daniel/ansible-bind9-role
1
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Releases Wiki Activity

Compare commits

base: daniel:feature/forwarders-port-tls-support
Branches Tags
daniel:main daniel:test/verify-ci-fix daniel:fix/molecule-default-test daniel:feature/bind9-20-support daniel:9.18 daniel:origin/main daniel:feature/forwarders-port-tls-support
daniel:bind-9.20 daniel:bind-9.18
...
compare: daniel:0271be77528712f3e140de94e4519e94009e66c4
Branches Tags
daniel:main daniel:test/verify-ci-fix daniel:fix/molecule-default-test daniel:feature/bind9-20-support daniel:9.18 daniel:origin/main daniel:feature/forwarders-port-tls-support
daniel:bind-9.20 daniel:bind-9.18

7 Commits
feature/fo ... 0271be7752

Author SHA1 Message Date
Daniel Akulenok
0271be7752 Merge branch 'main' of ssh://git.valid.dk:2222/daniel/ansible-bind9-role into HEAD
All checks were successful
Test / Lint (push) Successful in 16s
Details
Test / Test (push) Has been skipped
Details
2026-02-06 14:32:10 +01:00
Daniel Akulenok
907735c294 fix: improve readability of bind9 configuration and update variable registration 2026-02-06 13:46:09 +01:00
Daniel Akulenok
cdcc4cbbda fix: standardize YAML formatting and improve readability in bind9 configuration files 2026-02-06 13:38:56 +01:00
Daniel Akulenok
30918dc9f7 Add zone option JSON files for BIND9 grammar
All checks were successful
Test / Lint (push) Successful in 17s
Details
Test / Test (push) Has been skipped
Details 
- Created primary.zoneopt.json to define grammar for primary zones with various options including allow-query, allow-transfer, and DNSSEC settings.
- Added redirect.zoneopt.json for redirect zones, specifying options like allow-query and primaries.
- Introduced secondary.zoneopt.json for secondary zones, detailing options such as allow-notify, forwarders, and notify configurations.
- Implemented static-stub.zoneopt.json for static stub zones, including server-addresses and server-names options.
- Added stub.zoneopt.json for stub zones, defining options like check-names and forwarders.
- Created zoneopt.json as a general template for zone options, incorporating common fields across different zone types.
 2026-01-31 22:05:58 +01:00
Daniel Akulenok
7388e4eaaf Merge branch 'main' of ssh://git.valid.dk:2222/daniel/ansible-bind9-role 2026-01-31 21:29:19 +01:00
Daniel Akulenok
f6eee76e05 fix: ensure no change detection for bind9 configuration files
All checks were successful
Test / Lint (push) Successful in 12s
Details
Test / Test (push) Has been skipped
Details
2026-01-28 23:37:37 +01:00
Daniel Akulenok
0fede04e19 Merge pull request 'feature/forwarders-port-tls-support' (#3) from feature/forwarders-port-tls-support into main
All checks were successful
Test / Lint (push) Successful in 13s
Details
Test / Test (push) Has been skipped
Details 
Reviewed-on: #3
 2026-01-28 22:29:11 +00:00
17 changed files with 3426 additions and 20 deletions
Expand all files Collapse all files

13
CONFIGURATION_GRAMMAR.md
View File

@@ -541,6 +541,19 @@ options:
# Logging
querylog: <bool>
# DNSTAP - DNS traffic capture
dnstap: # List of message types to capture
- type: <auth|client|forwarder|resolver> # Message type (required)
log: <query|response> # Optional: specific direction
dnstap_output: # Output destination (required if dnstap is set)
output_type: <file|unix> # Output type: file or unix socket (required)
output_file: <path> # File path or socket path (required)
size: <size> # Optional: Max file size before rotation
versions: <integer> # Optional: Number of versions to keep
suffix: <increment|timestamp> # Optional: Rotation suffix type
dnstap_identity: <string> # Optional: Identity string (defaults to hostname)
dnstap_version: <string> # Optional: Version string (defaults to BIND version)
# Zone management
check_names: <master|slave|response> <warn|fail|ignore>
check_dup_records: <warn|fail|ignore>

19
bind9-grammar/forward.zoneopt.json Normal file
View File

@@ -0,0 +1,19 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "forward"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
}
}
}
}

19
bind9-grammar/hint.zoneopt.json Normal file
View File

@@ -0,0 +1,19 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "hint"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"file": {
"_grammar": "<quoted_string>"
},
"template": {
"_grammar": "<string>"
}
}
}
}

