Init.

2023-08-24 21:05:24 +03:00
commit 39a7133677
13 changed files with 226 additions and 0 deletions
--- a/templates/etc/powerdns/recursor.conf.j2
+++ b/templates/etc/powerdns/recursor.conf.j2
@@ -0,0 +1,17 @@
+#
+# WARNING: auto-generated by Ansible powerdns-recursor role.
+#
+allow-from-file=/etc/powerdns/recursor.d/allow.lst
+api-key=pdns
+config-dir=/etc/powerdns
+daemon=yes
+dnssec-log-bogus=yes
+forward-zones-file=/etc/powerdns/recursor.d/forward.lst
+hint-file=/usr/share/dns/root.hints
+include-dir=/etc/powerdns/recursor.d
+local-address=127.0.0.53,169.254.255.255
+log-common-errors=yes
+lua-config-file=/etc/powerdns/recursor.lua
+lua-dns-script=/etc/powerdns/recursor.d/dns-script.lua
+webserver=yes
+webserver-address=127.0.0.53
--- a/templates/etc/powerdns/recursor.d/allow.lst.j2
+++ b/templates/etc/powerdns/recursor.d/allow.lst.j2
@@ -0,0 +1,6 @@
+#
+# WARNING: auto-generated by Ansible powerdns-recursor role.
+#
+127.0.0.0/8
+100.64.0.0/10
+169.254.0.0/16
--- a/templates/etc/powerdns/recursor.d/dns-script.lua.j2
+++ b/templates/etc/powerdns/recursor.d/dns-script.lua.j2
@@ -0,0 +1,24 @@
+--
+-- WARNING: auto-generated by Ansible powerdns-recursor role.
+--
+self = newDS()
+self:add{'{{ ansible_hostname }}', '{{ ansible_hostname }}.mm', '{{ ansible_fqdn }}'}
+
+function string.starts(String,Start)
+   return string.sub(String,1,string.len(Start))==Start
+end
+
+
+function preresolve(dq)
+    -- генерация LE сертификатов должна проходить без вмешательства
+    if string.starts(dq.qname:toString(), '_acme-challenge.') then
+        pdnslog("acme request, nothing change.")
+        return false
+    -- остальные fqdn в localhost необходимо спуфить
+    elseif self:check(dq.qname) and dq.qtype == pdns.A then
+        pdnslog("self request, spoof to Loopback")
+        dq:addAnswer(dq.qtype, "169.254.255.255")
+        return true
+    end
+    return false
+end
--- a/templates/etc/powerdns/recursor.d/forward.lst.j2
+++ b/templates/etc/powerdns/recursor.d/forward.lst.j2
@@ -0,0 +1,5 @@
+#
+# WARNING: auto-generated by Ansible powerdns-recursor role.
+#
+mm=172.31.122.10
+miranda-media.net=172.31.122.10
--- a/templates/etc/powerdns/recursor.lua.j2
+++ b/templates/etc/powerdns/recursor.lua.j2
@@ -0,0 +1,12 @@
+--
+-- WARNING: auto-generated by Ansible powerdns-recursor role.
+--
+-- Debian default Lua configuration file for PowerDNS Recursor
+-- Load DNSSEC root keys from dns-root-data package.
+-- Note: If you provide your own Lua configuration file, consider
+-- running rootkeys.lua too.
+dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
+-- zoneToCache(".", "url", "https://www.internic.net/domain/root.zone", { refreshPeriod = 0 })
+zoneToCache(".", "file", "/etc/powerdns/root.zone", { refreshPeriod = 0 })
+addNTA('mm', "private MM domain")
+addNTA('miranda-media.net', "fix DNSSEC issue for MM domain")