--- - name: Converge hosts: all tasks: - name: Create log directory for BIND ansible.builtin.file: path: /var/log/named state: directory mode: '0755' owner: bind group: bind - name: Include bind9 role ansible.builtin.include_role: name: ../../../ansible-bind9-role # noqa: role-name[path] vars: bind9_backup_config: false bind9_host_config: - name: named.conf.options options: directory: "{{ bind9_working_directory }}" recursion: true allow_query: - any allow_recursion: - 10.0.0.0/8 - 192.168.0.0/16 - 172.16.0.0/12 - localhost - localnets forwarders: - address: 91.239.100.100 tls: censurfridns-anycast - address: 89.233.43.71 tls: censurfridns-unicast forward: first dnssec_validation: auto dnstap: - type: auth - type: resolver log: query - type: client log: response dnstap_output: output_type: file output_file: /var/log/named/dnstap.log size: 20m versions: 3 suffix: increment dnstap_identity: dns-server-01 dnstap_version: 9.18 logging: channels: - name: default_log file: name: /var/log/named/default.log severity: info print_time: true print_severity: true print_category: true - name: security_log file: name: /var/log/named/security.log severity: dynamic print_time: true print_severity: true print_category: true - name: query_log file: name: /var/log/named/queries.log versions: 5 size: 10m severity: info print_time: true - name: dnssec_log file: name: /var/log/named/dnssec.log severity: debug print_time: true print_severity: true - name: rate_limit_log syslog: daemon severity: warning categories: - name: default channels: - default_log - name: general channels: - default_log - name: security channels: - security_log - name: queries channels: - query_log - name: dnssec channels: - dnssec_log - name: rate-limit channels: - rate_limit_log - name: named.conf.local tls: - name: censurfridns-anycast remote_hostname: anycast.uncensoreddns.org - name: censurfridns-unicast remote_hostname: unicast.uncensoreddns.org zones: - name: example.internal type: forward forward: only forwarders: - 10.0.0.53 - 10.0.0.54