diff --git a/README.md b/README.md
index 34dfdc7..df69768 100644
--- a/README.md
+++ b/README.md
@@ -4,19 +4,19 @@ Ce rôle permet d'installer et configurer dnsmasq.
## Variables
-### dnsmasq_conf_domain
+### dnsmasq_domain
Nom de domain utilisé pour qualifier les noms courts.
*Valeur par défaut: aucune*
-### dnsmasq_conf_servers
+### dnsmasq_servers
Liste d'adresses IP auxquelles les requêtes DNS sont transmises si dnsmasq ne porte pas le domaine.
*Valeur par défaut: aucune*
-### dnsmasq_servers
+### dnsmasq_hosts
Liste d'IP ou de noms d'hôtes servant de serveur DNS.
@@ -46,6 +46,12 @@ Nom d'hôte du client.
*Valeur par défaut: `{{ inventory_hostname }} {{ inventory_hostname_short }}`*
+### dnsmasq_specifics
+
+Liste de dictionnaires contenant le nom d'hôte, les alias et la liste d'IP associées.
+
+*Valeur par défaut: aucune*
+
## Exemple d'utilisation
### inventory.yml
@@ -69,7 +75,7 @@ all:
```yaml
---
-dnsmasq_servers: "{{ groups['dnsservers'] }}"
+dnsmasq_hosts: "{{ groups['dnsservers'] }}"
```
@@ -78,8 +84,8 @@ dnsmasq_servers: "{{ groups['dnsservers'] }}"
```yaml
---
-dnsmasq_conf_domain: ykn.local
-dnsmasq_conf_servers:
+dnsmasq_domain: ykn.local
+dnsmasq_servers:
- 127.0.0.1#53000
- ::1#53000
```
diff --git a/defaults/main.yml b/defaults/main.yml
index 7a47c24..3741bed 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,13 +1,17 @@
---
# defaults file for dnsmasq
-dnsmasq_conf_domain: ""
-dnsmasq_conf_servers: []
-
+dnsmasq_domain: ""
dnsmasq_servers: []
+dnsmasq_rev_servers: []
+dnsmasq_bogus_priv_enabled: true
+
+dnsmasq_hosts: []
dnsmasq_host_ips: []
dnsmasq_host_aliases: []
dnsmasq_client_filename: "{{ inventory_hostname }}"
dnsmasq_client_hostname: "{{ inventory_hostname }} {{ inventory_hostname_short }}"
+
+dnsmasq_specifics: []
diff --git a/handlers/main.yml b/handlers/main.yml
index 7fb2eb3..ebe8314 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -12,7 +12,7 @@
ansible.builtin.systemd:
state: reloaded
name: dnsmasq.service
- loop: "{{ dnsmasq_servers }}"
+ loop: "{{ dnsmasq_hosts }}"
loop_control:
loop_var: dnsserver
delegate_to: "{{ dnsserver }}"
diff --git a/tasks/client.yml b/tasks/client.yml
index ab0d8fd..1eac074 100644
--- a/tasks/client.yml
+++ b/tasks/client.yml
@@ -9,10 +9,9 @@
src: "{{ role_path }}/templates/host.conf.j2"
dest: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
when:
- - dnsmasq_servers | length > 0
- - dnsmasq_host_ipv4 not in dnsmasq_servers
- tags: creation
- loop: "{{ dnsmasq_servers }}"
+ - dnsmasq_hosts | length > 0
+ - dnsmasq_host_ipv4 not in dnsmasq_hosts
+ loop: "{{ dnsmasq_hosts }}"
loop_control:
loop_var: dnsserver
delegate_to: "{{ dnsserver }}"
@@ -24,10 +23,10 @@
path: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
state: absent
when:
- - dnsmasq_servers | length > 0
- - dnsmasq_host_ipv4 not in dnsmasq_servers
+ - dnsmasq_hosts | length > 0
