library/roles/bind-caching-server: Role that configures a caching name server. Optionally forwarders can be added.

bind-caching-server/defaults/main.yml

@@ -0,0 +1,29 @@
+---
+bind_install: True
+bind_enabled: True
+bind_pkg_state: latest
+bind_pkg_n: bind9
+bind_pkg_list:
+  - '{{ bind_pkg_n }}'
+  - '{{ bind_pkg_n }}-host'
+  - '{{ bind_pkg_n }}utils'
+
+bind_allowed_query_acl:
+  - '{{ ansible_default_ipv4.address }}'
+
+bind_use_forwarders: False
+bind_forwarder_only: False
+bind_forwarders_list:
+  - '{{ ansible_default_ipv4.address }}'
+
+bind_listen_on_ipv4: True  
+bind_listen_on_ipv6:
+  - none
+bind_cache_dir: /var/cache/bind
+bind_dnssec_enabled: False
+bind_dnssec_validation: auto
+# Default: 1 week
+bind_max_cache_ttl: 604800
+# 10 minutes
+bind_max_negative_cache_ttl: 600
+

bind-caching-server/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: reload bind
+  service: name=bind9 state=reloaded
+  when: bind_enabled
+

bind-caching-server/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- block:
+    - name: Install the bind packages
+      apt: pkg={{ item }} state={{ bind_pkg_state }} update_cache=yes cache_valid_time=1800
+      with_items: '{{ bind_pkg_list }}'
+
+    - name: Install the bind configuration
+      template: src=named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=0640
+      notify: reload bind
+
+    - name: Ensure that the bind service is running and enabled
+      service: name=bind9 state=started enabled=yes
+
+    - name: Ensure that the bind service is stopped and disabled
+      service: name=bind9 state=stopped enabled=no
+      when: not bind_enabled
+
+  when: bind_enabled
+  tags: [ 'bind', 'caching_nameserver' ]
+    
+- block:
+    - name: Ensure that the bind service is stopped and disabled
+      service: name=bind9 state=stopped enabled=no
+
+    - name: Remove the bind packages
+      apt: pkg={{ item }} state=absent
+      with_items: '{{ bind_pkg_list }}'
+
+  when: not bind_install
+  tags: [ 'bind', 'caching_nameserver' ]
+    

bind-caching-server/templates/named.conf.options.j2

@@ -0,0 +1,35 @@
+acl allowedtoquery {
+       localhost;
+{% for ip in bind_allowed_query_acl %}
+       {{ ip }};
+{% endfor %}
+};
+
+options {
+        directory "{{ bind_cache_dir }}";
+        dump-file       "{{ bind_cache_dir }}/cache_dump.db";
+        statistics-file "{{ bind_cache_dir }}/named.stats";
+        memstatistics-file "{{ bind_cache_dir }}/named_mem.stats";
+        max-cache-ttl {{ bind_max_cache_ttl }};
+        max-ncache-ttl {{ bind_max_negative_cache_ttl }};
+        auth-nxdomain no;    # conform to RFC1035
+{% if bind_listen_on_ipv4 %}
+        listen-on { any; };
+{% endif %}
+{% for int in bind_listen_on_ipv6 %}
+        listen-on-v6 { {{ int }}; };
+{% endfor %}
+{% if bind_dnssec_enabled %}
+         dnssec-enable yes;
+{% endif %}
+        dnssec-validation {{ bind_dnssec_validation }};
+        recursion yes;
+        allow-query { allowedtoquery; };
+{% if bind_use_forwarders %}
+        forwarders {
+{% for ip in bind_forwarders_list %}
+                   {{ ip }};
+{% endfor %}
+        };
+{% endif %}
+};