|
Packit Service |
0f71a7 |
DNSZone Module
|
|
Packit Service |
0f71a7 |
==============
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Description
|
|
Packit Service |
0f71a7 |
-----------
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
The dnszone module allows to configure zones in DNS server.
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Features
|
|
Packit Service |
0f71a7 |
--------
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
* Add, remove, modify, enable or disable DNS zones.
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Supported FreeIPA Versions
|
|
Packit Service |
0f71a7 |
--------------------------
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
FreeIPA versions 4.4.0 and up are supported by ipadnszone module.
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Requirements
|
|
Packit Service |
0f71a7 |
------------
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
**Controller**
|
|
Packit Service |
0f71a7 |
* Ansible version: 2.8+
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
**Node**
|
|
Packit Service |
0f71a7 |
* Supported FreeIPA version (see above)
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Usage
|
|
Packit Service |
0f71a7 |
-----
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
```ini
|
|
Packit Service |
0f71a7 |
[ipaserver]
|
|
Packit Service |
0f71a7 |
ipaserver.test.local
|
|
Packit Service |
0f71a7 |
```
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Example playbook to create a simple DNS zone:
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
```yaml
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
---
|
|
Packit Service |
0f71a7 |
- name: dnszone present
|
|
Packit Service |
0f71a7 |
hosts: ipaserver
|
|
Packit Service |
0f71a7 |
become: true
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
tasks:
|
|
Packit Service |
0f71a7 |
- name: Ensure zone is present.
|
|
Packit Service |
0f71a7 |
ipadnszone:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testzone.local
|
|
Packit Service |
0f71a7 |
state: present
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
```
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Example playbook to create a DNS zone with all currently supported variables:
|
|
Packit Service |
0f71a7 |
```yaml
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
---
|
|
Packit Service |
0f71a7 |
- name: dnszone present
|
|
Packit Service |
0f71a7 |
hosts: ipaserver
|
|
Packit Service |
0f71a7 |
become: true
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
tasks:
|
|
Packit Service |
0f71a7 |
- name: Ensure zone is present.
|
|
Packit Service |
0f71a7 |
ipadnszone:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testzone.local
|
|
Packit Service |
0f71a7 |
allow_sync_ptr: true
|
|
Packit Service |
0f71a7 |
dynamic_update: true
|
|
Packit Service |
0f71a7 |
dnssec: true
|
|
Packit Service |
0f71a7 |
allow_transfer:
|
|
Packit Service |
0f71a7 |
- 1.1.1.1
|
|
Packit Service |
0f71a7 |
- 2.2.2.2
|
|
Packit Service |
0f71a7 |
allow_query:
|
|
Packit Service |
0f71a7 |
- 1.1.1.1
|
|
Packit Service |
0f71a7 |
- 2.2.2.2
|
|
Packit Service |
0f71a7 |
forwarders:
|
|
Packit Service |
0f71a7 |
- ip_address: 8.8.8.8
|
|
Packit Service |
0f71a7 |
- ip_address: 8.8.4.4
|
|
Packit Service |
0f71a7 |
port: 52
|
|
Packit Service |
0f71a7 |
serial: 1234
|
|
Packit Service |
0f71a7 |
refresh: 3600
|
|
Packit Service |
0f71a7 |
retry: 900
|
|
Packit Service |
0f71a7 |
expire: 1209600
|
|
Packit Service |
0f71a7 |
minimum: 3600
|
|
Packit Service |
0f71a7 |
ttl: 60
|
|
Packit Service |
0f71a7 |
default_ttl: 90
|
|
Packit Service |
0f71a7 |
name_server: ipaserver.test.local.
|
|
Packit Service |
0f71a7 |
admin_email: admin.admin@example.com
|
|
Packit Service |
0f71a7 |
nsec3param_rec: "1 7 100 0123456789abcdef"
|
|
Packit Service |
0f71a7 |
skip_overlap_check: true
|
|
Packit Service |
0f71a7 |
skip_nameserver_check: true
|
|
Packit Service |
0f71a7 |
state: present
|
|
Packit Service |
0f71a7 |
```
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Example playbook to disable a zone:
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
```yaml
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
---
|
|
Packit Service |
0f71a7 |
- name: Playbook to disable DNS zone
|
|
Packit Service |
0f71a7 |
hosts: ipaserver
|
|
Packit Service |
0f71a7 |
become: true
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
tasks:
|
|
Packit Service |
0f71a7 |
- name: Disable zone.
