Skip to content
Snippets Groups Projects
Select Git revision
  • devel
  • stable default protected
2 results
Compare
Name Last commit Last update
defaults
files
handlers
meta
molecule/default
tasks
templates
tests
vars
.gitignore
LICENSE.md
README.md
README.md

Description

This role is the top level package of all dns categorised software and does not provide a special software product.

Requirements

Variables

  • dns_hostsfiles

    • description:
      • This option represents a dictionary with a network class as key and a path to a hosts(5) file as value (see general variables network.classes).
      • Devices which are managed by Ansible should be ignored in these hosts(5) files.
    • default: {}
    • example: dns_hostsfiles: {"public": "/path/to/hosts_public", "internal": "/path/to/hosts_internal"}

  • dns_use_dnssec

    • description:
      • Is set to True if dnssec to be used by dns software.
    • default: False
    • note: A server software needs a valid certificate (dns_dnssec_certificate) too.

  • dns_dnssec_certificate

    • description:
      • A path to a valid certificate for dnssec.
    • default: ""
    • note: dns_use_dnssec must be set to True.

  • dns_master_servers

    • description:
      • A list of all master servers.
    • default: []
    • note: If list is empty, then all servers run in master mode.

  • dns_slave_servers

    • description:
      • A list of all slave servers.
    • default: []
    • note: If list is empty, then all servers run in master mode.

  • dns_forward_servers

    • description:
      • This options contains a IP list of all used forward server
    • default: []

  • dns_refresh_time

    • description:
      • How long in seconds a nameserver should wait prior to checking for a Serial Number increase within the primary zone file.
    • default: 3600

  • dns_retry_time

    • description:
      • How long in seconds a nameserver should wait prior to retrying to update a zone after a failed attempt.
    • default: 600

  • dns_expire_time

    • description:
      • How long in seconds a nameserver should wait prior to considering data from a secondary zone invalid and stop answering queries for that zone.
    • default: 6048000

  • dns_minimum_ttl:

    • description:
      • How long in seconds that a nameserver or resolver should cache a negative response.
    • default: 1800

  • dns_backend

    • description:
      • This option specifies the used dns server backend.
      • The backend depends on the server product and does not need to be defined if there is none.

  • dns_db_host

    • description:
      • This option specifies a database-providing host.
      • The option depends on the server product and does not need to be defined if there is none.

  • dns_db_user

    • description:
      • This option specifies a database user.
      • The option depends on the server product and does not need to be defined if there is none.

  • dns_db_password

    • description:
      • This option specifies a password for the database user.
      • The option depends on the server product and does not need to be defined if there is none.

  • dns_db_dbname

    • description:
      • This option specifies the name of database.
      • The option depends on the server product and does not need to be defined if there is none.

  • dns_reverse_zones

    • description:
      • This option contains the reverse zones of all managed networks.
      • Each reverse zone is determinated by the gateway and prefix of a network.
      • Only IPv4 is currently supported.
      • It is autogenerated.

  • dns_domains

    • description:
      • This option contains the DNS domain names of all managed networks.
      • It is autogenerated.

  • dns_acls:

    • description:
      • This option contains access control lists for global and zone specific access.
      • The two child keys are "groups" and "permissions".
      • The groups key contains a dictionary of acl groups. The key of every entries is an arbitrary name, execpt the names "any" and "none". The values are lists of IP addresses or IP networks.
      • The premissions key contains a dictionary of actions for the different zones. The keys of the dictionary represent the domain name to which the authorisation are to apply. The key name "global" represents the global settings and must not be used. The value is also a dictionary with following key entries:
        • recursion: Specifies hosts which are allowed to make recursive queries.
        • query: Specifies hosts which are allowed to ask ordinary DSN questions. Default: any
        • transfer: Specifies hosts which are allowed to receive zone transfers from a server.
    • example:
            dns_acls:
              groups:
                internal:
                  - 192.168.0.2/24
                  - 192.168.0.3/24
                external:  
                  - 172.0.1.45/24
                  - 172.0.1.46/24
              permissions:
                global:
                  query: 
                    - any
                example.com:
                  query: 
                    - any
                  recursion: 
                    - external
                  transfer: 
                    - external
                example.local:
                  query: 
                    - any
                  recursion: 
                    - internal
                  transfer:
                    - internal

  • dns_resolver_info:

    • description:
      • This variable is autogenerated and contains informations about the DNS name servers and domains.

  • dns_llmr

    • description:
      • Controls Link-Local Multicast Name Resolution support (RFC 4795) on the local host.
      • If true, enables full LLMNR responder and resolver support.
      • If false, disables both.
      • If set to "resolve", only resolution support is enabled, but responding is disabled.
    • choices: [true,false,resolve]

  • dns_multicastdns

    • description:
      • Controls Multicast DNS support (RFC 6762) on the local host.
      • If true, enables full Multicast DNS responder and resolver support.
      • If false, disables both.
      • If set to "resolve", only resolution support is enabled, but responding is disabled.
    • choices: [true,false,resolve]

  • dns_dnssec

    • description:
      • If true all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS).
      • If set to "allow-downgrade" DNSSEC validation is attempted, but if the server does not support DNSSEC properly, DNSSEC mode is automatically disabled.
      • If set to false, DNS lookups are not DNSSEC validated.If set to false, DNS lookups are not DNSSEC validated.
    • choices: [ture,false,allow-downgrade]
    • default: allow-downgrade

  • dns_dnsovertls

    • description:
      • If true all connections to the server will be encrypted.
      • When set to "opportunistic" DNS request are attempted to send encrypted with DNS-over-TLS.
      • If set to false, DNS lookups are send over UDP.
    • choices: [true,false,opportunistic]
    • default: false

Processes

main

  1. initial autogenerated variables (dns_resolver_info, dns_reverse_zones, dns_domains)
  2. execute main tasks of package

configure

  1. initial autogenerated variables (dns_resolver_info, dns_reverse_zones, dns_domains)

License

BSD-3-Clause

Contributors