10
bind9-grammar/in-view.zoneopt.json Normal file
View File

@@ -0,0 +1,10 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"in-view": {
"_grammar": "<string>"
}
}
}
}

171
bind9-grammar/mirror.zoneopt.json Normal file
View File

@@ -0,0 +1,171 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "mirror"
},
"allow-notify": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-transfer": {
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
},
"allow-update-forwarding": {
"_grammar": "{ <address_match_element>; ... }"
},
"also-notify": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"database": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"ixfr-from-differences": {
"_grammar": "<boolean>"
},
"journal": {
"_grammar": "<quoted_string>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-ixfr-ratio": {
"_grammar": "( unlimited | <percentage> )"
},
"max-journal-size": {
"_grammar": "( default | unlimited | <sizeval> )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-idle-out": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-transfer-time-out": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"notify": {
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
},
"notify-cfg": {
"_flags": [
"may occur multiple times"
],
"_id": "<string>",
"_mapbody": {
"notify": {
"_grammar": "<boolean>"
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
}
}
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"provide-zoneversion": {
"_grammar": "<boolean>"
},
"request-expire": {
"_grammar": "<boolean>"
},
"request-ixfr": {
"_grammar": "<boolean>"
},
"request-ixfr-max-diffs": {
"_grammar": "<integer>"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"try-tcp-refresh": {
"_grammar": "<boolean>"
},
"zero-no-soa-ttl": {
"_grammar": "<boolean>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}

2315
bind9-grammar/options.json Normal file
View File

File diff suppressed because it is too large Load Diff

258
bind9-grammar/primary.zoneopt.json Normal file
View File

@@ -0,0 +1,258 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "primary"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-transfer": {
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
},
"allow-update": {
"_grammar": "{ <address_match_element>; ... }"
},
"also-notify": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"check-dup-records": {
"_grammar": "( fail | warn | ignore )"
},
"check-integrity": {
"_grammar": "<boolean>"
},
"check-mx": {
"_grammar": "( fail | warn | ignore )"
},
"check-mx-cname": {
"_grammar": "( fail | warn | ignore )"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"check-sibling": {
"_grammar": "<boolean>"
},
"check-spf": {
"_grammar": "( warn | ignore )"
},
"check-srv-cname": {
"_grammar": "( fail | warn | ignore )"
},
"check-svcb": {
"_grammar": "<boolean>"
},
"check-wildcard": {
"_grammar": "<boolean>"
},
"checkds": {
"_grammar": "( explicit | <boolean> )"
},
"database": {
"_grammar": "<string>"
},
"dlz": {
"_grammar": "<string>"
},
"dnskey-sig-validity": {
"_flags": [
"obsolete"
],
"_grammar": "<integer>"
},
"dnssec-dnskey-kskonly": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"dnssec-loadkeys-interval": {
"_grammar": "<integer>"
},
"dnssec-policy": {
"_grammar": "<string>"
},
"dnssec-secure-to-insecure": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"dnssec-update-mode": {
"_flags": [
"obsolete"
],
"_grammar": "( maintain | no-resign )"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"initial-file": {
"_grammar": "<quoted_string>"
},
"inline-signing": {
"_grammar": "<boolean>"
},
"ixfr-from-differences": {
"_grammar": "<boolean>"
},
"journal": {
"_grammar": "<quoted_string>"
},
"key-directory": {
"_grammar": "<quoted_string>"
},
"log-report-channel": {
"_grammar": "<boolean>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-ixfr-ratio": {
"_grammar": "( unlimited | <percentage> )"
},
"max-journal-size": {
"_grammar": "( default | unlimited | <sizeval> )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-transfer-idle-out": {
"_grammar": "<integer>"
},
"max-transfer-time-out": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"max-zone-ttl": {
"_flags": [
"deprecated"
],
"_grammar": "( unlimited | <duration> )"
},
"notify": {
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
},
"notify-cfg": {
"_flags": [
"may occur multiple times"
],
"_id": "<string>",
"_mapbody": {
"notify": {
"_grammar": "<boolean>"
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
}
}
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"notify-to-soa": {
"_grammar": "<boolean>"
},
"nsec3-test-zone": {
"_flags": [
"test only"
],
"_grammar": "<boolean>"
},
"parental-agents": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"parental-source": {
"_grammar": "( <ipv4_address> | * )"
},
"parental-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"provide-zoneversion": {
"_grammar": "<boolean>"
},
"send-report-channel": {
"_grammar": "<string>"
},
"serial-update-method": {
"_grammar": "( date | increment | unixtime )"
},
"sig-signing-nodes": {
"_grammar": "<integer>"
},
"sig-signing-signatures": {
"_grammar": "<integer>"
},
"sig-signing-type": {
"_grammar": "<integer>"
},
"sig-validity-interval": {
"_flags": [
"obsolete"
],
"_grammar": "<integer> [ <integer> ]"
},
"template": {
"_grammar": "<string>"
},
"update-check-ksk": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"update-policy": {
"_grammar": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } )"
},
"zero-no-soa-ttl": {
"_grammar": "<boolean>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}

