Enable DNSSEC

This commit is contained in:
Scott Wallace 2019-05-09 18:18:27 +01:00
parent fb236fed86
commit 993abc81bb

View file

@ -1,3 +1,22 @@
- name: 'DNS: Enable DNSSEC'
tags:
- config
- dns
block:
- name: 'DNS: Enable DNSSEC configuration'
lineinfile:
path: '/etc/systemd/resolved.conf'
state: present
regexp: 'DNSSEC='
line: 'DNSSEC=yes'
become: true
- name: 'DNS: Restart resolver'
systemd:
name: systemd-resolved
state: restarted
become: true
- name: 'IPv6: Privacy' - name: 'IPv6: Privacy'
tags: tags:
- config - config
@ -5,7 +24,7 @@
block: block:
- name: 'IPv6: Privacy: Temporary addressing defaults' - name: 'IPv6: Privacy: Temporary addressing defaults'
lineinfile: lineinfile:
path: "/etc/ufw/sysctl.conf" path: '/etc/ufw/sysctl.conf'
state: present state: present
regexp: "net/ipv6/conf/{{ item }}/use_tempaddr" regexp: "net/ipv6/conf/{{ item }}/use_tempaddr"
line: "net/ipv6/conf/{{ item }}/use_tempaddr=2" line: "net/ipv6/conf/{{ item }}/use_tempaddr=2"