51 Commits

Author SHA1 Message Date
Daniel Akulenok b6fa879b93 demacro zone and view 2024-05-14 14:36:54 +02:00
Daniel Akulenok 73d8632c49 trust anchors 2024-05-14 14:34:49 +02:00
Daniel Akulenok 807077f78c tls demacro 2024-05-14 14:30:18 +02:00
Daniel Akulenok 0809bc7e91 statistics_channels 2024-05-14 14:29:10 +02:00
Daniel Akulenok 4577a40db9 Demacro server 2024-05-14 14:26:36 +02:00
Daniel Akulenok 52d5fa2d3f Demacro 2024-05-14 14:12:19 +02:00
Daniel Akulenok 8077d8c05c podman 2024-05-14 14:02:06 +02:00
Daniel Akulenok a06fa3d679 key demacro 2024-05-14 14:01:49 +02:00
Daniel Akulenok dfd93ecfea Demacro item.http 2024-05-14 13:47:59 +02:00
Daniel Akulenok 87c276c55b Demacro http 2024-05-14 13:47:03 +02:00
Daniel Akulenok 128b947ea2 demacro dnssec_policy 2024-05-14 13:45:31 +02:00
Daniel Akulenok 31692dd78d Demacro dlz 2024-05-14 13:44:21 +02:00
Daniel Akulenok f69f631b36 Demacro include 2024-05-14 13:42:02 +02:00
Daniel Akulenok 7a834ae40c De-macro controls 2024-05-14 13:39:56 +02:00
Daniel Akulenok ef28c98fc8 Fix typo 2024-05-14 13:28:15 +02:00
Daniel Akulenok cdecd8c05c Fix typo 2024-05-14 13:24:54 +02:00
Daniel Akulenok da0f4d9189 Merge branch 'main' of ssh://git.valid.dk:2222/daniel/ansible-bind9-role 2024-05-14 10:31:38 +02:00
Daniel Akulenok 3c595f4879 Demacro some more 2024-05-14 10:31:16 +02:00
Daniel Akulenok 9ad0225582 Fix bug where a macro was used as a filter 2024-05-14 10:06:12 +02:00
Daniel Akulenok 84d140d40e Un-macro options 2024-05-14 10:04:31 +02:00
Daniel Akulenok 6b9ac5ff8f Fix bug where named_boolean was used as filter 2024-05-13 21:31:37 +02:00
Daniel Akulenok bed2af617f Update to local changes 2024-01-02 10:37:18 +01:00
Daniel Akulenok b1e68c2225 Fix backup file string 2022-10-27 09:37:47 +02:00
Daniel Akulenok 2870e14941 Make name optional 2022-10-04 12:53:45 +02:00
Daniel Akulenok 28310f7755 Extend function to also iterate over list of addresses with the same key 2022-10-03 12:26:42 +02:00
Daniel Akulenok 8f16eb8573 dnssec_validation can be boolean or auto 2022-09-16 13:26:08 +02:00
Daniel Akulenok 571d8faf47 Merge branch 'molecule' into 'main'
Molecule

See merge request operations/ansible-bind9-role!3
2022-08-30 14:10:25 +00:00
Daniel Akulenok 04e5e7db06 not too many empty lines or else lint goes crazy 2022-08-30 16:09:22 +02:00
Daniel Akulenok de1fd88f69 Indentation Saga 2022-08-30 16:02:43 +02:00
Daniel Akulenok ba17ed2716 Molecule lint 2022-08-30 16:02:26 +02:00
Daniel Akulenok 9818c24b26 Add gitlab ci 2022-08-30 16:01:31 +02:00
Daniel Akulenok f2d8972ace we do not use travis 2022-08-30 15:37:41 +02:00
Daniel Akulenok 3fffee6392 remove all the vars 2022-08-30 15:37:32 +02:00
Daniel Akulenok 365e68c2dd Working molecule 2022-08-30 13:55:13 +02:00
Daniel Akulenok 7e87da9428 Update README.md 2022-08-30 10:33:31 +00:00
Daniel Akulenok 723357ecc0 Merge branch 'main' of gitlab.off.keepit.com:operations/ansible-bind9-role 2022-08-30 12:32:28 +02:00
Daniel Akulenok 4ebe932d27 Update README.md 2022-08-30 08:11:38 +00:00
Daniel Akulenok 59bfbbe698 Merge branch 'dak-main-patch-16249' into 'main'
Update README.md