+ - dnsmasq_host_ipv4 not in dnsmasq_hosts
tags: [destruction, never]
- loop: "{{ dnsmasq_servers }}"
+ loop: "{{ dnsmasq_hosts }}"
loop_control:
loop_var: dnsserver
delegate_to: "{{ dnsserver }}"
diff --git a/tasks/configuration.yml b/tasks/configuration.yml
index 9147453..e88f504 100644
--- a/tasks/configuration.yml
+++ b/tasks/configuration.yml
@@ -1,10 +1,16 @@
---
# tasks file for security
+- name: Supprimer l'ancien fichier de configuration
+ ansible.builtin.file:
+ path: /etc/dnsmasq.d/cache.conf
+ state: absent
+ become: true
+
- name: Configurer dnsmasq
ansible.builtin.template:
src: dnsmasq.conf.j2
- dest: /etc/dnsmasq.d/cache.conf
+ dest: /etc/dnsmasq.d/dns.conf
owner: root
group: root
mode: u=rw,g=r,o=r
@@ -13,10 +19,26 @@
- name: Déployer la configuration de l'instance
ansible.builtin.template:
+ src: host.conf.j2
+ dest: /srv/dnsmasq/{{ inventory_hostname }}.conf
owner: dnsmasq
group: root
mode: u=rw,g=r,o=r
- src: host.conf.j2
- dest: /srv/dnsmasq/{{ inventory_hostname }}.conf
become: true
notify: Recharger dnsmasq.service
+
+- name: Déployer les configurations specifiques
+ ansible.builtin.template:
+ src: specific.conf.j2
+ dest: "{{ filename }}"
+ owner: dnsmasq
+ group: root
+ mode: u=rw,g=r,o=r
+ when: dnsmasq_specifics | length > 0
+ become: true
+ notify: Recharger dnsmasq.service
+ loop: "{{ dnsmasq_specifics }}"
+ loop_control:
+ label: "{{ filename }}"
+ vars:
+ filename: /srv/dnsmasq/{{ item.hostname }}.conf
diff --git a/templates/dnsmasq.conf.j2 b/templates/dnsmasq.conf.j2
index 66c785d..28342d0 100644
--- a/templates/dnsmasq.conf.j2
+++ b/templates/dnsmasq.conf.j2
@@ -1,14 +1,19 @@
# {{ ansible_managed }}
+# Répondre aux demandes locales uniquement
+local-service
+
# Ne pas transmettre les requêtes avec un nom court (pas FQDN)
domain-needed
+{% if dnsmasq_bogus_priv_enabled %}
# Ne pas envoyer les requête sur les IP privées
bogus-priv
+{% endif %}
# Spécifié le domaine pour qualifié les noms courts
-domain={{ dnsmasq_conf_domain }}
-local=/{{ dnsmasq_conf_domain }}/
+domain={{ dnsmasq_domain }}
+local=/{{ dnsmasq_domain }}/
# Ajoute le nom de domaine au noms simples
expand-hosts
@@ -22,11 +27,16 @@ no-resolv
# Ne pas utiliser /etc/hosts
no-hosts
-# Utiliser dnscrypt-proxy
-{% for server in dnsmasq_conf_servers %}
+# Définir les serveurs DNS à suivre
+{% for server in dnsmasq_servers %}
server={{ server }}
{% endfor %}
+# Définir les serveurs DNS à suivre (PTR)
+{% for server in dnsmasq_rev_servers %}
+rev-server={{ server }}
+{% endfor %}
+
# Bloquer le rebond DNS
stop-dns-rebind
diff --git a/templates/specific.conf.j2 b/templates/specific.conf.j2
new file mode 100644
index 0000000..d3157f9
--- /dev/null
+++ b/templates/specific.conf.j2
@@ -0,0 +1,6 @@
+# {{ ansible_managed }}
+
+{% for ip in item.ips %}
+{% set aliases = item.get('aliases', []) %}
+{{ ip }} {{ ([item.hostname] + aliases) | join(' ') }}
+{% endfor %}