From 3f6a280c4ca3e2ad4f118e28c7a7d18e29f27e88 Mon Sep 17 00:00:00 2001 From: Praven John Date: Tue, 14 Oct 2025 08:13:37 +0530 Subject: [PATCH 1/3] creating a DNSMASQ playbook --- ansible/dns-server.yml | 11 +++ ansible/dns-server/README.md | 73 +++++++++++++++++++ ansible/dns-server/defaults/main.yml | 13 ++++ ansible/dns-server/tasks/main.yml | 42 +++++++++++ .../dns-server/templates/custom-cname.conf.j2 | 3 + ansible/dns-server/templates/dnsmasq.conf.j2 | 21 ++++++ .../templates/static-records.conf.j2 | 3 + 7 files changed, 166 insertions(+) create mode 100644 ansible/dns-server.yml create mode 100644 ansible/dns-server/README.md create mode 100644 ansible/dns-server/defaults/main.yml create mode 100644 ansible/dns-server/tasks/main.yml create mode 100644 ansible/dns-server/templates/custom-cname.conf.j2 create mode 100644 ansible/dns-server/templates/dnsmasq.conf.j2 create mode 100644 ansible/dns-server/templates/static-records.conf.j2 diff --git a/ansible/dns-server.yml b/ansible/dns-server.yml new file mode 100644 index 0000000..7263c52 --- /dev/null +++ b/ansible/dns-server.yml @@ -0,0 +1,11 @@ +--- +- name: Configure DNS Server using dnsmasq + hosts: dns_servers + become: yes + vars: + dns_domain: qburst.int + dns_static_records: + - { name: 'server1.qburst.int', ip: '10.0.0.10' } + - { name: 'server2.qbutst.int', ip: '10.0.0.11' } + roles: + - role: dns-server diff --git a/ansible/dns-server/README.md b/ansible/dns-server/README.md new file mode 100644 index 0000000..f274f35 --- /dev/null +++ b/ansible/dns-server/README.md @@ -0,0 +1,73 @@ +# Ansible Role for DNS Server Management +========= + +Ansible playbook to install and configure a DNS server using dnsmasq on an Ubuntu server. + +# Requirements +------------ + +The role can be executed on any machine having a Debian-based OS with the below packages. + - Ansible + - Python + +# Role Variables +-------------- + +Available variables are listed below (`ansible/dns-server/defaults/main.yml`): + +* `dns_domain`: The local domain that dnsmasq will serve. (Default: `an.example.com`) +* `dns_upstream_servers`: A list of upstream DNS servers to forward queries to. (Default: `['8.8.8.8', '8.8.4.4']`) +* `dns_static_records`: A list of dictionaries for static A records. Each dictionary should have `name` and `ip`. +* `dns_cname_records`: A list of dictionaries for CNAME records. Each dictionary should have `cname` and `target`. + +# Role tasks +------------- + +The `main.yml` in the tasks directory will run the following operations: + - Install dnsmasq. + - Configure dnsmasq using a template. + - Create a directory for custom dnsmasq configurations. + - Create configuration files for static and CNAME records from templates. + - Ensure the dnsmasq service is started and enabled. + +The role also includes a handler to restart the `dnsmasq` service upon configuration changes. + +# Dependencies +------------ + +There are no external dependencies for this role. Ensure that the target server is an Ubuntu server and is accessible via SSH. + +# Example Playbook +---------------- + +To use this role, you can create a playbook like the one provided in `ansible/dns-server.yml`: + + --- + - name: Configure DNS Server using dnsmasq + hosts: dns_servers + become: yes + roles: + - role: dns-server + +You can then run the playbook using the following command: + + ansible-playbook ansible/dns-server.yml --extra-vars "hosts=your_host_group" + +You would typically define your inventory of `dns_servers` in a separate inventory file. + +Here is an example of how you can pass the records: + + ansible-playbook ansible/dns-server.yml -i inventory --extra-vars '{ + "dns_static_records": [ + { "name": "host1.an.example.com", "ip": "192.168.1.10" }, + { "name": "host2.an.example.com", "ip": "192.168.1.11" } + ], + "dns_cname_records": [ + { "cname": "alias.an.example.com", "target": "host1.an.example.com" } + ] + }' + +# Author Information +------------------ + +QBurst DevOps Team diff --git a/ansible/dns-server/defaults/main.yml b/ansible/dns-server/defaults/main.yml new file