Adding DNS role

roles/dns/templates/named.conf.j2

@@ -0,0 +1,29 @@
+// named.conf — authoritative-only configuration for {{ base_domain }}
+// Managed by Ansible — do not edit manually.
+
+options {
+    directory "/var/cache/bind";
+
+    // Authoritative only — no recursion to prevent DNS amplification attacks
+    recursion no;
+    allow-recursion { none; };
+
+    // Accept queries from any source
+    allow-query { any; };
+
+    // Only allow zone transfers to trusted hosts (none by default)
+    allow-transfer { none; };
+
+    // Listen on all interfaces
+    listen-on { any; };
+    listen-on-v6 { any; };
+
+    dnssec-validation no;
+};
+
+// Authoritative zone for the base domain
+zone "{{ base_domain }}" IN {
+    type master;
+    file "/var/lib/bind/{{ base_domain }}.zone";
+    allow-update { none; };
+};