58
bind9-grammar/redirect.zoneopt.json Normal file
View File

@@ -0,0 +1,58 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "redirect"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"dlz": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"max-zone-ttl": {
"_flags": [
"deprecated"
],
"_grammar": "( unlimited | <duration> )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}

258
bind9-grammar/secondary.zoneopt.json Normal file
View File

@@ -0,0 +1,258 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "secondary"
},
"allow-notify": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-transfer": {
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
},
"allow-update-forwarding": {
"_grammar": "{ <address_match_element>; ... }"
},
"also-notify": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"checkds": {
"_grammar": "( explicit | <boolean> )"
},
"database": {
"_grammar": "<string>"
},
"dlz": {
"_grammar": "<string>"
},
"dnskey-sig-validity": {
"_flags": [
"obsolete"
],
"_grammar": "<integer>"
},
"dnssec-dnskey-kskonly": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"dnssec-loadkeys-interval": {
"_grammar": "<integer>"
},
"dnssec-policy": {
"_grammar": "<string>"
},
"dnssec-update-mode": {
"_flags": [
"obsolete"
],
"_grammar": "( maintain | no-resign )"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"inline-signing": {
"_grammar": "<boolean>"
},
"ixfr-from-differences": {
"_grammar": "<boolean>"
},
"journal": {
"_grammar": "<quoted_string>"
},
"key-directory": {
"_grammar": "<quoted_string>"
},
"log-report-channel": {
"_grammar": "<boolean>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-ixfr-ratio": {
"_grammar": "( unlimited | <percentage> )"
},
"max-journal-size": {
"_grammar": "( default | unlimited | <sizeval> )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-idle-out": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-transfer-time-out": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"notify": {
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
},
"notify-cfg": {
"_flags": [
"may occur multiple times"
],
"_id": "<string>",
"_mapbody": {
"notify": {
"_grammar": "<boolean>"
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
}
}
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"notify-to-soa": {
"_grammar": "<boolean>"
},
"nsec3-test-zone": {
"_flags": [
"test only"
],
"_grammar": "<boolean>"
},
"parental-agents": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"parental-source": {
"_grammar": "( <ipv4_address> | * )"
},
"parental-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"provide-zoneversion": {
"_grammar": "<boolean>"
},
"request-expire": {
"_grammar": "<boolean>"
},
"request-ixfr": {
"_grammar": "<boolean>"
},
"request-ixfr-max-diffs": {
"_grammar": "<integer>"
},
"send-report-channel": {
"_grammar": "<string>"
},
"sig-signing-nodes": {
"_grammar": "<integer>"
},
"sig-signing-signatures": {
"_grammar": "<integer>"
},
"sig-signing-type": {
"_grammar": "<integer>"
},
"sig-validity-interval": {
"_flags": [
"obsolete"
],
"_grammar": "<integer> [ <integer> ]"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"try-tcp-refresh": {
"_grammar": "<boolean>"
},
"update-check-ksk": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"zero-no-soa-ttl": {
"_grammar": "<boolean>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}

43
bind9-grammar/static-stub.zoneopt.json Normal file
View File

@@ -0,0 +1,43 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "static-stub"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"server-addresses": {
"_grammar": "{ ( <ipv4_address> | <ipv6_address> ); ... }"
},
"server-names": {
"_grammar": "{ <string>; ... }"
},
"template": {
"_grammar": "<string>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}

85
bind9-grammar/stub.zoneopt.json Normal file
View File

@@ -0,0 +1,85 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "stub"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"database": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}

85
bind9-grammar/zoneopt.json Normal file
View File

@@ -0,0 +1,85 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "stub"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"database": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}

