-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathmain.yml
64 lines (64 loc) · 3.04 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
##### DNSMASQ DNS SERVER #####
# list of recursive DNS servers to forward DNS requests to (IP addresses)
# either your own/private recursive DNS resolver, your ISP/hosting provider's resolver, or a public DNS server (https://en.wikipedia.org/wiki/Public_recursive_name_server)
# 2 entries are recommended in case the primary one fails
# Example:
# dnsmasq_upstream_servers:
# - 1.1.1.1 # https://en.wikipedia.org/wiki/1.1.1.1
# - 1.0.0.1 # https://en.wikipedia.org/wiki/1.1.1.1
# - 8.8.8.8 # https://en.wikipedia.org/wiki/Google_Public_DNS
# - 8.8.4.4 # https://en.wikipedia.org/wiki/Google_Public_DNS
# - 80.67.169.12 # https://www.fdn.fr/actions/dns/
# - 80.67.169.40 # https://www.fdn.fr/actions/dns/
dnsmasq_upstream_servers:
- CHANGEME
- CHANGEME
# List of DNS A records (name, ip)
# Example:
# dnsmasq_records:
# - name: my.example.org # the record name
# ip: 1.2.3.4 # IP address to return for this name
dnsmasq_records: []
# firewall zones for the DNS service (zone, state), if nodiscc.xsrv.common/firewalld role is deployed
# 'zone:' is one of firewalld zones, set 'state:' to 'disabled' to remove the rule (the default is state: enabled)
dnsmasq_firewalld_zones:
- zone: internal
state: enabled
# start/stop the dnsmasq service, enable/disable it on boot (yes/no)
dnsmasq_enable_service: yes
# list of network interfaces dnsmasq should listen on
# leave the list empty [] to listen on all interfaces
# Example:
# dnsmasq_listen_interfaces:
# - eth0
# - eth1
dnsmasq_listen_interfaces: []
# list of IP addresses dnsmasq should listen on
# leave the list empty [] to listen on all addresses
# Example:
# dnsmasq_listen_addresses:
# - 127.0.0.1
dnsmasq_listen_addresses: []
# use DNSSEC to validate answers to DNS queries (yes/no)
# if enabled, dig @127.0.1.1 dnssec-failed.org should return SERVFAIL
dnsmasq_dnssec: yes
# log DNS queries prcessed by dnsmasq (VERY verbose) (no/yes)
dnsmasq_log_queries: no
# URL of a DNS blocklist to download and load into dnsmasq
# Examples:
# https://raw.githubusercontent.com/hagezi/dns-blocklists/main/dnsmasq/pro.txt (dnsmasq format)
# https://raw.githubusercontent.com/hagezi/dns-blocklists/main/hosts/pro.txt (hosts format)
# https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (hosts format)
# see also https://github.com/hagezi/dns-blocklists/, https://github.com/StevenBlack/hosts, https://firebog.net/
dnsmasq_blocklist_url: "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/dnsmasq/pro.txt" # dnsmasq format
# blocklist mode (hosts/dnsmasq/disabled)
# hosts: parse the blocklist as standard linux hosts file (the file must be formatted as a valid hosts file)
# dnsmasq: parse the blocklist as dnsmasq configuration file (the file must be formatted as a valid dnsmasq configuration file)
# disabled: don't download or parse any blocklist
dnsmasq_blocklist_mode: disabled
# list of domain names to remove from the blocklist before loading it (aka. excepyions or whitelist)
# Example:
# dnsmasq_blocklist_whitelist
# - example.org
# - requiredforwork.example.com
dnsmasq_blocklist_whitelist: []