See merge request operations/ansible-bind9-role!2
2022-08-30 08:07:27 +00:00
Daniel Akulenok 87b8c6856c Update README.md 2022-08-30 08:07:00 +00:00
Daniel Akulenok 06fe995574 Merge branch 'documentation' into 'main'
Documentation

See merge request operations/ansible-bind9-role!1
2022-08-30 08:03:51 +00:00
Daniel Akulenok af3a9c7f33 Documentation 2022-08-30 08:03:51 +00:00
Daniel Akulenok 5ddcbbec5c Add variables documentation 2022-08-30 08:02:31 +00:00
Daniel Akulenok 97200d5004 key tls line 2022-08-23 13:40:18 +02:00
Daniel Akulenok 251a78d825 readme 2022-08-23 13:17:19 +02:00
Daniel Akulenok 51bb7979db expand readme 2022-08-23 12:10:39 +02:00
Daniel Akulenok 8e12a4388f changes to indentation 2022-08-19 22:01:36 +02:00
Daniel Akulenok f0cd205c20 reorder some options 2022-08-19 21:48:25 +02:00
Daniel Akulenok 5e28987ab5 Merge branch 'main' of gitlab.off.keepit.com:operations/ansible-bind9-role 2022-08-05 14:46:02 +02:00
Daniel Akulenok 3643dd4628 remove debugging 2022-08-05 14:45:34 +02:00
Daniel Akulenok 8c8dc93463 Try make small commit 2022-08-04 12:47:36 +02:00
Daniel Akulenok 20a43d06bd Move all of the role here 2022-08-04 12:41:40 +02:00
46 changed files with 73 additions and 5188 deletions
-63
View File
@@ -1,63 +0,0 @@
---
name: Test
on: # noqa: yaml[truthy]
push:
branches:
- main
- feature/**
pull_request:
branches:
- main
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install tools
run: |
pip install --no-cache-dir yamllint ansible-lint
- name: Run yamllint
run: yamllint -d relaxed .
- name: Run ansible-lint
run: ansible-lint --strict --profile=production
test:
name: Test
runs-on: ubuntu-latest
needs: lint
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install podman
run: |
sudo apt-get update
sudo apt-get install -y podman
- name: Install dependencies
run: |
pip install --no-cache-dir \
ansible \
molecule[podman] \
podman-compose \
pyyaml \
jinja2
- name: Run Molecule tests
run: molecule test
-6
View File
@@ -1,6 +0,0 @@
<!--# cspell: ignore SSOT CMDB -->
# AGENTS.md
Ensure that all practices and instructions described by
https://raw.githubusercontent.com/ansible/ansible-creator/refs/heads/main/docs/agents.md
are followed.
File diff suppressed because it is too large Load Diff
+17 -22
View File
@@ -38,7 +38,7 @@ named.conf
bind configuration is set through the various bind9_*_config parameters. These are, in order of precedence:
1. bind9_default_config
2. bind9_group_config
3. bind9_site_config
3. bind9_leaf_config
4. bind9_host_config
All these configuration parameters are merged in a way where each successing config supercedes the previous one at a config-file level. To illustrate:
@@ -59,7 +59,7 @@ bind9_group_config:
- name: "."
type: mirror
bind9_site_config:
bind9_leaf_config:
- name: named.conf.local
zone:
- name: "."
@@ -81,7 +81,7 @@ bind9_config:
file: /etc/share/dns/root.hints
```
The `named.conf.options` block in `bind9_default_config` got completely overwritten by the `bind9_group_config`, and the `bind9_site_config` completely overwrote `named.conf.local`, however, `named.conf.options` was left intact after merging with `bind9_site_config`.