16
defaults/main.yml
View File

@@ -16,7 +16,6 @@ bind9_config_indent: 4
bind9_group_config: []
bind9_site_config: []
bind9_host_config: []
bind9_default_config:
- name: named.conf
backup: false
@@ -28,10 +27,11 @@ bind9_default_config:
options:
directory: "{{ bind9_working_directory }}"
bind9_config: "{{ [bind9_default_config,
bind9_group_config,
bind9_site_config,
bind9_host_config] |
community.general.lists_mergeby('name',
recursive=true,
list_merge='append_rp') }}"
bind9_config: >-
{{
[bind9_default_config,
bind9_group_config,
bind9_site_config,
bind9_host_config] |
community.general.lists_mergeby('name', recursive=true, list_merge='append_rp')
}}

6
handlers/main.yml
View File

@@ -16,10 +16,8 @@
- "{{ bind9_cfgdir }}"
- "{{ bind9_working_directory }}"
- "{{ bind9_libdir }}"
dest: "{{
bind9_backup_dir + '/bind9-config-' +
ansible_facts.date_time.iso8601_basic_short + '.tar.gz' }}"
dest: "{{ bind9_backup_dir + '/bind9-config-' + ansible_facts.date_time.iso8601_basic_short + '.tar.gz' }}"
owner: root
group: root
mode: '0640'
mode: "0640"
when: bind9_backup_config is defined and bind9_backup_config

3
meta/argument_specs.yml
View File

@@ -7,8 +7,7 @@ argument_specs:
type: list
elements: dict
description:
- A list of configuration dictionaries that are merged to
produce the final configuration.
- A list of configuration dictionaries that are merged to produce the final configuration.
- Each element must have a 'name' key (filename).
bind9_default_config:
type: list

74
molecule/default/converge.yml
View File

@@ -2,10 +2,19 @@
- name: Converge
hosts: all
tasks:
- name: Create log directory for BIND
ansible.builtin.file:
path: /var/log/named
state: directory
mode: '0755'
owner: bind
group: bind
- name: Include bind9 role
ansible.builtin.include_role:
name: ../../../ansible-bind9-role # noqa: role-name[path]
vars:
bind9_backup_config: false
bind9_host_config:
- name: named.conf.options
options:
@@ -26,6 +35,71 @@
tls: censurfridns-unicast
forward: first
dnssec_validation: auto
dnstap:
- type: auth
- type: resolver
log: query
- type: client
log: response
dnstap_output:
output_type: file
output_file: /var/log/named/dnstap.log
size: 20m
versions: 3
suffix: increment
dnstap_identity: dns-server-01
dnstap_version: 9.18
logging:
channels:
- name: default_log
file:
name: /var/log/named/default.log
severity: info
print_time: true
print_severity: true
print_category: true
- name: security_log
file:
name: /var/log/named/security.log
severity: dynamic
print_time: true
print_severity: true
print_category: true
- name: query_log
file:
name: /var/log/named/queries.log
versions: 5
size: 10m
severity: info
print_time: true
- name: dnssec_log
file:
name: /var/log/named/dnssec.log
severity: debug
print_time: true
print_severity: true
- name: rate_limit_log
syslog: daemon
severity: warning
categories:
- name: default
channels:
- default_log
- name: general
channels:
- default_log
- name: security
channels:
- security_log
- name: queries
channels:
- query_log
- name: dnssec
channels:
- dnssec_log
- name: rate-limit
channels:
- rate_limit_log
- name: named.conf.local
tls:
- name: censurfridns-anycast

13
tasks/main.yml
View File

@@ -15,7 +15,7 @@
state: directory
owner: root
group: root
mode: '0750'
mode: "0750"
when: bind9_backup_config is defined and bind9_backup_config | bool
- name: Deploy and Validate Configuration
@@ -33,8 +33,9 @@
remote_src: true
owner: root
group: bind
mode: '0640'
failed_when: false # It's okay if the file doesn't exist yet
mode: "0640"
changed_when: false
failed_when: false # It's okay if the file doesn't exist yet
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
@@ -45,11 +46,11 @@
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
owner: root
group: bind
mode: '0640'
mode: "0640"
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
register: _template_result
register: bind9_template_result
- name: Validate configuration using named-checkconf
ansible.builtin.command:
@@ -64,7 +65,7 @@
remote_src: true
owner: root
group: bind
mode: '0640'
mode: "0640"
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"