added DNS resolver option powerdns-recursor

roles/nameserver/tasks/configure_powerdns_recursor_snmpd.yml

@@ -0,0 +1,27 @@
+- name: "Nameserver: powerdns-recursor | snmpd | get script"
+  get_url:
+    url: "https://github.com/librenms/librenms-agent/raw/master/snmp/powerdns-recursor"
+    dest: "/etc/snmp/powerdns-recursor"
+    mode: "0755"
+    owner: "root"
+    group: "root"
+
+- name: "Nameserver: powerdns-recursor | snmpd | remove unbound script"
+  file:
+    path: "/etc/snmp/unbound"
+    state: absent
+
+- name: "Nameserver: powerdns-recursor | snmpd | configure extend"
+  lineinfile:
+    path: "{{ snmpd_conf }}"
+    state: present
+    line: "extend powerdns-recursor {{ sudo }} /etc/snmp/powerdns-recursor"
+    insertafter: "# SECTION: Extends"
+  notify: restart_snmpd
+
+- name: "Nameserver: powerdns-recursor | snmpd | remove unbound extend"
+  lineinfile:
+    path: "{{ snmpd_conf }}"
+    state: absent # not required. choices: absent;present. Whether the line should be there or not.
+    line: "extend unbound {{ sudo }} /etc/snmp/unbound"
+  notify: restart_snmpd

roles/nameserver/tasks/configure_unbound_snmpd.yml

@@ -1,4 +1,4 @@
-- name: nameserver | snmpd | get script
+- name: "Nameserver: unbound | snmpd | get script"
   get_url:
     url: "https://github.com/librenms/librenms-agent/raw/master/snmp/unbound"
     dest: "/etc/snmp/unbound"
@@ -6,10 +6,22 @@
     owner: "root"
     group: "root"
 
-- name: nameserver | snmpd | configure extend
+- name: "Nameserver: unbound | snmpd | remove powerdns-recursor script"
+  file:
+    path: "/etc/snmp/powerdns-recursor"
+    state: absent
+
+- name: "Nameserver: unbound | snmpd | configure extend"
   lineinfile:
     path: "{{ snmpd_conf }}"
     state: present
     line: "extend unbound {{ sudo }} /etc/snmp/unbound"
     insertafter: "# SECTION: Extends"
   notify: restart_snmpd
+
+- name: "Nameserver: unbound | snmpd | remove powerdns-recursor extend"
+  lineinfile:
+    path: "{{ snmpd_conf }}"
+    state: absent
+    line: "extend powerdns-recursor {{ sudo }} /etc/snmp/powerdns-recursor"
+  notify: restart_snmpd

roles/nameserver/tasks/install_powerdns_recursor.yml

@@ -0,0 +1,25 @@
+- name: nameserver | powerdns-recursor | install packages
+  package:
+    name: "{{ powerdns-recursor_package }}"
+    state: present
+
+- name: nameserver | powerdns-recursor | copy config
+  template:
+    src: "powerdns-recursor_network.conf.j2"
+    dest: "/etc/powerdns/recursor.d/override.conf"
+    mode: "0644"
+    owner: "root"
+    group: "root"
+    validate: "pdns_recursor --config=check"
+
+- name: nameserver | powerdns-recursor | disable unbound
+  service:
+    name: "unbound"
+    state: stopped
+    enabled: False
+
+- name: nameserver | powerdns-recursor | enable service
+  service:
+    name: "powerdns-recursor"
+    state: started
+    enabled: True

roles/nameserver/tasks/install_unbound.yml

@@ -12,6 +12,12 @@
     group: "root"
     validate: "unbound-checkconf %s"
 
+ name: nameserver | unbound | disable service pdns-resolver
+  service:
+    name: "powerdns-resolver"
+    state: stopped
+    enabled: False
+
 - name: nameserver | unbound | enable service
   service:
     name: "unbound"

roles/nameserver/tasks/main.yml

@@ -6,21 +6,21 @@
   - block:
     - include_tasks: install_unbound.yml
     - include_tasks: configure_unbound_snmpd.yml
-    when: unbound == true
+    when: unbound == true and powerdns_recursor != true
 
   - name: nameserver | unbound | disable systemd-resolved
     include_tasks: disable-systemd-resolved.yml
-    when: bind == true or unbound == true or powerdns == true
+    when: bind == true or unbound == true or powerdns_recursor == true
 
   - block:
     - include_tasks: install_bind.yml
     - include_tasks: configure_bind_snmpd.yml
-    when: bind == true
+    when: bind == true and powerdns_auth != true
 
   - block:
-    - include_tasks: install_powerdns.yml
-    - include_tasks: configure_powerdns_snmpd.yml
-    when: powerdns == true
+    - include_tasks: install_powerdns_recursor.yml
+    - include_tasks: configure_powerdns_recursor_snmpd.yml
+    when: powerdns_recursor == true and unbound != true
 
   rescue:
     - set_fact: task_failed=true

roles/nameserver/templates/powerdns-recursor-custom-config.j2

@@ -0,0 +1,4 @@
+allow-from = 192.168.1.0/24, 192.168.3.0/24, 172.16.0.0/24, 127.0.0.0/8
+local-address += {{ ansible_default_ipv4.address }} {% if wg_local_ip is defined %}, {{ wg_local_ip | ipaddr('address') }} {% else %}
+local-port = {{ pdns-recursor-lport | default("53") }}
+query-local-address = {{ ansible_default_ipv4.address }} {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }} {% else %}

roles/nameserver/vars/debian.yml

@@ -1,9 +1,9 @@
 bind_package: bind9
 unbound_package: unbound
 perl_readbackwards: libfile-readbackwards-perl
-powerdns_server: pdns-server
-powerdns_recursor: pdns-recursor
-powerdns_tools: pdns-tools
+powerdns_server_package: pdns-server
+powerdns_recursor_package: pdns-recursor
+powerdns_tools_package: pdns-tools
 
 powerdns_backends:
   - package: pdns-backend-bind