home-infra/20_powerdns_setup.yaml

---
- name: "PowerDNS setup"
  hosts: master_nameservers
  become: true
  vars:
    database_name: "/var/lib/powerdns/db.sqlite"
    pdns_backends:
      gsqlite3:
        database: "{{ database_name }}"
    pdns_sqlite_databases_locations:
      - "{{ database_name }}"
    pdns_config:
      allow-axfr-ips: "{{ axfr_ips }}"
      server-id: "ns1.m4n5.nl"
      default-soa-content: "ns1.m4n5.nl. hostmaster.m4n5.nl. 1 3600 600 604800 1800"
      version-string: "anonymous"
      primary: true
      webserver: "yes"
    pdns_auth_powerdns_repo_49:
      apt_repo_origin: "repo.powerdns.com"
      apt_repo: "deb http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-49 main"
      gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
      gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
      yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-49"
      yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-49/debug"
      name: "powerdns-auth-49"
  roles:
    - { role: PowerDNS.pdns,
        pdns_install_repo: "{{ pdns_auth_powerdns_repo_49 }}" }
  tasks:
    - name: "Add DNS allow rule in ufw"
      community.general.ufw:
        rule: allow
        to_port: "53"
        protocol: udp
      when: ufw_status == "enabled"

    - name: "Add AXFR/IXFR allow rule in ufw"
      community.general.ufw:
        rule: allow
        to_port: "53"
        protocol: tcp
      when: ufw_status == "enabled"
working master slave with catalog zone, pdns master, knot slave 2025-01-15 17:46:17 +01:00			`---`
			`- name: "PowerDNS setup"`
			`hosts: master_nameservers`
			`become: true`
			`vars:`
			`database_name: "/var/lib/powerdns/db.sqlite"`
			`pdns_backends:`
			`gsqlite3:`
			`database: "{{ database_name }}"`
			`pdns_sqlite_databases_locations:`
			`- "{{ database_name }}"`
			`pdns_config:`
update configs 2025-01-16 13:37:02 +01:00			`allow-axfr-ips: "{{ axfr_ips }}"`
			`server-id: "ns1.m4n5.nl"`
			`default-soa-content: "ns1.m4n5.nl. hostmaster.m4n5.nl. 1 3600 600 604800 1800"`
			`version-string: "anonymous"`
working master slave with catalog zone, pdns master, knot slave 2025-01-15 17:46:17 +01:00			`primary: true`
enable PowerDNS webserver, add util playbook 2025-01-17 11:58:41 +01:00			`webserver: "yes"`
working master slave with catalog zone, pdns master, knot slave 2025-01-15 17:46:17 +01:00			`pdns_auth_powerdns_repo_49:`
			`apt_repo_origin: "repo.powerdns.com"`
			`apt_repo: "deb http://repo.powerdns.com/{{ ansible_distribution \| lower }} {{ ansible_distribution_release \| lower }}-auth-49 main"`
			`gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"`
			`gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"`
			`yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-49"`
			`yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-49/debug"`
			`name: "powerdns-auth-49"`
			`roles:`
			`- { role: PowerDNS.pdns,`
			`pdns_install_repo: "{{ pdns_auth_powerdns_repo_49 }}" }`
			`tasks:`
			`- name: "Add DNS allow rule in ufw"`
			`community.general.ufw:`
			`rule: allow`
			`to_port: "53"`
			`protocol: udp`
update configs 2025-01-16 13:37:02 +01:00			`when: ufw_status == "enabled"`
working master slave with catalog zone, pdns master, knot slave 2025-01-15 17:46:17 +01:00
			`- name: "Add AXFR/IXFR allow rule in ufw"`
			`community.general.ufw:`
			`rule: allow`
			`to_port: "53"`
			`protocol: tcp`
update configs 2025-01-16 13:37:02 +01:00			`when: ufw_status == "enabled"`