The `named.conf.options` block in `bind9_default_config` got completely overwritten by the `bind9_group_config`, and the `bind9_leaf_config` completely overwrote `named.conf.local`, however, `named.conf.options` was left intact after merging with `bind9_leaf_config`.
Configuration Grammar
---------------------
@@ -126,43 +126,38 @@ Simple options are defined just as that.
```
Some options have several optional parameters. For those, a somewhat flexible
configuration format has been created. Common patterns include:
- **Address with Port/DSCP**: Used by options like `primaries`, `parental_agents` (e.g., `address [ port <port> ] [ dscp <dscp> ]`)
- **Address with Port/TLS**: Used by options like `forwarders` (e.g., `address [ port <port> ] [ tls <tls> ]`)
configuration format has been created
```
ADDRESS_PORT_TLS_OPTION: # Example: forwarders option
# <option> [ port <port> ] [ tls <tls> ] { <address> [ port <port> ] [ tls <tls> ]; ... }
IP_PORT_DSCP_OPTION: # Any option that is defined as one of:
# <option> [ port <port> ] [ dscp <dscp> ] { <address> [ port <port> ] [ dscp <dscp> ]; ... }
# <option> [ port <port> ] [ dscp <dscp> ] { <address> [ port <port> ] [ key <key> ] [ tls <tls> ]; ... }
# has a few optional syntaxes
# Example 1: Simple address list
- ADDRESS1
- ADDRESS2
# Example 2: To define global port/tls, use 'addresses' sub-element
# Example 2: To define source port/dscp, use 'addresses' sub-element
[ port: PORT ]
[ tls: TLS_NAME ]
[ dscp: DSCP ]
addresses:
- ADDRESS1
- ADDRESS2
- 127.0.0.1
# Example 3: To define per-address port/tls, use 'addresses' as a list of dicts
# Example 3: To define target port/dscp, use 'addresses' as a list of dicts
addresses:
- address: ADDRESS
[ port: PORT ]
[ tls: TLS_NAME ]
[ dscp: DSCP ]
- address: 127.0.0.1
port: 53
- address: 127.0.0.1
port: 853
tls: dot-tls
- address: 8.8.8.8
port: 853
tls: google-tls
dscp: 42
- address: 127.0.0.1
port: 5353
dscp: 42
# Example 4: The various formats can be mixed and matched within the main element
- ADDRESS1
- address: ADDRESS2
port: PORT
tls: TLS_NAME
```
@@ -203,5 +198,5 @@ BSD
Author Information
------------------
Daniel Akulenok <daniel@valid.dk>
Valid.dk
Daniel Akulenok <dak@keepit.com>
Keepit A/S - keepit.com
-19
View File
@@ -1,19 +0,0 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "forward"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
}
}
}
}
-19
View File
@@ -1,19 +0,0 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "hint"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"file": {
"_grammar": "<quoted_string>"
},
"template": {
"_grammar": "<string>"
}
}
}
}
-10
View File
@@ -1,10 +0,0 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"in-view": {
"_grammar": "<string>"
}
}
}
}
-171
View File
@@ -1,171 +0,0 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "mirror"
},
"allow-notify": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-transfer": {
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
},
"allow-update-forwarding": {
"_grammar": "{ <address_match_element>; ... }"
},
"also-notify": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"database": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"ixfr-from-differences": {
"_grammar": "<boolean>"
},
"journal": {
"_grammar": "<quoted_string>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-ixfr-ratio": {
"_grammar": "( unlimited | <percentage> )"
},
"max-journal-size": {
"_grammar": "( default | unlimited | <sizeval> )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-idle-out": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-transfer-time-out": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"notify": {
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
},
"notify-cfg": {
"_flags": [
"may occur multiple times"
],
"_id": "<string>",
"_mapbody": {
"notify": {
"_grammar": "<boolean>"
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
}
}
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"provide-zoneversion": {
"_grammar": "<boolean>"
},
"request-expire": {
"_grammar": "<boolean>"
},
"request-ixfr": {
"_grammar": "<boolean>"
},
"request-ixfr-max-diffs": {
"_grammar": "<integer>"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"try-tcp-refresh": {
"_grammar": "<boolean>"
},
"zero-no-soa-ttl": {
"_grammar": "<boolean>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
File diff suppressed because it is too large Load Diff
-258
View File
