-
Notifications
You must be signed in to change notification settings - Fork 0
/
norecursive.yml
33 lines (33 loc) · 966 Bytes
/
norecursive.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
---
- name: Allow recursion for acl
lineinfile:
path: /var/lib/ipadata/etc/named.conf
backrefs: yes
firstmatch: yes
line: '\1allow-recursion { localhost; };'
regexp: '^(.*)allow-recursion { any; };'
state: present
register: allow_acl
- name: Make restrictions for Bind server
blockinfile:
path: /var/lib/ipadata/etc/named.conf
insertafter: '^(.*)allow-recursion { localhost; };'
block: |
/* 8-> */
allow-query { any; };
allow-query-cache { localhost; };
allow-transfer { none; };
rate-limit {
responses-per-second 5;
window 5;
};
/* 8<- */
marker: "/* {mark} Put Bind constraints */"
state: present
register: bind_constrain
- name: Restart FreeIPA if Bind configuration has changed
systemd:
name: freeipa.service
state: restarted
when: allow_acl.changed or bind_constrain.changed
...