ansible-role-bind/README.md

# Ansible role: Bind
[![Version](https://img.shields.io/badge/latest_version-1.3.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-bind/releases)
[![Build Status](https://travis-ci.org/nishiki/ansible-role-bind.svg?branch=master)](https://travis-ci.org/nishiki/ansible-role-bind)
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-bind/src/branch/master/LICENSE)

Install and configure bind with dnssec

## Requirements

* Ansible >= 2.9
* bind version >= 9.8
* Debian
  * Bullseye
  * Bookworm

## Role variables

* `bind_options` - hash general bind options
* `bind_zones` - the dns zones
* `bind_dnssec` - hash with dnssec configuration
* `bind_zones_subset` array to use in `extra-vars` with the list zones to update
* `bind_listen_ipv4` - enable or disable ip v4 support (default: true)
* `bind_listen_ipv6` - enable or disable ip v6 support (default: true)

## How to use

* `group_vars/dns-server/bind`

```
bind_options:
  server-id: '"1"'

bind_zones:
  test.local:
    ns_primary: ns1.test.local
    mail: root@test.local
    serial: 2017092202
    options:
      auto-dnssec: maintain
      inline-signing: yes
    records:
      - { name: '@', type: ns, value: localhost. }
      - { name: hello, type: a, ttl: 5m, value: 1.2.3.4 }
      - { name: hello, type: caa, flag: 0, tag: issue, value: letsencrypt.org }
      - { name: hello, type: srv, priority: 0, weight: 5, port: 80, value: www }
  hello.local:
    ns_primary: ns1.hello.local
    mail: root@hello.local
    serial: 2017092201
    dnssec: no
    state: disabled
    records:
      - { name: '@', type: ns, value: localhost. }
      - { name: hello, type: a, value: 4.3.2.1 }
```

* `group_vars/dns-server/dnssec`

```
bind_dnssec:
  test.local: 
    ksk:
      algorithm: 8
      digest: 3
      tag: 63805
      public_key: AwEAAbA3M8p+Cpf4k6mZKK8mb1eSIF8yDWXnpmI+i/Jm6CtIYMSigZ4B bmnN+r/SdpeeaPCP5RRZDO/6U0xs2zwPeLs=
      private_key: !vault |
        $ANSIBLE_VAULT;1.1;AES256
        33373964393565343638363964366133663235653931386664343435326362333031323130363362
        [...]
        65616337363634636365386166643133373331336333376430353663303563346236316532336532
        62376530646231346237
    zsk:
      algorithm: 8
      digest: 3
      tag: 11346
      public_key: AwEAAd9SkkrJQl4tOsK3zgtfZwmSJBzxU/NjApDZiKo6AVYVhDun6IIl Q/axOe901o+x/iUVwIs7cOMA5Z/h/8G8bq8=
      private_key: !vault |
        $ANSIBLE_VAULT;1.1;AES256
        37323036613735396364323363323464393731626466616262613033656264343765306238353934
        [...]
        38653039306430393564346636323966373265343032623430353765646639366536663566653836
        32643931393165643236

```

* playbook

```
- hosts: dns-server
  roles:
    - bind 
```

## Development

### Test with molecule and docker

* install [docker](https://docs.docker.com/engine/installation/)
* install `python3` and `python3-pip`
* install molecule and dependencies `pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint`
* run `molecule test`