@@ -1,258 +0,0 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "primary"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-transfer": {
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
},
"allow-update": {
"_grammar": "{ <address_match_element>; ... }"
},
"also-notify": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"check-dup-records": {
"_grammar": "( fail | warn | ignore )"
},
"check-integrity": {
"_grammar": "<boolean>"
},
"check-mx": {
"_grammar": "( fail | warn | ignore )"
},
"check-mx-cname": {
"_grammar": "( fail | warn | ignore )"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"check-sibling": {
"_grammar": "<boolean>"
},
"check-spf": {
"_grammar": "( warn | ignore )"
},
"check-srv-cname": {
"_grammar": "( fail | warn | ignore )"
},
"check-svcb": {
"_grammar": "<boolean>"
},
"check-wildcard": {
"_grammar": "<boolean>"
},
"checkds": {
"_grammar": "( explicit | <boolean> )"
},
"database": {
"_grammar": "<string>"
},
"dlz": {
"_grammar": "<string>"
},
"dnskey-sig-validity": {
"_flags": [
"obsolete"
],
"_grammar": "<integer>"
},
"dnssec-dnskey-kskonly": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"dnssec-loadkeys-interval": {
"_grammar": "<integer>"
},
"dnssec-policy": {
"_grammar": "<string>"
},
"dnssec-secure-to-insecure": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"dnssec-update-mode": {
"_flags": [
"obsolete"
],
"_grammar": "( maintain | no-resign )"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"initial-file": {
"_grammar": "<quoted_string>"
},
"inline-signing": {
"_grammar": "<boolean>"
},
"ixfr-from-differences": {
"_grammar": "<boolean>"
},
"journal": {
"_grammar": "<quoted_string>"
},
"key-directory": {
"_grammar": "<quoted_string>"
},
"log-report-channel": {
"_grammar": "<boolean>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-ixfr-ratio": {
"_grammar": "( unlimited | <percentage> )"
},
"max-journal-size": {
"_grammar": "( default | unlimited | <sizeval> )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-transfer-idle-out": {
"_grammar": "<integer>"
},
"max-transfer-time-out": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"max-zone-ttl": {
"_flags": [
"deprecated"
],
"_grammar": "( unlimited | <duration> )"
},
"notify": {
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
},
"notify-cfg": {
"_flags": [
"may occur multiple times"
],
"_id": "<string>",
"_mapbody": {
"notify": {
"_grammar": "<boolean>"
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
}
}
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"notify-to-soa": {
"_grammar": "<boolean>"
},
"nsec3-test-zone": {
"_flags": [
"test only"
],
"_grammar": "<boolean>"
},
"parental-agents": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"parental-source": {
"_grammar": "( <ipv4_address> | * )"
},
"parental-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"provide-zoneversion": {
"_grammar": "<boolean>"
},
"send-report-channel": {
"_grammar": "<string>"
},
"serial-update-method": {
"_grammar": "( date | increment | unixtime )"
},
"sig-signing-nodes": {
"_grammar": "<integer>"
},
"sig-signing-signatures": {
"_grammar": "<integer>"
},
"sig-signing-type": {
"_grammar": "<integer>"
},
"sig-validity-interval": {
"_flags": [
"obsolete"
],
"_grammar": "<integer> [ <integer> ]"
},
"template": {
"_grammar": "<string>"
},
"update-check-ksk": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"update-policy": {
"_grammar": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } )"
},
"zero-no-soa-ttl": {
"_grammar": "<boolean>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
-58
View File
@@ -1,58 +0,0 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "redirect"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"dlz": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"max-zone-ttl": {
"_flags": [
"deprecated"
],
"_grammar": "( unlimited | <duration> )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
-258
View File
@@ -1,258 +0,0 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "secondary"
},
"allow-notify": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-transfer": {
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
},
"allow-update-forwarding": {
"_grammar": "{ <address_match_element>; ... }"
},
"also-notify": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"checkds": {
"_grammar": "( explicit | <boolean> )"
},
"database": {
"_grammar": "<string>"
},
"dlz": {
"_grammar": "<string>"
},
"dnskey-sig-validity": {
"_flags": [
"obsolete"
],
"_grammar": "<integer>"
},
