unbound: bind to the right addresses on backup hosts

group_vars/all/vars.yml

@@ -43,10 +43,10 @@ matrix_discord_bot_token: "{{ vault_matrix_discord_bot_token }}"
 
 # Dernier octet (en décimal) de l'addresse des serveurs DNS récursifs de chaque
 # résidence.
-dns_host_suffix: 253
+dns_host_suffix_main: 253
+dns_host_suffix_backup: 153
 
 upstream_dns_servers:
   - "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr)
   - "1.1.1.1" # Cloudflare
 
-unbound_log_file: "/var/log/unbound.log"

hosts

@@ -156,11 +156,20 @@ gs_pve
 #dhcp-edc.adm.auro.re
 #dhcp-gs.adm.auro.re
 
-[recursive_dns]
+[recursive_dns:children]
+rdns_main
+rdns_backup
+
+[rdns_main]
 dns-fleming.adm.auro.re
-dns-fleming-backup.adm.auro.re
 dns-pacaterie.adm.auro.re
+
+[rdns_backup]
+dns-fleming-backup.adm.auro.re
 dns-pacaterie-backup.adm.auro.re
+
+
+# FIXME:
 #dns-edc.adm.auro.re
 #dns-gs.adm.auro.re
 

roles/unbound/tasks/main.yml

@@ -1,5 +1,15 @@
 ---
 
+# This is used to let unbound bind to the right IP addresses.
+- set_fact:
+    dns_host_suffix: "{{ dns_host_suffix_main }}"
+  when: "'rdns_main' in group_names"
+
+- set_fact:
+    dns_host_suffix: "{{ dns_host_suffix_backup }}"
+  when: "'rdns_backup' in group_names"
+
+
 - name: install unbound
   apt:
     update_cache: true