2020-04-07 20:01:27 +00:00
|
|
|
- name: Install Unbound
|
|
|
|
apt:
|
|
|
|
install_recommends: no
|
|
|
|
name: unbound
|
|
|
|
state: present
|
|
|
|
cache_valid_time: 3600
|
|
|
|
notify: Disable systemd-resolved
|
2020-04-10 14:09:26 +00:00
|
|
|
tags:
|
|
|
|
- setup
|
|
|
|
- packages
|
2020-05-09 14:39:38 +00:00
|
|
|
- name: Copy configuration files
|
|
|
|
loop:
|
|
|
|
- internal.conf
|
|
|
|
- redxen-dns.conf
|
|
|
|
- unbound.conf
|
|
|
|
template:
|
|
|
|
follow: yes
|
|
|
|
src: '{{ item }}.j2'
|
|
|
|
dest: /etc/unbound/{{ item }}
|
|
|
|
notify:
|
|
|
|
- Reload unbound
|
|
|
|
tags:
|
|
|
|
- update
|
|
|
|
- unbound
|
2020-04-14 20:51:57 +00:00
|
|
|
- name: Allow Unbound through iptables
|
2020-04-08 01:31:07 +00:00
|
|
|
loop:
|
2020-04-14 20:51:57 +00:00
|
|
|
- { ipv: 'ipv4', proto: 'tcp' }
|
|
|
|
- { ipv: 'ipv6', proto: 'tcp' }
|
|
|
|
- { ipv: 'ipv4', proto: 'udp' }
|
|
|
|
- { ipv: 'ipv6', proto: 'udp' }
|
2020-04-08 01:31:07 +00:00
|
|
|
iptables:
|
2020-04-14 20:51:57 +00:00
|
|
|
chain: INPUT
|
|
|
|
ctstate:
|
|
|
|
- NEW
|
|
|
|
- ESTABLISHED
|
|
|
|
- RELATED
|
|
|
|
destination_port: "53"
|
|
|
|
jump: ACCEPT
|
|
|
|
ip_version: '{{ item.ipv }}'
|
|
|
|
protocol: '{{ item.proto }}'
|
2020-04-08 01:31:07 +00:00
|
|
|
notify:
|
2020-04-14 20:51:57 +00:00
|
|
|
- Save netfilter rules
|
2020-04-10 14:09:26 +00:00
|
|
|
tags:
|
|
|
|
- update
|
|
|
|
- firewall
|