Jose
6c75e2910b
Added a new line to the `resolv.conf.j2` template to specify the Ansible-managed DNS server (`{{ addc_ansible_host }}`). This ensures that the system uses both the local host and the managed DNS server for DNS resolution.
37 lines
1.3 KiB
Django/Jinja
37 lines
1.3 KiB
Django/Jinja
# This configuration file is managed by Ansible.
|
|
# It is configured to run as an Active Directory Domain Controller.
|
|
|
|
# Enable kernel time discipline (important for a DC)
|
|
tos maxclock 10
|
|
|
|
# Use your own local clock as a reliable fallback/default
|
|
# Local clock. Note that is not the "localhost" address!
|
|
server 127.127.1.0 # Undisciplined local clock
|
|
fudge 127.127.1.0 stratum 10
|
|
|
|
# Where to retrieve the time from
|
|
# Optionally, add external sources for greater accuracy (NTP pool)
|
|
# You should choose servers close to your location or use a reliable pool.
|
|
server 0.pool.ntp.org iburst prefer
|
|
server 1.pool.ntp.org iburst prefer
|
|
server 1.pool.ntp.org iburst prefer
|
|
|
|
# Drift file location
|
|
driftfile /var/lib/ntp/ntp.drift
|
|
logfile /var/log/ntp
|
|
ntpsigndsocket {{ ntp_signd_path }}
|
|
|
|
# Access control
|
|
# Default restriction: Allow clients only to query the time
|
|
restrict default kod nomodify notrap nopeer limited mssntp
|
|
|
|
# No restrictions for "localhost"
|
|
restrict 127.0.0.1
|
|
|
|
# Enable the time sources to only provide time to this host
|
|
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
|
|
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
|
|
restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
|
|
|
|
# tell NTP not to panic and exit
|
|
tinker panic 0 |