From 7275ebda47f48df7af5d3f553e6c2034bc281dcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yoha=C3=AF-Eliel=20BERREBY?= Date: Sat, 18 Apr 2020 15:39:32 +0200 Subject: [PATCH] dhcp: ask clients to use our DNS servers --- group_vars/all/vars.yml | 14 ++++++++++++++ network.yml | 2 -- roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 | 14 ++++++++------ 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index d55fd60..0cb89fc 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -36,3 +36,17 @@ monitoring_mail: 'monitoring.aurore@lists.crans.org' matrix_webhooks_secret: "{{ vault_matrix_webhooks_secret }}" matrix_discord_client_id: "559305991494303747" matrix_discord_bot_token: "{{ vault_matrix_discord_bot_token }}" + +### +# DNS +### + +# Dernier octet (en décimal) de l'addresse des serveurs DNS récursifs de chaque +# résidence. +dns_host_suffix: 253 + +upstream_dns_servers: + - "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr) + - "1.1.1.1" # Cloudflare + + diff --git a/network.yml b/network.yml index 70c5641..9e8980c 100644 --- a/network.yml +++ b/network.yml @@ -17,8 +17,6 @@ # Deploy unbound DNS server (recursive). - hosts: recursive_dns - vars: - - dns_host_suffix: 253 roles: - unbound diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 index 9b166c2..47da1d9 100644 --- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 +++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 @@ -1,4 +1,3 @@ -# dhcpd.conf # {{ ansible_managed }} default-lease-time 86400; @@ -8,8 +7,6 @@ max-lease-time 86400; # The MTU theoretically could go as high as 1496 (4-byte VLAN tag). option interface-mtu 1400; -# XXX: hardcoded DNS for now -option domain-name-servers 80.67.169.12, 1.1.1.1; option root-path "/"; # The ddns-updates-style parameter controls whether or not the server will @@ -24,8 +21,6 @@ authoritative; log-facility local7; - -# TODO: move this failover peer declaration to a separate file and include it. {% if dhcp_failover is defined %} include "/etc/dhcp/dhcp-failover.conf"; {% endif %} @@ -38,6 +33,8 @@ subnet 10.{{ subnet_ids.ap }}.0.0 netmask 255.255.0.0 { option routers 10.{{ subnet_ids.ap }}.0.250; option domain-name "borne.auro.re"; option domain-search "borne.auro.re"; + + option domain-name-servers 10.{{ subnet_ids.ap }}.0.253, {{ upstream_dns_servers|join(', ') }}; include "/var/local/re2o-services/dhcp/generated/dhcp.borne.auro.re.list"; deny unknown-clients; @@ -51,6 +48,9 @@ subnet 10.{{ subnet_ids.users_wired }}.0.0 netmask 255.255.0.0 { option routers 10.{{ subnet_ids.users_wired }}.0.240; option domain-name "fil.{{ apartment_block }}.auro.re"; option domain-search "auro.re"; + + option domain-name-servers 10.{{ subnet_ids.users_wired }}.0.253, {{ upstream_dns_servers|join(', ') }}; + include "/var/local/re2o-services/dhcp/generated/dhcp.fil.{{ apartment_block }}.auro.re.list"; deny unknown-clients; @@ -65,6 +65,9 @@ subnet 10.{{ subnet_ids.users_wifi }}.0.0 netmask 255.255.0.0 { option routers 10.{{ subnet_ids.users_wifi }}.0.240; option domain-name "wifi.{{ apartment_block }}.auro.re"; option domain-search "auro.re"; + + option domain-name-servers 10.{{ subnet_ids.users_wifi }}.0.253, {{ upstream_dns_servers|join(', ') }}; + include "/var/local/re2o-services/dhcp/generated/dhcp.wifi.{{ apartment_block }}.auro.re.list"; pool { @@ -76,4 +79,3 @@ subnet 10.{{ subnet_ids.users_wifi }}.0.0 netmask 255.255.0.0 { } } -