qburst · qburst-praven · Oct 14, 2025 · Oct 14, 2025 · Oct 14, 2025
@@ -0,0 +1,14 @@
+---
+- name: Configure DNS Server using dnsmasq
+  hosts: dns_servers
+  become: yes
+  vars:
+    dns_domain: qburst.int
+    dns_static_records:
+      - { name: 'server1.qburst.int', ip: '10.0.0.10' }
+      - { name: 'server2.qbutst.int', ip: '10.0.0.11' }
+    dns_listen_addresses:
+      - "127.0.0.1"
+      - "10.0.16.1" # Pls replace with the DNS server's actual IP
+  roles:
+    - role: dns-server
@@ -0,0 +1,73 @@
+# Ansible Role for DNS Server Management
+=========
+
+Ansible playbook to install and configure a DNS server using dnsmasq on an Ubuntu server.
+
+# Requirements
+------------
+
+The role can be executed on any machine having a Debian-based OS with the below packages.
+  - Ansible 
+  - Python
+
+# Role Variables
+--------------
+
+Available variables are listed below (`ansible/dns-server/defaults/main.yml`): 
+
+*   `dns_domain`: The local domain that dnsmasq will serve. (Default: `an.example.com`)
+*   `dns_upstream_servers`: A list of upstream DNS servers to forward queries to. (Default: `['8.8.8.8', '8.8.4.4']`)
+*   `dns_static_records`: A list of dictionaries for static A records. Each dictionary should have `name` and `ip`.
+*   `dns_cname_records`: A list of dictionaries for CNAME records. Each dictionary should have `cname` and `target`.
+
+# Role tasks
+-------------
+
+The `main.yml` in the tasks directory will run the following operations:
+  - Install dnsmasq.
+  - Configure dnsmasq using a template.
+  - Create a directory for custom dnsmasq configurations.
+  - Create configuration files for static and CNAME records from templates.
+  - Ensure the dnsmasq service is started and enabled.
+
+The role also includes a handler to restart the `dnsmasq` service upon configuration changes.
+
+# Dependencies
+------------
+
+There are no external dependencies for this role. Ensure that the target server is an Ubuntu server and is accessible via SSH.
+
+# Example Playbook
+----------------
+
+To use this role, you can create a playbook like the one provided in `ansible/dns-server.yml`:
+
+    ---
+    - name: Configure DNS Server using dnsmasq
+      hosts: dns_servers
+      become: yes
+      roles:
+        - role: dns-server
+
+You can then run the playbook using the following command:
+
+    ansible-playbook ansible/dns-server.yml --extra-vars "hosts=your_host_group"
+
+You would typically define your inventory of `dns_servers` in a separate inventory file.
+
+Here is an example of how you can pass the records:
+
+    ansible-playbook ansible/dns-server.yml -i inventory --extra-vars '{
+      "dns_static_records": [
+        { "name": "host1.an.example.com", "ip": "192.168.1.10" },
+        { "name": "host2.an.example.com", "ip": "192.168.1.11" }
+      ],
+      "dns_cname_records": [
+        { "cname": "alias.an.example.com", "target": "host1.an.example.com" }
+      ]
+    }'
+
+# Author Information
+------------------
+
+QBurst DevOps Team
@@ -0,0 +1,19 @@
+---
+dns_domain: an.example.com
+
+dns_upstream_servers:
+  - 8.8.8.8
+  - 8.8.4.4
+
+dns_static_records:
+  - { name: 'host1.an.example.com', ip: '192.168.1.10' }
+  - { name: 'host2.an.example.com', ip: '192.168.1.11' }
+
+dns_cname_records: []
+#  - { cname: 'alias.an.example.com', target: 'host1.an.example.com' }
+
+# A list of IP addresses for dnsmasq to listen on.
+# By default, it only listens on the loopback interface.
+# Add the server's private IP here to allow other clients to connect.
+dns_listen_addresses:
+  - "127.0.0.1"
@@ -0,0 +1,5 @@
+---
+- name: restart dnsmasq
+  service:
+    name: dnsmasq
+    state: restarted
@@ -0,0 +1,57 @@
+---
+- name: Install dnsmasq
+  apt:
+    name: dnsmasq
+    state: present
+    update_cache: yes
+
+- name: Configure dnsmasq
+  template:
+    src: dnsmasq.conf.j2
+    dest: /etc/dnsmasq.conf
+  notify: restart dnsmasq
+
+- name: Stop systemd-resolved service
+  service:
+    name: systemd-resolved
+    state: stopped
+    enabled: no
+
+- name: Disable systemd-resolved service
+  systemd:
+    name: systemd-resolved
+    enabled: no
+
+- name: Remove /etc/resolv.conf
+  file:
+    path: /etc/resolv.conf
+    state: absent
+
+- name: Create new /etc/resolv.conf
+  copy:
+    content: "nameserver 8.8.8.8\nnameserver 127.0.0.1\n"
+    dest: /etc/resolv.conf
+
+- name: Create directory for custom dnsmasq configs
+  file:
+    path: /etc/dnsmasq.d
+    state: directory
+    mode: '0755'
+
+- name: Create static records file
+  template:
+    src: static-records.conf.j2
+    dest: /etc/dnsmasq.d/static-records.conf
+  notify: restart dnsmasq
+
+- name: Create custom CNAME records file
+  template:
+    src: custom-cname.conf.j2
+    dest: /etc/dnsmasq.d/custom-cname.conf
+  notify: restart dnsmasq
+
+- name: Ensure dnsmasq service is running and enabled
+  service:
+    name: dnsmasq
+    state: started
+    enabled: yes
@@ -0,0 +1,3 @@
+{% for record in dns_cname_records | default([]) %}
+cname={{ record.cname }},{{ record.target }}
+{% endfor %}
@@ -0,0 +1,26 @@
+# Default DNS settings
+port=53
+domain-needed
+bogus-priv
+no-resolv
+strict-order
+
+# Listen addresses
+{% for addr in dns_listen_addresses %}
+listen-address={{ addr }}
+{% endfor %}
+
+# Local domain
+local=/{{ dns_domain }}/
+domain={{ dns_domain }}
+
+# Upstream DNS servers
+{% for server in dns_upstream_servers %}
+server={{ server }}
+{% endfor %}
+
+# Cache size
+cache-size=1000
+
+# Include all .conf files in /etc/dnsmasq.d/
+conf-dir=/etc/dnsmasq.d/,*.conf
@@ -0,0 +1,3 @@
+{% for record in dns_static_records | default([]) %}
+address=/{{ record.name }}/{{ record.ip }}
+{% endfor %}