## License

```
Copyright (c) 2017 Adrien Waksberg

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```
first version 2017-10-08 12:55:01 +00:00			`# Ansible role: Bind`
release: version 1.3.0 2020-02-12 21:03:14 +00:00			`[![Version](https://img.shields.io/badge/latest_version-1.3.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-bind/releases)`
first version 2017-10-08 12:55:01 +00:00			`[![Build Status](https://travis-ci.org/nishiki/ansible-role-bind.svg?branch=master)](https://travis-ci.org/nishiki/ansible-role-bind)`
chore: minor change in the readme 2018-09-07 18:28:13 +00:00			`[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-bind/src/branch/master/LICENSE)`
first version 2017-10-08 12:55:01 +00:00
			`Install and configure bind with dnssec`

			`## Requirements`

feat: add debian 12 support 2023-06-30 09:03:50 +00:00			`* Ansible >= 2.9`
chore: use new docker image for the tests 2018-08-28 07:18:10 +00:00			`* bind version >= 9.8`
feat: add debian 12 support 2023-06-30 09:03:50 +00:00			`* Debian`
			`* Bullseye`
			`* Bookworm`
first version 2017-10-08 12:55:01 +00:00
			`## Role variables`

feat: add bind_options variable 2018-03-21 19:30:11 +00:00			* `bind_options` - hash general bind options
chore: update readme 2018-03-17 21:19:41 +00:00			* `bind_zones` - the dns zones
feat: refactor dnssec 2018-10-07 10:57:36 +00:00			* `bind_dnssec` - hash with dnssec configuration
feat: add bind_zones_subnet for extra-vars 2018-05-26 07:51:21 +00:00			* `bind_zones_subset` array to use in `extra-vars` with the list zones to update
chore: update readme 2018-03-17 21:19:41 +00:00			* `bind_listen_ipv4` - enable or disable ip v4 support (default: true)
			* `bind_listen_ipv6` - enable or disable ip v6 support (default: true)
first version 2017-10-08 12:55:01 +00:00
			`## How to use`

feat: refactor dnssec 2018-10-07 10:57:36 +00:00			* `group_vars/dns-server/bind`
fix: minor change in the readme 2018-08-28 08:03:54 +00:00
			```
feat: add bind_options variable 2018-03-21 19:30:11 +00:00			`bind_options:`
			`server-id: '"1"'`
fix: new examples in README 2017-10-15 07:17:28 +00:00
			`bind_zones:`
			`test.local:`
			`ns_primary: ns1.test.local`
			`mail: root@test.local`
			`serial: 2017092202`
feat: add bind_options variable 2018-03-21 19:30:11 +00:00			`options:`
			`auto-dnssec: maintain`
			`inline-signing: yes`
chore: rename entries by records 2018-03-17 10:07:20 +00:00			`records:`
fix: new examples in README 2017-10-15 07:17:28 +00:00			`- { name: '@', type: ns, value: localhost. }`
feat: add ttl for record 2018-03-16 23:36:43 +00:00			`- { name: hello, type: a, ttl: 5m, value: 1.2.3.4 }`
feat: add caa record 2018-03-17 09:47:25 +00:00			`- { name: hello, type: caa, flag: 0, tag: issue, value: letsencrypt.org }`
feat: add options for SRV record 2018-05-25 11:06:21 +00:00			`- { name: hello, type: srv, priority: 0, weight: 5, port: 80, value: www }`
fix: new examples in README 2017-10-15 07:17:28 +00:00			`hello.local:`
			`ns_primary: ns1.hello.local`
			`mail: root@hello.local`
			`serial: 2017092201`
			`dnssec: no`
feat: remove old zones files 2018-03-31 15:50:50 +00:00			`state: disabled`
chore: rename entries by records 2018-03-17 10:07:20 +00:00			`records:`
fix: new examples in README 2017-10-15 07:17:28 +00:00			`- { name: '@', type: ns, value: localhost. }`
			`- { name: hello, type: a, value: 4.3.2.1 }`
fix: minor change in the readme 2018-08-28 08:03:54 +00:00			```
fix: new examples in README 2017-10-15 07:17:28 +00:00
feat: refactor dnssec 2018-10-07 10:57:36 +00:00			* `group_vars/dns-server/dnssec`

			```
			`bind_dnssec:`
			`test.local:`
			`ksk:`
			`algorithm: 8`
			`digest: 3`
			`tag: 63805`
			`public_key: AwEAAbA3M8p+Cpf4k6mZKK8mb1eSIF8yDWXnpmI+i/Jm6CtIYMSigZ4B bmnN+r/SdpeeaPCP5RRZDO/6U0xs2zwPeLs=`
			`private_key: !vault \|`
			`$ANSIBLE_VAULT;1.1;AES256`
			`33373964393565343638363964366133663235653931386664343435326362333031323130363362`
			`[...]`
			`65616337363634636365386166643133373331336333376430353663303563346236316532336532`
			`62376530646231346237`
			`zsk:`
			`algorithm: 8`
			`digest: 3`
			`tag: 11346`
			`public_key: AwEAAd9SkkrJQl4tOsK3zgtfZwmSJBzxU/NjApDZiKo6AVYVhDun6IIl Q/axOe901o+x/iUVwIs7cOMA5Z/h/8G8bq8=`
			`private_key: !vault \|`
			`$ANSIBLE_VAULT;1.1;AES256`
			`37323036613735396364323363323464393731626466616262613033656264343765306238353934`
			`[...]`
			`38653039306430393564346636323966373265343032623430353765646639366536663566653836`
			`32643931393165643236`

			```

chore: update readme 2018-03-17 21:19:41 +00:00			`* playbook`
fix: new examples in README 2017-10-15 07:17:28 +00:00
first version 2017-10-08 12:55:01 +00:00			```
			`- hosts: dns-server`
			`roles:`
			`- bind`
			```

			`## Development`
test: replace kitchen to molecule 2020-03-01 14:27:42 +00:00
			`### Test with molecule and docker`
first version 2017-10-08 12:55:01 +00:00
chore: update readme 2018-03-17 21:19:41 +00:00			`* install [docker](https://docs.docker.com/engine/installation/)`
test: replace kitchen to molecule 2020-03-01 14:27:42 +00:00			* install `python3` and `python3-pip`
			* install molecule and dependencies `pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint`
			* run `molecule test`
feat: add license in README 2017-10-15 00:27:10 +00:00
			`## License`

			```
			`Copyright (c) 2017 Adrien Waksberg`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			```