dhcp: ask clients to use our DNS servers

group_vars/all/vars.yml

@@ -36,3 +36,17 @@ monitoring_mail: 'monitoring.aurore@lists.crans.org'
 matrix_webhooks_secret: "{{ vault_matrix_webhooks_secret }}"
 matrix_discord_client_id: "559305991494303747"
 matrix_discord_bot_token: "{{ vault_matrix_discord_bot_token }}"
+
+###
+# DNS
+###
+
+# Dernier octet (en décimal) de l'addresse des serveurs DNS récursifs de chaque
+# résidence.
+dns_host_suffix: 253
+
+upstream_dns_servers:
+  - "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr)
+  - "1.1.1.1" # Cloudflare
+
+

network.yml

@@ -17,8 +17,6 @@
 
 # Deploy unbound DNS server (recursive).
 - hosts: recursive_dns
-  vars:
-    - dns_host_suffix: 253
   roles:
     - unbound
 

roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2

@@ -1,4 +1,3 @@
-# dhcpd.conf
 # {{ ansible_managed }}
 
 default-lease-time 86400;
@@ -8,8 +7,6 @@ max-lease-time 86400;
 
 # The MTU theoretically could go as high as 1496 (4-byte VLAN tag).
 option interface-mtu 1400;
-# XXX: hardcoded DNS for now
-option domain-name-servers 80.67.169.12, 1.1.1.1;
 option root-path "/";
 
 # The ddns-updates-style parameter controls whether or not the server will
@@ -24,8 +21,6 @@ authoritative;
 
 log-facility local7;
 
-
-# TODO: move this failover peer declaration to a separate file and include it.
 {% if dhcp_failover is defined %}
 include "/etc/dhcp/dhcp-failover.conf";
 {% endif %}
@@ -38,6 +33,8 @@ subnet 10.{{ subnet_ids.ap }}.0.0 netmask 255.255.0.0 {
        option routers 10.{{ subnet_ids.ap }}.0.250;
        option domain-name "borne.auro.re";
        option domain-search "borne.auro.re";
+
+       option domain-name-servers 10.{{ subnet_ids.ap }}.0.253, {{ upstream_dns_servers|join(', ') }};
        include "/var/local/re2o-services/dhcp/generated/dhcp.borne.auro.re.list";
 
        deny unknown-clients;
@@ -51,6 +48,9 @@ subnet 10.{{ subnet_ids.users_wired }}.0.0 netmask 255.255.0.0 {
        option routers 10.{{ subnet_ids.users_wired }}.0.240;
        option domain-name "fil.{{ apartment_block }}.auro.re";
        option domain-search "auro.re";
+
+       option domain-name-servers 10.{{ subnet_ids.users_wired }}.0.253, {{ upstream_dns_servers|join(', ') }};
+
        include "/var/local/re2o-services/dhcp/generated/dhcp.fil.{{ apartment_block }}.auro.re.list";
 
        deny unknown-clients;
@@ -65,6 +65,9 @@ subnet 10.{{ subnet_ids.users_wifi }}.0.0 netmask 255.255.0.0 {
        option routers 10.{{ subnet_ids.users_wifi }}.0.240;
        option domain-name "wifi.{{ apartment_block }}.auro.re";
        option domain-search "auro.re";
+
+       option domain-name-servers 10.{{ subnet_ids.users_wifi }}.0.253, {{ upstream_dns_servers|join(', ') }};
+
        include "/var/local/re2o-services/dhcp/generated/dhcp.wifi.{{ apartment_block }}.auro.re.list";
 
        pool {
@@ -76,4 +79,3 @@ subnet 10.{{ subnet_ids.users_wifi }}.0.0 netmask 255.255.0.0 {
        }
 }
 
-