"dnssec-dnskey-kskonly": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"dnssec-loadkeys-interval": {
"_grammar": "<integer>"
},
"dnssec-policy": {
"_grammar": "<string>"
},
"dnssec-update-mode": {
"_flags": [
"obsolete"
],
"_grammar": "( maintain | no-resign )"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"inline-signing": {
"_grammar": "<boolean>"
},
"ixfr-from-differences": {
"_grammar": "<boolean>"
},
"journal": {
"_grammar": "<quoted_string>"
},
"key-directory": {
"_grammar": "<quoted_string>"
},
"log-report-channel": {
"_grammar": "<boolean>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-ixfr-ratio": {
"_grammar": "( unlimited | <percentage> )"
},
"max-journal-size": {
"_grammar": "( default | unlimited | <sizeval> )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-idle-out": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-transfer-time-out": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"notify": {
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
},
"notify-cfg": {
"_flags": [
"may occur multiple times"
],
"_id": "<string>",
"_mapbody": {
"notify": {
"_grammar": "<boolean>"
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
}
}
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"notify-to-soa": {
"_grammar": "<boolean>"
},
"nsec3-test-zone": {
"_flags": [
"test only"
],
"_grammar": "<boolean>"
},
"parental-agents": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"parental-source": {
"_grammar": "( <ipv4_address> | * )"
},
"parental-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"provide-zoneversion": {
"_grammar": "<boolean>"
},
"request-expire": {
"_grammar": "<boolean>"
},
"request-ixfr": {
"_grammar": "<boolean>"
},
"request-ixfr-max-diffs": {
"_grammar": "<integer>"
},
"send-report-channel": {
"_grammar": "<string>"
},
"sig-signing-nodes": {
"_grammar": "<integer>"
},
"sig-signing-signatures": {
"_grammar": "<integer>"
},
"sig-signing-type": {
"_grammar": "<integer>"
},
"sig-validity-interval": {
"_flags": [
"obsolete"
],
"_grammar": "<integer> [ <integer> ]"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"try-tcp-refresh": {
"_grammar": "<boolean>"
},
"update-check-ksk": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"zero-no-soa-ttl": {
"_grammar": "<boolean>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
-43
View File
@@ -1,43 +0,0 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "static-stub"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"server-addresses": {
"_grammar": "{ ( <ipv4_address> | <ipv6_address> ); ... }"
},
"server-names": {
"_grammar": "{ <string>; ... }"
},
"template": {
"_grammar": "<string>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
-85
View File
@@ -1,85 +0,0 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "stub"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"database": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
-85
View File
@@ -1,85 +0,0 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "stub"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"database": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
+7 -7
View File
@@ -14,8 +14,9 @@ bind9_debug_config: false
bind9_config_indent: 4
bind9_group_config: []
bind9_site_config: []
bind9_leaf_config: []
bind9_host_config: []
bind9_default_config:
- name: named.conf
backup: false
@@ -27,11 +28,10 @@ bind9_default_config:
options:
directory: "{{ bind9_working_directory }}"
bind9_config: >-
{{
[bind9_default_config,
bind9_config: "{{ [bind9_default_config,
bind9_group_config,
bind9_site_config,
bind9_leaf_config,
bind9_host_config] |
community.general.lists_mergeby('name', recursive=true, list_merge='append_rp')
}}
community.general.lists_mergeby('name',
recursive=true,
list_merge='append_rp') }}"
+4 -2
View File
@@ -16,8 +16,10 @@
- "{{ bind9_cfgdir }}"
- "{{ bind9_working_directory }}"
- "{{ bind9_libdir }}"
dest: "{{ bind9_backup_dir + '/bind9-config-' + ansible_facts.date_time.iso8601_basic_short + '.tar.gz' }}"
dest: "{{
bind9_backup_dir + '/bind9-config-' +
ansible_date_time.iso8601_basic_short + '.tar.gz' }}"
owner: root
group: root
mode: "0640"
mode: 0640
when: bind9_backup_config is defined and bind9_backup_config
-55
View File
@@ -1,55 +0,0 @@
---
argument_specs:
main:
short_description: The main entry point for the bind9 role.
options:
bind9_config:
type: list
elements: dict
description:
- A list of configuration dictionaries that are merged to produce the final configuration.
