ansible-role-dnsmasq

This is a flexible role for setting up dnsmasq. It follows this guiding principle: https://github.com/jriguera/ansible-role-pattern/blob/master/README.md

This role allows you to set up different interfaces for various uses (like DNS, TFTP, etc.) and manage many dnsmasq settings. It can also handle updates to the resolv.conf file.

It works with Ansible 2.0 and is compatible with Ubuntu Trusty, Xenial, and CentOS 7.

Configuration

The default settings are:

dnsmasq_enabled_on_startup: True
# Manage resolv.conf
dnsmasq_resolvconf: False

# Install dnsmasq from the official repositories or directly from OS packages
dnsmasq_os_packages: True

# Required settings
dnsmasq_dhcp: True
dnsmasq_tftp: True

### resolv.conf
#dnsmasq_host_domain: local
#dnsmasq_host_search: local
dnsmasq_host_resolvers: [ "127.0.0.1" ]

# Set where dnsmasq will send system log entries. Default is DAEMON, but LOCAL0 when in debug mode. If this contains a '/', it's treated as a filename instead of logging to syslog. If it's '-', logs to stderr.
dnsmasq_conf_log: /var/log/dnsmasq.log

# Enable asynchronous logging (optional limit on queued lines when syslog writing is slow)
#dnsmasq_conf_log_async:
dnsmasq_conf_log_dns: False

# List of IPs or interfaces to listen on (empty list for all)
dnsmasq_conf_listen: []

# On systems that support it, dnsmasq will bind to all available addresses, discarding unneeded requests.
dnsmasq_conf_bind_interfaces: 'dynamic'


### DNS
# Only accept DNS queries from local subnet (for which a server interface exists).
#dnsmasq_conf_local_service: True

# Do not forward plain names (without a dot or domain).
dnsmasq_conf_domain_needed: True

# Detect DNS forwarding loops.
#dnsmasq_conf_dns_loop_detect: True

# For private IP ranges (like 192.168.x.x), respond with "no such domain" if not found in /etc/hosts or DHCP leases.
# Never forward addresses in non-routed spaces.
dnsmasq_conf_bogus_priv: True

# If you don't want dnsmasq to read /etc/hosts, uncomment this line.
dnsmasq_conf_no_hosts: False

# Additional hosts file in /etc/hosts format (list format)
#dnsmasq_conf_hosts:
# - ["127.0.0.1", "localhost"]
# - ["::1", "ip6-localhost", "ip6-loopback"]
# - ["fe00::0", "ip6-localnet"]
# - ["ff00::0", "ip6-mcastprefix"]
# - ["ff02::1", "ip6-allnodes"]
# - ["ff02::2", "ip6-allrouters"]
# - ["192.168.1.10", "foo.mydomain.org", "foo"]
dnsmasq_conf_hosts: []

# Set the DNS memory cache size here.
cache-size: 1024

# Disable negative caching. This allows dnsmasq to remember "no such domain" responses, avoiding repeated queries.
dnsmasq_conf_negcache: 5

# Ensure dnsmasq tries each query with each server in the order shown in /etc/resolv.conf.
dnsmasq_conf_strict_order: False

# Send all queries to all available servers and return the first reply received.
dnsmasq_conf_all_servers: False

# Specify the file for dnsmasq to read. Leave empty to disable reading resolv.conf.
dnsmasq_conf_resolv: /etc/resolv.conf

# Do not watch /etc/resolv.conf for changes.
dnsmasq_conf_no_poll: False

# If dnsmasq_conf_no_poll is False, clear the DNS cache upon re-reading /etc/resolv.conf or when servers are set via DBus.
dnsmasq_conf_clear_on_reload: True

# Directly specify upstream server IP addresses. This does not prevent reading from /etc/resolv.conf: ['localnet', '192.168.0.1']
# Example for routing PTR queries: this sends all address->name queries for 192.168.3/24 to nameserver 10.1.2.3
# ['3.168.192.in-addr.arpa', '10.1.2.3']
#dnsmasq_conf_servers:
#  - [ "/google.com/", "8.8.8.8" ]
#  - "8.8.4.4"
dnsmasq_conf_servers: [ "8.8.8.8", "8.8.4.4" ]

# Define MX records pointing to local machines or a specified server.
#dnsmasq_conf_mx: servername
#dnsmasq_conf_mx_domain: {{ hostvars['k4.ww.mens.de'].dnsmasq_conf_mx_pref: 1

# Add A, AAAA, and PTR records to DNS. This links names with appropriate IP records.
#dnsmasq_conf_host_records:
#  -[]

# Define the DNS zone for which dnsmasq will act as the authoritative server.
#dnsmasq_conf_auth_zone: []


### DHCP

# Log extra information about DHCP transactions.
dnsmasq_conf_log_dhcp: False

# Set the domain for dnsmasq. This allows DHCP hosts to have fully qualified names.
dnsmasq_conf_domain: '#'

# When the domain is set, only the qualified name is placed in the DNS.
dnsmasq_conf_dhcp_fqdn: True

# Set this when dnsmasq is the only DHCP server in the network.
dnsmasq_conf_dhcp_authoritative: True

# Dnsmasq selects IP addresses for DHCP clients using a hash of the client's MAC address.
dnsmasq_conf_dhcp_sequential_ip: True

# Prevent re-use of DHCP extra option space.
dnsmasq_conf_dhcp_no_override: True

# Uncomment to enable DHCP server; specify the address range and optionally a lease time. Repeat for multiple networks.
#dnsmasq_conf_dhcp: []
#dnsmasq_conf_dhcp:
#   - device: eth0:
#     range: [192.168.1.80, 192.168.1.150, infinite]
#     option: []
#     ignore_names: True
#     generate_names: True
#     boot: []
#     tftp: /var/lib/tftpboot

# Read DHCP host information from a list or specified local file.
#dnsmasq_conf_dhcp_hosts: []

# Completely stop using the lease database file (no creation, reading, or writing).
dnsmasq_conf_dhcp_leasefile_ro: False

# Run a specified script whenever a DHCP lease is created, destroyed, or a TFTP file transfer completes.
#dnsmasq_conf_dhcp_script: files/program.bin


### TFTP

# Enable secure mode for TFTP to limit file access.
dnsmasq_conf_tftp_secure: False

# Convert TFTP request filenames to lowercase (useful for Windows machines).
dnsmasq_conf_tftp_lowercase: True

# Set the maximum number of concurrent TFTP connections.
dnsmasq_conf_tftp_max: 50

# Prevent the TFTP server from negotiating the "blocksize" option with a client.
dnsmasq_conf_tftp_no_blocksize: False

You can change these default parameters by setting role variables. Check the example in site.yml with Vagrant and test using vagrant up.

In addition to managing dnsmasq, this role can control the /etc/resolv.conf file if you set dnsmasq_resolvconf: true and define the dnsmasq_host_* parameters.

Author

José Riguera López jriguera@gmail.com