dhcp: ask clients to use our DNS servers

This commit is contained in:
Yohaï-Eliel BERREBY 2020-04-18 15:39:32 +02:00
parent f05e92dc5e
commit 7275ebda47
3 changed files with 22 additions and 8 deletions

View file

@ -36,3 +36,17 @@ monitoring_mail: 'monitoring.aurore@lists.crans.org'
matrix_webhooks_secret: "{{ vault_matrix_webhooks_secret }}"
matrix_discord_client_id: "559305991494303747"
matrix_discord_bot_token: "{{ vault_matrix_discord_bot_token }}"
###
# DNS
###
# Dernier octet (en décimal) de l'addresse des serveurs DNS récursifs de chaque
# résidence.
dns_host_suffix: 253
upstream_dns_servers:
- "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr)
- "1.1.1.1" # Cloudflare

View file

@ -17,8 +17,6 @@
# Deploy unbound DNS server (recursive).
- hosts: recursive_dns
vars:
- dns_host_suffix: 253
roles:
- unbound

View file

@ -1,4 +1,3 @@
# dhcpd.conf
# {{ ansible_managed }}
default-lease-time 86400;
@ -8,8 +7,6 @@ max-lease-time 86400;
# The MTU theoretically could go as high as 1496 (4-byte VLAN tag).
option interface-mtu 1400;
# XXX: hardcoded DNS for now
option domain-name-servers 80.67.169.12, 1.1.1.1;
option root-path "/";
# The ddns-updates-style parameter controls whether or not the server will
@ -24,8 +21,6 @@ authoritative;
log-facility local7;
# TODO: move this failover peer declaration to a separate file and include it.
{% if dhcp_failover is defined %}
include "/etc/dhcp/dhcp-failover.conf";
{% endif %}
@ -38,6 +33,8 @@ subnet 10.{{ subnet_ids.ap }}.0.0 netmask 255.255.0.0 {
option routers 10.{{ subnet_ids.ap }}.0.250;
option domain-name "borne.auro.re";
option domain-search "borne.auro.re";
option domain-name-servers 10.{{ subnet_ids.ap }}.0.253, {{ upstream_dns_servers|join(', ') }};
include "/var/local/re2o-services/dhcp/generated/dhcp.borne.auro.re.list";
deny unknown-clients;
@ -51,6 +48,9 @@ subnet 10.{{ subnet_ids.users_wired }}.0.0 netmask 255.255.0.0 {
option routers 10.{{ subnet_ids.users_wired }}.0.240;
option domain-name "fil.{{ apartment_block }}.auro.re";
option domain-search "auro.re";
option domain-name-servers 10.{{ subnet_ids.users_wired }}.0.253, {{ upstream_dns_servers|join(', ') }};
include "/var/local/re2o-services/dhcp/generated/dhcp.fil.{{ apartment_block }}.auro.re.list";
deny unknown-clients;
@ -65,6 +65,9 @@ subnet 10.{{ subnet_ids.users_wifi }}.0.0 netmask 255.255.0.0 {
option routers 10.{{ subnet_ids.users_wifi }}.0.240;
option domain-name "wifi.{{ apartment_block }}.auro.re";
option domain-search "auro.re";
option domain-name-servers 10.{{ subnet_ids.users_wifi }}.0.253, {{ upstream_dns_servers|join(', ') }};
include "/var/local/re2o-services/dhcp/generated/dhcp.wifi.{{ apartment_block }}.auro.re.list";
pool {
@ -76,4 +79,3 @@ subnet 10.{{ subnet_ids.users_wifi }}.0.0 netmask 255.255.0.0 {
}
}