mode 100644 index 0000000..69bcd77 --- /dev/null +++ b/ansible/dns-server/defaults/main.yml @@ -0,0 +1,13 @@ +--- +dns_domain: an.example.com + +dns_upstream_servers: + - 8.8.8.8 + - 8.8.4.4 + +dns_static_records: [] + - { name: 'host1.an.example.com', ip: '192.168.1.10' } + - { name: 'host2.an.example.com', ip: '192.168.1.11' } + +# dns_cname_records: [] +# - { cname: 'alias.an.example.com', target: 'host1.an.example.com' } diff --git a/ansible/dns-server/tasks/main.yml b/ansible/dns-server/tasks/main.yml new file mode 100644 index 0000000..37a6f28 --- /dev/null +++ b/ansible/dns-server/tasks/main.yml @@ -0,0 +1,42 @@ +--- +- name: Install dnsmasq + apt: + name: dnsmasq + state: present + update_cache: yes + +- name: Configure dnsmasq + template: + src: dnsmasq.conf.j2 + dest: /etc/dnsmasq.conf + notify: restart dnsmasq + +- name: Create directory for custom dnsmasq configs + file: + path: /etc/dnsmasq.d + state: directory + mode: '0755' + +- name: Create static records file + template: + src: static-records.conf.j2 + dest: /etc/dnsmasq.d/static-records.conf + notify: restart dnsmasq + +- name: Create custom CNAME records file + template: + src: custom-cname.conf.j2 + dest: /etc/dnsmasq.d/custom-cname.conf + notify: restart dnsmasq + +- name: Ensure dnsmasq service is running and enabled + service: + name: dnsmasq + state: started + enabled: yes + +handlers: + - name: restart dnsmasq + service: + name: dnsmasq + state: restarted diff --git a/ansible/dns-server/templates/custom-cname.conf.j2 b/ansible/dns-server/templates/custom-cname.conf.j2 new file mode 100644 index 0000000..aeb0704 --- /dev/null +++ b/ansible/dns-server/templates/custom-cname.conf.j2 @@ -0,0 +1,3 @@ +{% for record in dns_cname_records %} +cname={{ record.cname }},{{ record.target }} +{% endfor %} diff --git a/ansible/dns-server/templates/dnsmasq.conf.j2 b/ansible/dns-server/templates/dnsmasq.conf.j2 new file mode 100644 index 0000000..8e785a1 --- /dev/null +++ b/ansible/dns-server/templates/dnsmasq.conf.j2 @@ -0,0 +1,21 @@ +# Default DNS settings +port=53 +domain-needed +bogus-priv +no-resolv +strict-order + +# Local domain +local=/{{ dns_domain }}/ +domain={{ dns_domain }} + +# Upstream DNS servers +{% for server in dns_upstream_servers %} +server={{ server }} +{% endfor %} + +# Cache size +cache-size=1000 + +# Include all .conf files in /etc/dnsmasq.d/ +conf-dir=/etc/dnsmasq.d/,*.conf diff --git a/ansible/dns-server/templates/static-records.conf.j2 b/ansible/dns-server/templates/static-records.conf.j2 new file mode 100644 index 0000000..19c949b --- /dev/null +++ b/ansible/dns-server/templates/static-records.conf.j2 @@ -0,0 +1,3 @@ +{% for record in dns_static_records %} +address=/{{ record.name }}/{{ record.ip }} +{% endfor %} From 9fd385e0970d023fbd1688fa263fd6bea276d132 Mon Sep 17 00:00:00 2001 From: Praven John Date: Tue, 14 Oct 2025 18:32:05 +0530 Subject: [PATCH 2/3] fixing issues --- ansible/dns-server.yml | 3 ++ ansible/dns-server/defaults/main.yml | 10 +++++-- ansible/dns-server/handlers/main.yml | 5 ++++ ansible/dns-server/tasks/main.yml | 29 ++++++++++++++----- .../dns-server/templates/custom-cname.conf.j2 | 2 +- ansible/dns-server/templates/dnsmasq.conf.j2 | 5 ++++ .../templates/static-records.conf.j2 | 2 +- 7 files changed, 45 insertions(+), 11 deletions(-) create mode 100644 ansible/dns-server/handlers/main.yml diff --git a/ansible/dns-server.yml b/ansible/dns-server.yml index 7263c52..ac8a68d 100644 --- a/ansible/dns-server.yml +++ b/ansible/dns-server.yml @@ -7,5 +7,8 @@ dns_static_records: - { name: 'server1.qburst.int', ip: '10.0.0.10' } - { name: 'server2.qbutst.int', ip: '10.0.0.11' } + dns_listen_addresses: + - "127.0.0.1" + - "10.0.16.124" roles: - role: dns-server diff --git a/ansible/dns-server/defaults/main.yml b/ansible/dns-server/defaults/main.yml index 69bcd77..04ea718 100644 --- a/ansible/dns-server/defaults/main.yml +++ b/ansible/dns-server/defaults/main.yml @@ -5,9 +5,15 @@ dns_upstream_servers: - 8.8.8.8 - 8.8.4.4 -dns_static_records: [] +dns_static_records: - { name: 'host1.an.example.com', ip: '192.168.1.10' } - { name: 'host2.an.example.com', ip: '192.168.1.11' } -# dns_cname_records: [] +dns_cname_records: [] # - { cname: 'alias.an.example.com', target: 'host1.an.example.com' } + +# A list of IP addresses for dnsmasq to listen on. +# By default, it only listens on the loopback interface. +# Add the server's private IP here to allow other clients to connect. +dns_listen_addresses: + - "127.0.0.1" diff --git a/ansible/dns-server/handlers/main.yml b/ansible/dns-server/handlers/main.yml new file mode 100644 index 0000000..08064c7 --- /dev/null +++ b/ansible/dns-server/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart dnsmasq + service: + name: dnsmasq + state: restarted diff --git a/ansible/dns-server/tasks/main.yml b/ansible/dns-server/tasks/main.yml index 37a6f28..a174598 100644 --- a/ansible/dns-server/tasks/main.yml +++ b/ansible/dns-server/tasks/main.yml @@ -11,6 +11,27 @@ dest: /etc/dnsmasq.conf notify: restart dnsmasq +- name: Stop systemd-resolved service + service: + name: systemd-resolved + state: stopped + enabled: no + +- name: Disable systemd-resolved service + systemd: + name: systemd-resolved + enabled: no + +- name: Remove /etc/resolv.conf + file: + path: /etc/resolv.conf + state: absent + +- name: Create new /etc/resolv.conf + copy: + content: "nameserver 127.0.0.1\n" + dest: /etc/resolv.conf + - name: Create directory for custom dnsmasq configs file: path: /etc/dnsmasq.d @@ -33,10 +54,4 @@ service: name: dnsmasq state: started - enabled: yes - -handlers: - - name: restart dnsmasq - service: - name: dnsmasq - state: restarted + enabled: yes \ No newline at end of file diff --git a/ansible/dns-server/templates/custom-cname.conf.j2 b/ansible/dns-server/templates/custom-cname.conf.j2 index aeb0704..cb35e6d 100644 --- a/ansible/dns-server/templates/custom-cname.conf.j2 +++ b/ansible/dns-server/templates/custom-cname.conf.j2 @@ -1,3 +1,3 @@ -{% for record in dns_cname_records %} +{% for record in dns_cname_records | default([]) %} cname={{ record.cname }},{{ record.target }} {% endfor %} diff --git a/ansible/dns-server/templates/dnsmasq.conf.j2 b/ansible/dns-server/templates/dnsmasq.conf.j2 index 8e785a1..e5e869f 100644 --- a/ansible/dns-server/templates/dnsmasq.conf.j2 +++ b/ansible/dns-server/templates/dnsmasq.conf.j2 @@ -5,6 +5,11 @@ bogus-priv no-resolv strict-order +# Listen addresses +{% for addr in dns_listen_addresses %} +listen-address={{ addr }} +{% endfor %} + # Local domain local=/{{ dns_domain }}/ domain={{ dns_domain }} diff --git a/ansible/dns-server/templates/static-records.conf.j2 b/ansible/dns-server/templates/static-records.conf.j2 index 19c949b..23780e7 100644 --- a/ansible/dns-server/templates/static-records.conf.j2 +++ b/ansible/dns-server/templates/static-records.conf.j2 @@ -1,3 +1,3 @@ -{% for record in dns_static_records %} +{% for record in dns_static_records | default([]) %} address=/{{ record.name }}/{{ record.ip }} {% endfor %} From 8f8e72bc98e7cb1feb0222ba5b9adce5857eb7ed Mon Sep 17 00:00:00 2001 From: praven Date: Tue, 14 Oct 2025 13:23:49 +0000 Subject: [PATCH 3/3] adding a main nameserver --- ansible/dns-server.yml | 2 +- ansible/dns-server/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/dns-server.yml b/ansible/dns-server.yml index ac8a68d..07122af 100644 --- a/ansible/dns-server.yml +++ b/ansible/dns-server.yml @@ -9,6 +9,6 @@ - { name: 'server2.qbutst.int', ip: '10.0.0.11' } dns_listen_addresses: - "127.0.0.1" - - "10.0.16.124" + - "10.0.16.1" # Pls replace with the DNS server's actual IP roles: - role: dns-server diff --git a/ansible/dns-server/tasks/main.yml b/ansible/dns-server/tasks/main.yml index a174598..2b63dbb 100644 --- a/ansible/dns-server/tasks/main.yml +++ b/ansible/dns-server/tasks/main.yml @@ -29,7 +29,7 @@ - name: Create new /etc/resolv.conf copy: - content: "nameserver 127.0.0.1\n" + content: "nameserver 8.8.8.8\nnameserver 127.0.0.1\n" dest: /etc/resolv.conf - name: Create directory for custom dnsmasq configs @@ -54,4 +54,4 @@ service: name: dnsmasq state: started - enabled: yes \ No newline at end of file + enabled: yes