- Each element must have a 'name' key (filename).
bind9_default_config:
type: list
elements: dict
description: Default configuration.
bind9_group_config:
type: list
elements: dict
description: Group-level configuration.
bind9_site_config:
type: list
elements: dict
description: Site/Leaf-level configuration.
bind9_host_config:
type: list
elements: dict
description: Host-level configuration.
bind9_backup_config:
type: bool
default: true
description: Whether to backup configuration files before overwriting.
bind9_debug_config:
type: bool
default: false
description: Whether to print the merged configuration during execution.
bind9_config_indent:
type: int
default: 4
description: Indentation level for generated configuration files.
bind9_packages:
type: list
elements: str
description: List of packages to install.
bind9_cfgdir:
type: str
description: Directory for configuration files.
bind9_working_directory:
type: str
description: Working directory for BIND.
bind9_libdir:
type: str
description: Library directory for BIND.
bind9_backup_dir:
type: str
description: Directory for backups.
+3 -3
View File
@@ -1,13 +1,13 @@
---
galaxy_info:
role_name: bind9
namespace: valid
namespace: keepit
author: Daniel Akulenok
description: Configure Bind9
company: Valid.dk
company: Keepit
issue_tracker_url: https://git.valid.dk/daniel/ansible-bind9-role
issue_tracker_url: https://gitlab.off.keepit.com/operations/ansible-bind9-role
license: GPL-3.0-or-later
-6
View File
@@ -1,6 +0,0 @@
---
collections:
- name: ansible.utils
- name: ansible.posix
- name: community.crypto
- name: community.general
+2 -112
View File
@@ -1,115 +1,5 @@
---
- name: Converge
hosts: all
tasks:
- name: Create log directory for BIND
ansible.builtin.file:
path: /var/log/named
state: directory
mode: '0755'
owner: bind
group: bind
- name: Include bind9 role
ansible.builtin.include_role:
name: ../../../ansible-bind9-role # noqa: role-name[path]
vars:
bind9_backup_config: false
bind9_host_config:
- name: named.conf.options
options:
directory: "{{ bind9_working_directory }}"
recursion: true
allow_query:
- any
allow_recursion:
- 10.0.0.0/8
- 192.168.0.0/16
- 172.16.0.0/12
- localhost
- localnets
forwarders:
- address: 91.239.100.100
tls: censurfridns-anycast
- address: 89.233.43.71
tls: censurfridns-unicast
forward: first
dnssec_validation: auto
dnstap:
- type: auth
- type: resolver
log: query
- type: client
log: response
dnstap_output:
output_type: file
output_file: /var/log/named/dnstap.log
size: 20m
versions: 3
suffix: increment
dnstap_identity: dns-server-01
dnstap_version: 9.18
logging:
channels:
- name: default_log
file:
name: /var/log/named/default.log
severity: info
print_time: true
print_severity: true
print_category: true
- name: security_log
file:
name: /var/log/named/security.log
severity: dynamic
print_time: true
print_severity: true
print_category: true
- name: query_log
file:
name: /var/log/named/queries.log
versions: 5
size: 10m
severity: info
print_time: true
- name: dnssec_log
file:
name: /var/log/named/dnssec.log
severity: debug
print_time: true
print_severity: true
- name: rate_limit_log
syslog: daemon
severity: warning
categories:
- name: default
channels:
- default_log
- name: general
channels:
- default_log
- name: security
channels:
- security_log
- name: queries
channels:
- query_log
- name: dnssec
channels:
- dnssec_log
- name: rate-limit
channels:
- rate_limit_log
- name: named.conf.local
tls:
- name: censurfridns-anycast
remote_hostname: anycast.uncensoreddns.org
- name: censurfridns-unicast
remote_hostname: unicast.uncensoreddns.org
zones:
- name: example.internal
type: forward
forward: only
forwarders:
- 10.0.0.53
- 10.0.0.54
roles:
- keepit.bind9
+14 -10
View File
@@ -1,18 +1,22 @@
---
dependency:
name: galaxy
driver:
name: podman
platforms:
- name: debian-trixie
image: docker.io/jrei/systemd-debian:13
command: /lib/systemd/systemd
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
- name: ubuntu-jammy
image: ubuntu:jammy
- name: ubuntu-focal
image: ubuntu:focal
- name: debian-bullseye
image: debian:bullseye
provisioner:
name: ansible
config_options:
defaults:
ALLOW_BROKEN_CONDITIONALS: true
lint:
name: ansible-lint
verifier:
name: ansible
lint: |
set -e
ansible-lint .
