Install and configure bind with dnssec
Find a file
Benjamen Meyer 8681f17bad Enhancement: Reverse DNS Zone Support
- Incomplete
- Creates the directory for the Reverse DNS Zones
- Fails to copy the files and apply the db-reverse.js template
- Not sure if DNSSEC is applicable on the reverse zone or not
2018-07-07 01:11:46 -04:00
defaults feat: add bind_options variable 2018-03-21 20:30:11 +01:00
handlers fix: use reload for zone changed 2017-10-15 00:52:30 +02:00
meta chore: update meta information for galaxy 2018-03-17 22:09:23 +01:00
tasks Enhancement: Reverse DNS Zone Support 2018-07-07 01:11:46 -04:00
templates Enhancement: Reverse DNS Zone Support 2018-07-07 01:11:46 -04:00
test/integration Enhancement: Reverse DNS Zone Support 2018-07-07 01:11:46 -04:00
.gitignore feat: use kitchen for tests 2017-10-15 23:18:47 +02:00
.kitchen.yml feat: add bind_zones_subnet for extra-vars 2018-05-26 10:22:29 +02:00
.rubocop.yml feat: add Gemfile.lock 2017-10-15 01:09:01 +02:00
.travis.yml fix: travis tests 2018-05-29 21:47:35 +02:00
CHANGELOG.md release: version 1.1.0 2018-03-31 21:32:30 +02:00
Gemfile feat: use kitchen for tests 2017-10-15 23:18:47 +02:00
Gemfile.lock feat: use kitchen for tests 2017-10-15 23:18:47 +02:00
LICENSE fix: add year and name in license file 2018-03-17 11:25:42 +01:00
README.md feat: add bind_zones_subnet for extra-vars 2018-05-26 10:22:29 +02:00

Ansible role: Bind

Version Build Status License

Install and configure bind with dnssec

Requirements

  • bind version >= 9.8

Official support OS

  • Debian
    • stretch
    • jessie

This role can work on Debian derived OS, but it's not our priority.

Role variables

  • bind_role - the role master or slave, don't generate dnssec key on slave
  • bind_options - hash general bind options
  • bind_zones - the dns zones
  • bind_zones_subset array to use in extra-vars with the list zones to update
  • bind_listen_ipv4 - enable or disable ip v4 support (default: true)
  • bind_listen_ipv6 - enable or disable ip v6 support (default: true)

How to use

  • host_vars/dns-master
bind_role: master
  • host_vars/dns-slave
bind_role: slave
  • group_vars/dns-server
bind_listen_ipv6: true
bind_listen_ipv4: true
bind_options:
 server-id: '"1"'

bind_zones:
 test.local:
   ns_primary: ns1.test.local
   mail: root@test.local
   serial: 2017092202
   dnssec: yes
   options:
     key-directory: '"/etc/bind/keys"'
     auto-dnssec: maintain
     inline-signing: yes
   records:
     - { name: '@', type: ns, value: localhost. }
     - { name: hello, type: a, ttl: 5m, value: 1.2.3.4 }
     - { name: hello, type: caa, flag: 0, tag: issue, value: letsencrypt.org }
     - { name: hello, type: srv, priority: 0, weight: 5, port: 80, value: www }
 hello.local:
   ns_primary: ns1.hello.local
   mail: root@hello.local
   serial: 2017092201
   dnssec: no
   state: disabled
   records:
     - { name: '@', type: ns, value: localhost. }
     - { name: hello, type: a, value: 4.3.2.1 }
  • playbook
- hosts: dns-server
  roles:
    - bind 

Development

Tests with docker

  • install docker
  • install ruby
  • install bundler gem install bundler
  • install dependencies bundle install
  • run the tests kitchen test

License

Copyright (c) 2017 Adrien Waksberg

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.