|
|
Packit Service |
0f71a7 |
ipadnszone:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testzone.local
|
|
Packit Service |
0f71a7 |
state: disabled
|
|
Packit Service |
0f71a7 |
```
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Example playbook to enable a zone:
|
|
Packit Service |
0f71a7 |
```yaml
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
---
|
|
Packit Service |
0f71a7 |
- name: Playbook to enable DNS zone
|
|
Packit Service |
0f71a7 |
hosts: ipaserver
|
|
Packit Service |
0f71a7 |
become: true
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
tasks:
|
|
Packit Service |
0f71a7 |
- name: Enable zone.
|
|
Packit Service |
0f71a7 |
ipadnszone:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testzone.local
|
|
Packit Service |
0f71a7 |
state: enabled
|
|
Packit Service |
0f71a7 |
```
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Example playbook to remove a zone:
|
|
Packit Service |
0f71a7 |
```yaml
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
---
|
|
Packit Service |
0f71a7 |
- name: Playbook to remove DNS zone
|
|
Packit Service |
0f71a7 |
hosts: ipaserver
|
|
Packit Service |
0f71a7 |
become: true
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
tasks:
|
|
Packit Service |
0f71a7 |
- name: Remove zone.
|
|
Packit Service |
0f71a7 |
ipadnszone:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testzone.local
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
```
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Variables
|
|
Packit Service |
0f71a7 |
=========
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
ipadnszone
|
|
Packit Service |
0f71a7 |
----------
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Variable | Description | Required
|
|
Packit Service |
0f71a7 |
-------- | ----------- | --------
|
|
Packit Service |
0f71a7 |
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
|
|
Packit Service |
0f71a7 |
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
|
|
Packit Service |
0f71a7 |
`name` \| `zone_name` | The zone name string. | yes
|
|
Packit Service |
0f71a7 |
`forwarders` | The list of forwarders dicts. Each `forwarders` dict entry has:| no
|
|
Packit Service |
0f71a7 |
| `ip_address` - The IPv4 or IPv6 address of the DNS server. | yes
|
|
Packit Service |
0f71a7 |
| `port` - The custom port that should be used on this server. | no
|
|
Packit Service |
0f71a7 |
`forward_policy` | The global forwarding policy. It can be one of `only`, `first`, or `none`. | no
|
|
Packit Service |
0f71a7 |
`allow_sync_ptr` | Allow synchronization of forward (A, AAAA) and reverse (PTR) records (bool). | no
|
|
Packit Service |
0f71a7 |
`state` | The state to ensure. It can be one of `present`, `enabled`, `disabled` or `absent`, default: `present`. | yes
|
|
Packit Service |
0f71a7 |
`name_server`| Authoritative nameserver domain name | no
|
|
Packit Service |
0f71a7 |
`admin_email`| Administrator e-mail address | no
|
|
Packit Service |
0f71a7 |
`update_policy`| BIND update policy | no
|
|
Packit Service |
0f71a7 |
`dynamic_update` \| `dynamicupdate` | Allow dynamic updates | no
|
|
Packit Service |
0f71a7 |
`dnssec`| Allow inline DNSSEC signing of records in the zone | no
|
|
Packit Service |
0f71a7 |
`allow_transfer`| List of IP addresses or networks which are allowed to transfer the zone | no
|
|
Packit Service |
0f71a7 |
`allow_query`| List of IP addresses or networks which are allowed to issue queries | no
|
|
Packit Service |
0f71a7 |
`serial`| SOA record serial number | no
|
|
Packit Service |
0f71a7 |
`refresh`| SOA record refresh time | no
|
|
Packit Service |
0f71a7 |
`retry`| SOA record retry time | no
|
|
Packit Service |
0f71a7 |
`expire`| SOA record expire time | no
|
|
Packit Service |
0f71a7 |
`minimum`| How long should negative responses be cached | no
|
|
Packit Service |
0f71a7 |
`ttl`| Time to live for records at zone apex | no
|
|
Packit Service |
0f71a7 |
`default_ttl`| Time to live for records without explicit TTL definition | no
|
|
Packit Service |
0f71a7 |
`nsec3param_rec`| NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt | no
|
|
Packit Service |
0f71a7 |
`skip_overlap_check`| Force DNS zone creation even if it will overlap with an existing zone | no
|
|
Packit Service |
0f71a7 |
`skip_nameserver_check` | Force DNS zone creation even if nameserver is not resolvable | no
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Authors
|
|
Packit Service |
0f71a7 |
=======
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Sergio Oliveira Campos
|