Fixing bind9 config

cubox-m still doesn't respond to outside requests

ansible-5/roles/ns.xai-corp.net/tasks/config_named.yaml

@@ -0,0 +1,77 @@
+---
+# install and configure bind9/named
+
+
+- name: install bind package
+  apt:
+    name: "{{ item }}"
+    #    update_cache: yes
+    #    cache_valid_time: 86400
+    state: latest
+  with_items:
+    - bind9
+
+- name: set correct permissions for logging
+  file:
+    state=directory
+    path=/var/log/named/
+    recurse=yes
+    owner={{ bind.user }}
+    group={{ bind.group }}
+    mode=0777
+
+- name: set correct permissions on cache
+  file:
+    state: directory
+    path: /var/cache/bind/
+    owner: "{{ bind.user }}"
+    group: "{{ bind.group }}"
+    recurse: yes
+
+- name: copy zone files to /etc/bind/
+  template:
+    src: "{{ item }}.j2"
+    dest: /etc/bind/db.{{ item }}
+    owner: "{{ bind.user }}"
+    group: "{{ bind.group }}"
+    mode: 0644
+  with_items: "{{ bind.zonefiles }}"
+  notify:
+    - restart bind
+
+- name: test zone files
+  command: named-checkzone {{ item }}
+  changed_when: false
+  with_items:
+    - xai-corp.net /etc/bind/db.xai-corp.net.internal
+    - 4.168.192.IN-ADDR.ARPA. /etc/bind/db.xai-corp.net.reverse
+
+- name: copy named.confs to /etc/bind/
+  template: src={{ item }}.j2 dest=/etc/bind/{{ item }} owner={{ bind.user }} group={{ bind.group }} mode=0640
+  with_items: "{{ bind.namedfiles }}"
+  notify:
+    - restart bind
+
+- name: test config files
+  command: named-checkconf /etc/bind/{{ item }}
+  changed_when: false
+  with_items: "{{ bind.namedfiles }}"
+
+- name: set named startup options
+  ansible.builtin.copy:
+    content: OPTIONS="-d1"
+    dest: /etc/default/named
+
+- name: set permisions on rndc.key
+  ansible.builtin.file:
+    mode: 644
+    path: /etc/bind/rndc.key
+
+- name: remove old named sysconfig options
+  file:
+    state: absent
+    path: "{{item}}"
+  with_items: "{{ bind.cleanup }}"
+
+- name: Force all notified handlers to run
+  ansible.builtin.meta: flush_handlers

ansible-5/roles/ns.xai-corp.net/tasks/main.yml

@@ -1,48 +1,9 @@
 ---
 # tasks/main.yml
-# define tasks here
 
-- name: install bind package
-  apt:
-    name: "{{ item }}"
-    update_cache: yes
-    cache_valid_time: 86400
-    state: latest
-  with_items:
-    - bind9
+- include_tasks: config_named.yaml
 
-- name: set correct permissions for logging
-  file:
-    state=directory
-    path=/var/log/named/
-    owner={{ bind.user }}
-    group={{ bind.group }}
-    mode=0777
-  notify:
-    - restart bind
-
-- name: copy zone files to /etc/bind/
-  template:
-    src: "{{ item }}.j2"
-    dest: /etc/bind/db.{{ item }}
-    owner: "{{ bind.user }}"
-    group: "{{ bind.group }}"
-    mode: 0644
-  with_items: "{{ bind.zonefiles }}"
-  notify:
-    - restart bind
-
-- name: test zone files
-  command: named-checkzone xai-corp.net /etc/bind/db.xai-corp.net.internal
-  changed_when: false
-
-- name: copy named.confs to /etc/bind/
-  template: src={{ item }}.j2 dest=/etc/bind/{{ item }} owner={{ bind.user }} group={{ bind.group }} mode=0640
-  with_items:
-    - named.conf.local
-    - named.conf.options
-    - named.conf.default-zones
-  notify:
-    - restart bind
+# tests
+- include_tasks: test_named.yaml
 
 - include_tasks: dynamic_ip.yml

ansible-5/roles/ns.xai-corp.net/tasks/test_named.yaml

@@ -0,0 +1,21 @@
+---
+# run tests against nameservers
+
+- name: test local access
+  command: dig @{{item}} google.ca +tcp
+  with_items:
+    - "{{inventory_hostname}}"
+    - "{{inventory_hostname}}.xai-corp.net"
+    - "localhost"
+    - "127.0.0.1"
+  changed_when: false
+
+- name: test dig from {{ansible_play_hosts_all}} names
+  command: dig @{{item}} google.ca +tcp
+  with_items: "{{ansible_play_hosts_all}}"
+  changed_when: false
+
+- name: test dig from {{ansible_play_hosts_all}}.xai-corp.net
+  command: dig @{{item}}.xai-corp.net google.ca +tcp
+  with_items: "{{ansible_play_hosts_all}}"
+  changed_when: false