nameserver: Add support for enabling/disabling recursion

author David Galloway <dgallowa@redhat.com>

Wed, 16 Nov 2016 22:07:19 +0000 (17:07 -0500)

committer David Galloway <dgallowa@redhat.com>

Wed, 16 Nov 2016 22:19:25 +0000 (17:19 -0500)
author David Galloway <dgallowa@redhat.com>
Wed, 16 Nov 2016 22:07:19 +0000 (17:07 -0500)
committer David Galloway <dgallowa@redhat.com>
Wed, 16 Nov 2016 22:19:25 +0000 (17:19 -0500)
diff --git a/roles/nameserver/README.rst b/roles/nameserver/README.rst

index 98193c1fffe344c2e422ba275cd3a7df2329fcb4..d30806cc30521a8433d9b92f6203670d551e92e8 100644 (file)
--- a/roles/nameserver/README.rst
+++ b/roles/nameserver/README.rst
@@ -67,6 +67,10 @@ Most variables are defined in ``roles/nameserver/defaults/main.yml`` and values
  |  named_conf_soa: "ns1.example.com. admin.example.com." |                                                                                                                           |
  |                                                        |                                                                                                                           |
  +--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+
+|``named_conf_recursion: "no"``                          |Define whether recursion should be allowed or not.  Defaults to "no".  Override in Ansible inventory as a hostvar.         |
+|                                                        |                                                                                                                           |
+|                                                        |**NOTE:** Setting to "yes" will add ``allow-recursion { any; }``. See To-Do.                                               |
++--------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------+
  
  **named_domains: []**
  
@@ -160,5 +164,6 @@ To-Do
  - Allow additional user-defined firewall rules
  - DNSSEC
  - Dynamic DNS
+- Add support for specifying networks to allow recursion from
  
  .. _Sepia: https://ceph.github.io/sepia/
diff --git a/roles/nameserver/defaults/main.yml b/roles/nameserver/defaults/main.yml

index dc2d265ae4a1f93554008fffb7f0e3af72f1d1b8..64f797e788511f61197c0fb07a58986a33843af8 100644 (file)
--- a/roles/nameserver/defaults/main.yml
+++ b/roles/nameserver/defaults/main.yml
@@ -16,6 +16,7 @@ named_conf_listen_iface:
   - "{{ ansible_all_ipv4_addresses[0] }}"
  named_conf_zones_path: "/var/named/zones"
  named_conf_daemon_opts: ""
+named_conf_recursion: "no" # Allow recursion?  [yes|no]
  
  # Zone file conf vars
  named_conf_soa_ttl: 3600
diff --git a/roles/nameserver/templates/named.conf.j2 b/roles/nameserver/templates/named.conf.j2

index 04c83cb32035a94b0e152c6c8fc18e6c79489c4c..cd7ac2d1b8988955c5ddb7acf33c8eec20ffda1c 100644 (file)
--- a/roles/nameserver/templates/named.conf.j2
+++ b/roles/nameserver/templates/named.conf.j2
@@ -11,8 +11,10 @@ options {
         memstatistics-file      "{{ named_conf_data_dir }}/named_mem_stats.txt";
  
         allow-query             { any; };
-       recursion               yes;
+       recursion               {{ named_conf_recursion }};
+{% if named_conf_recursion == "yes" %}
         allow-recursion         { any; };
+{% endif %}
  };
  
  logging {
author	David Galloway <dgallowa@redhat.com>
	Wed, 16 Nov 2016 22:07:19 +0000 (17:07 -0500)
committer	David Galloway <dgallowa@redhat.com>
	Wed, 16 Nov 2016 22:19:25 +0000 (17:19 -0500)
roles/nameserver/README.rst		patch \| blob \| history
roles/nameserver/defaults/main.yml		patch \| blob \| history
roles/nameserver/templates/named.conf.j2		patch \| blob \| history