Use CoreDNS to do recursive CNAME aliasing for AGH

2024-01-02 17:48:47 +00:00 · 2024-01-02 17:48:47 +00:00 · f5154d1683
parent 3ed7074af6
commit f5154d1683
4 changed files with 57 additions and 3 deletions
--- a/ansible/roles/adguardhome/files/Corefile
+++ b/ansible/roles/adguardhome/files/Corefile
@ -0,0 +1,32 @@
+(alias) {
+    errors
+    cancel
+
+    forward . tls://9.9.9.10 {
+       tls_servername dns10.quad9.net
+    }
+
+    hosts {
+        {{ pve_hosts.ingress.external_ip }} pve.sys.theorangeone.net
+        fallthrough
+        ttl 300
+    }
+
+    # HACK: Rewrite the CNAME to itself so it's reprocessed
+    rewrite cname exact pve.sys.theorangeone.net. pve.sys.theorangeone.net.
+}
+
+
+theorangeone.net:5353 {
+    import alias
+}
+
+jakehoward.tech:5353 {
+    import alias
+}
+
+.:5353 {
+    acl {
+        block
+    }
+}
--- a/ansible/roles/adguardhome/files/adguardhome.yml
+++ b/ansible/roles/adguardhome/files/adguardhome.yml
@ -24,6 +24,8 @@ dns:
  refuse_any: true
  upstream_dns:
    - tls://dns10.quad9.net
+    - '[/theorangeone.net/]127.0.0.53:5353'
+    - '[/jakehoward.tech/]127.0.0.53:5353'
  upstream_dns_file: ""
  bootstrap_dns:
    - 9.9.9.10
@ -140,9 +142,7 @@ filtering:
  blocking_mode: default
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
-  rewrites:
-    - domain: pve.sys.theorangeone.net
-      answer: "{{ pve_hosts.ingress.external_ip }}"
+  rewrites: []
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
--- a/ansible/roles/adguardhome/handlers/main.yml
+++ b/ansible/roles/adguardhome/handlers/main.yml
@ -2,4 +2,12 @@
  service:
    name: adguardhome
    state: restarted
+    enabled: true
+  become: true
+
+- name: restart coredns
+  service:
+    name: coredns
+    state: restarted
+    enabled: true
  become: true
--- a/ansible/roles/adguardhome/tasks/main.yml
+++ b/ansible/roles/adguardhome/tasks/main.yml
@ -15,3 +15,17 @@
    mode: "0600"
  notify: restart adguardhome
  become: true
+
+- name: Install coredns
+  kewlfft.aur.aur:
+    name: coredns
+  become: true
+
+- name: Install coredns config file
+  template:
+    src: files/Corefile
+    dest: /etc/coredns/Corefile
+    owner: coredns
+    mode: "0644"
+  notify: restart coredns
+  become: true