From 1e31ce2ad842bdce7906aefd6ed55c914f2b52d4 Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Tue, 17 Mar 2026 13:51:18 +0100
Subject: [PATCH] Configuration for sifi DNS

---
 .../group_vars/nameserver/sifi.yaml           | 119 ++++++++++++++++++
 1 file changed, 119 insertions(+)
 create mode 100644 ansible/inventories/group_vars/nameserver/sifi.yaml

diff --git a/ansible/inventories/group_vars/nameserver/sifi.yaml b/ansible/inventories/group_vars/nameserver/sifi.yaml
new file mode 100644
index 0000000..c905ceb
--- /dev/null
+++ b/ansible/inventories/group_vars/nameserver/sifi.yaml
@@ -0,0 +1,119 @@
+bind_allow_query:
+  - "any"
+
+bind_listen:
+  ipv4:
+    - port: 53
+      addresses:
+        - "127.0.0.1"
+        - "{{ ansible_default_ipv4.address }}"
+    - port: 5353
+      addresses:
+        - "127.0.1.1"
+  ipv6:
+    - port: 53
+      addresses:
+        - "{{ ansible_default_ipv4.address }}"
+
+
+bind_zones:
+  - name: 'sifi.isti.cnr.it'
+    # default: primary [primary, secondary, forward]
+    # type: primary
+    # create_forward_zones: true
+    # Skip creation of reverse zones
+    # create_reverse_zones: false
+    # fpr type: secondary
+    primaries:
+      - 146.48.108.51
+    networks:
+      - '146.48.108'
+    #ipv6_networks:
+    #  - '2001:db9::/48'
+    name_servers:
+      - ns1.sifi.isti.cnr.it.
+    # hostmaster_email: admin
+    #
+    #allow_updates:
+    #  - "10.0.1.2"
+    #  - 'key "external-dns"'
+    #allow_transfers:
+    #  - 'key "external-dns"'    
+    hosts:
+      - name: ns1
+        ip: 146.48.108.51
+      - name: bigbrain
+        ip: 146.48.108.14
+        #ipv6: '2001:db9::1'
+    #mail_servers:
+    #  - name: mail001
+    #    preference: 10
+
+
+bind_logging:
+  enable: true
+  channels:
+  - channel: general
+    file: "data/general.log"
+    versions: 3
+    size: 10M
+    print_time: true           # true | false
+    print_category: true
+    print_severity: true
+    severity: dynamic          # critical | error | warning | notice | info | debug [level] | dynamic
+  - channel: query
+    file: "data/query.log"
+    versions: 5
+    size: 10M
+    print_time: ""          # true | false
+    severity: info          #
+  - channel: dnssec
+    file: "data/dnssec.log"
+    versions: 5
+    size: 10M
+    print_time: ""          # true | false
+    severity: info          #
+  - channel: notify
+    file: "data/notify.log"
+    versions: 5
+    size: 10M
+    print_time: ""          # true | false
+    severity: info          #
+  - channel: transfers
+    file: "data/transfers.log"
+    versions: 5
+    size: 10M
+    print_time: ""          # true | false
+    severity: info          #
+  - channel: slog
+    syslog: security        # kern | user | mail | daemon | auth | syslog | lpr |
+                            # news | uucp | cron | authpriv | ftp |
+                            # local0 | local1 | local2 | local3 |
+                            # local4 | local5 | local6 | local7
+    # file: "data/transfers.log"
+    #versions: 5
+    #size: 10M
+    print_time: ""          # true | false
+    severity: info          #
+  categories:
+    "xfer-out":
+      - transfers
+      - slog
+    "xfer-in":
+      - transfers
+      - slog
+    notify:
+      - notify
+    "lame-servers":
+      - general
+    config:
+      - general
+    default:
+      - general
+    security:
+      - general
+      - slog
+    dnssec:
+      - dnssec
+    queries:
+      - query
\ No newline at end of file