Disable ipv6 by default

This commit is contained in:
sfigato 2022-03-11 11:43:32 +01:00
parent 8038ad8f2c
commit 4f8e2c9e7a
Signed by: blallo
GPG Key ID: 0CBE577C9B72DC3F
4 changed files with 9 additions and 3 deletions

2
defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
full_dns_ipv6_disabled: true

View File

@ -16,7 +16,7 @@ $TTL {{ main_zone.ttl|default(3600) }}
MX{% if record.opts is defined %} {{ record.opts }}{% endif %} {{ record.value }} MX{% if record.opts is defined %} {{ record.opts }}{% endif %} {{ record.value }}
{% endfor %} {% endfor %}
{{ server.hostname }}. IN A {{ server.public_ip }} {{ server.hostname }}. IN A {{ server.public_ip }}
{% if server.public_ip6 is defined -%} {% if server.public_ip6 is defined and not full_dns_ipv6_disabled -%}
{{ server.hostname }}. IN AAAA {{ server.public_ip6 }} {{ server.hostname }}. IN AAAA {{ server.public_ip6 }}
{% endif %} {% endif %}
{% for satellite in satellites %} {% for satellite in satellites %}

View File

@ -12,7 +12,11 @@ server:
{% endif -%} {% endif -%}
port: {{ server.nsd_port }} port: {{ server.nsd_port }}
do-ip4: {{ 'yes' if server.nsd_addr is defined else 'no' }} do-ip4: {{ 'yes' if server.nsd_addr is defined else 'no' }}
do-ip6: {{ 'yes' if server.nsd_addr6 is defined else 'no' }} {% if server.nsd_addr6 is defined and not full_dns_ipv6_disabled -%}
do-ip6: yes
{% else -%}
do-ip6: no
{% endif %}
hide-version: yes hide-version: yes
refuse-any: {{ server.refuse_any|default('yes') }} refuse-any: {{ server.refuse_any|default('yes') }}
log-only-syslog: yes log-only-syslog: yes

View File

@ -13,7 +13,7 @@ server:
{% else %} {% else %}
do-ip4: no do-ip4: no
{% endif -%} {% endif -%}
{% if server.public_ip6 is defined %} {% if server.public_ip6 is defined and not full_dns_ipv6_disabled %}
do-ip6: yes do-ip6: yes
interface: ::0 interface: ::0
access-control: ::0/0 allow_snoop access-control: ::0/0 allow_snoop