-	local-data: "labitrack.s.    IN A     185.38.175.70"
-	local-data: "labitrack.s.    IN AAAA  2a01:4262:1ab::cafe"
-	local-data: "track.s.        IN A     185.38.175.70"
-	local-data: "track.s.        IN AAAA  2a01:4262:1ab::cafe"
-{% for host in local_hosts %}
-{%   for ip in host.ips | ipv4 %}
-{%     if loop.index <= 1 %}
-	local-data: "{{ host.name }}.s. IN A {{ ip }}"
-	local-data-ptr: "{{ ip }} {{ host.name }}.s."
-{%     endif %}
-{%   endfor %}
-{%   for ip in host.ips | ipv6 %}
-{%     if loop.index <= 1 %}
-	local-data: "{{ host.name }}.s. IN AAAA {{ ip }}"
-	local-data-ptr: "{{ ip }} {{ host.name }}.s."
-{%     endif %}
-{%   endfor %}
-{% endfor %}
-
-remote-control:
-	control-enable: yes
-	control-use-cert: no
-	control-interface: "/run/unbound/control"
author	Emil Renner Berthing <esmil@labitat.dk>	2019-03-31 19:45:52 +0200
committer	Emil Renner Berthing <esmil@labitat.dk>	2019-04-01 13:07:23 +0200
commit	88756850d1a5cb28b897bdcc9337fcb6977aad0b (patch)
tree	ebe21e61ac6e234fa19e2b555c21d1b647556d84 /roles/space_server/templates
parent	48ffd1b69723dc6ddd023d803fc0edd8034ce386 (diff)
download	labitat-ansible-88756850d1a5cb28b897bdcc9337fcb6977aad0b.tar.gz labitat-ansible-88756850d1a5cb28b897bdcc9337fcb6977aad0b.tar.xz labitat-ansible-88756850d1a5cb28b897bdcc9337fcb6977aad0b.zip