2017-10-08 12:55:01 +00:00
|
|
|
# Ansible role: Bind
|
2024-05-07 07:23:55 +00:00
|
|
|
|
|
|
|
[![Version](https://img.shields.io/badge/latest_version-1.3.0-green.svg)](https://code.waks.be/nishiki/ansible-role-bind/releases)
|
|
|
|
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-bind/src/branch/main/LICENSE)
|
2024-05-09 08:58:57 +00:00
|
|
|
[![Build](https://code.waks.be/nishiki/ansible-role-bind/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-bind/actions?workflow=molecule.yml)
|
2017-10-08 12:55:01 +00:00
|
|
|
|
|
|
|
Install and configure bind with dnssec
|
|
|
|
|
|
|
|
## Requirements
|
|
|
|
|
2024-05-07 07:23:55 +00:00
|
|
|
- Ansible >= 2.9
|
|
|
|
- bind version >= 9.8
|
|
|
|
- Debian
|
|
|
|
- Bullseye
|
|
|
|
- Bookworm
|
2017-10-08 12:55:01 +00:00
|
|
|
|
|
|
|
## Role variables
|
|
|
|
|
2024-05-07 07:23:55 +00:00
|
|
|
- `bind_options` - hash general bind options
|
|
|
|
- `bind_zones` - the dns zones
|
|
|
|
- `bind_dnssec` - hash with dnssec configuration
|
|
|
|
- `bind_zones_subset` array to use in `extra-vars` with the list zones to update
|
|
|
|
- `bind_listen_ipv4` - enable or disable ip v4 support (default: true)
|
|
|
|
- `bind_listen_ipv6` - enable or disable ip v6 support (default: true)
|
2017-10-08 12:55:01 +00:00
|
|
|
|
|
|
|
## How to use
|
|
|
|
|
2024-05-07 07:23:55 +00:00
|
|
|
- `group_vars/dns-server/bind`
|
2018-08-28 08:03:54 +00:00
|
|
|
|
|
|
|
```
|
2018-03-21 19:30:11 +00:00
|
|
|
bind_options:
|
|
|
|
server-id: '"1"'
|
2017-10-15 07:17:28 +00:00
|
|
|
|
|
|
|
bind_zones:
|
|
|
|
test.local:
|
|
|
|
ns_primary: ns1.test.local
|
|
|
|
mail: root@test.local
|
|
|
|
serial: 2017092202
|
2018-03-21 19:30:11 +00:00
|
|
|
options:
|
|
|
|
auto-dnssec: maintain
|
|
|
|
inline-signing: yes
|
2018-03-17 10:07:20 +00:00
|
|
|
records:
|
2017-10-15 07:17:28 +00:00
|
|
|
- { name: '@', type: ns, value: localhost. }
|
2018-03-16 23:36:43 +00:00
|
|
|
- { name: hello, type: a, ttl: 5m, value: 1.2.3.4 }
|
2018-03-17 09:47:25 +00:00
|
|
|
- { name: hello, type: caa, flag: 0, tag: issue, value: letsencrypt.org }
|
2018-05-25 11:06:21 +00:00
|
|
|
- { name: hello, type: srv, priority: 0, weight: 5, port: 80, value: www }
|
2017-10-15 07:17:28 +00:00
|
|
|
hello.local:
|
|
|
|
ns_primary: ns1.hello.local
|
|
|
|
mail: root@hello.local
|
|
|
|
serial: 2017092201
|
|
|
|
dnssec: no
|
2018-03-31 15:50:50 +00:00
|
|
|
state: disabled
|
2018-03-17 10:07:20 +00:00
|
|
|
records:
|
2017-10-15 07:17:28 +00:00
|
|
|
- { name: '@', type: ns, value: localhost. }
|
|
|
|
- { name: hello, type: a, value: 4.3.2.1 }
|
2018-08-28 08:03:54 +00:00
|
|
|
```
|
2017-10-15 07:17:28 +00:00
|
|
|
|
2024-05-07 07:23:55 +00:00
|
|
|
- `group_vars/dns-server/dnssec`
|
2018-10-07 10:57:36 +00:00
|
|
|
|
|
|
|
```
|
|
|
|
bind_dnssec:
|
2024-05-07 07:23:55 +00:00
|
|
|
test.local:
|
2018-10-07 10:57:36 +00:00
|
|
|
ksk:
|
|
|
|
algorithm: 8
|
|
|
|
digest: 3
|
|
|
|
tag: 63805
|
|
|
|
public_key: AwEAAbA3M8p+Cpf4k6mZKK8mb1eSIF8yDWXnpmI+i/Jm6CtIYMSigZ4B bmnN+r/SdpeeaPCP5RRZDO/6U0xs2zwPeLs=
|
|
|
|
private_key: !vault |
|
|
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
|
|
33373964393565343638363964366133663235653931386664343435326362333031323130363362
|
|
|
|
[...]
|
|
|
|
65616337363634636365386166643133373331336333376430353663303563346236316532336532
|
|
|
|
62376530646231346237
|
|
|
|
zsk:
|
|
|
|
algorithm: 8
|
|
|
|
digest: 3
|
|
|
|
tag: 11346
|
|
|
|
public_key: AwEAAd9SkkrJQl4tOsK3zgtfZwmSJBzxU/NjApDZiKo6AVYVhDun6IIl Q/axOe901o+x/iUVwIs7cOMA5Z/h/8G8bq8=
|
|
|
|
private_key: !vault |
|
|
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
|
|
37323036613735396364323363323464393731626466616262613033656264343765306238353934
|
|
|
|
[...]
|
|
|
|
38653039306430393564346636323966373265343032623430353765646639366536663566653836
|
|
|
|
32643931393165643236
|
|
|
|
|
|
|
|
```
|
|
|
|
|
2024-05-07 07:23:55 +00:00
|
|
|
- playbook
|
2017-10-15 07:17:28 +00:00
|
|
|
|
2017-10-08 12:55:01 +00:00
|
|
|
```
|
|
|
|
- hosts: dns-server
|
|
|
|
roles:
|
2024-05-07 07:23:55 +00:00
|
|
|
- bind
|
2017-10-08 12:55:01 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
## Development
|
2020-03-01 14:27:42 +00:00
|
|
|
|
|
|
|
### Test with molecule and docker
|
2017-10-08 12:55:01 +00:00
|
|
|
|
2024-05-07 07:23:55 +00:00
|
|
|
- install [docker](https://docs.docker.com/engine/installation/)
|
|
|
|
- install `python3` and `python3-pip`
|
|
|
|
- install molecule and dependencies `pip3 install molecule 'molecule[docker]' docker ansible-lint testinfra yamllint`
|
|
|
|
- run `molecule test`
|
2017-10-15 00:27:10 +00:00
|
|
|
|
|
|
|
## License
|
|
|
|
|
|
|
|
```
|
|
|
|
Copyright (c) 2017 Adrien Waksberg
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
```
|