yamllint .
-11
View File
@@ -1,11 +0,0 @@
---
- name: Prepare
hosts: all
tasks:
- name: Update apt
ansible.builtin.apt:
update_cache: true
- name: Install bind9-dnsutils package
ansible.builtin.apt:
name: bind9-dnsutils
state: present
-76
View File
@@ -1,76 +0,0 @@
---
- name: Verify
hosts: all
gather_facts: true
tasks:
- name: Check that BIND9 is installed
ansible.builtin.package:
name: bind9
state: present
check_mode: true
register: __bind9_package_check
failed_when: __bind9_package_check is changed
- name: Check that BIND9 service is running
ansible.builtin.service:
name: named
state: started
enabled: true
check_mode: true
register: __bind9_service_check
failed_when: __bind9_service_check is changed
- name: Check that named.conf.options exists
ansible.builtin.stat:
path: /etc/bind/named.conf.options
register: __options_file
failed_when: not __options_file.stat.exists
- name: Check that named.conf.local exists
ansible.builtin.stat:
path: /etc/bind/named.conf.local
register: __local_file
failed_when: not __local_file.stat.exists
- name: Read named.conf.options content
ansible.builtin.slurp:
path: /etc/bind/named.conf.options
register: __options_content
- name: Verify forwarders are configured in options
ansible.builtin.assert:
that:
- "'forwarders' in __options_decoded"
- "'8.8.8.8' in __options_decoded"
- "'forward first' in __options_decoded"
fail_msg: Forwarders not properly configured in named.conf.options
vars:
__options_decoded: "{{ __options_content.content | b64decode }}"
- name: Read named.conf.local content
ansible.builtin.slurp:
path: /etc/bind/named.conf.local
register: __local_content
- name: Verify forward zone is configured
ansible.builtin.assert:
that:
- "'zone \"example.internal\"' in __local_decoded"
- "'type forward' in __local_decoded"
- "'forward only' in __local_decoded"
fail_msg: Forward zone not properly configured in named.conf.local
vars:
__local_decoded: "{{ __local_content.content | b64decode }}"
- name: Test DNS resolution using localhost
ansible.builtin.command:
cmd: dig @localhost google.com +short
register: __dns_query
changed_when: false
failed_when: __dns_query.rc != 0
- name: Verify DNS query returned results
ansible.builtin.assert:
that:
- __dns_query.stdout_lines | length > 0
fail_msg: DNS forwarding is not working
+14 -64
View File
@@ -15,77 +15,27 @@
state: directory
owner: root
group: root
mode: "0750"
when: bind9_backup_config is defined and bind9_backup_config | bool
mode: 0750
when: bind9_backup_config is defined and bind9_backup_config
- name: Deploy and Validate Configuration
- name: Template named.conf.generator
ansible.builtin.template:
src: named.conf.generator.j2
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
owner: root
group: bind
mode: 0640
backup: "{{ item.backup | default('false') | bool }}"
# validate: 'named-checkconf -z -j %s'
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
tags:
- bind9
- template
notify:
- Backup bind config
- Restart bind
block:
- name: Create backup of current config
ansible.builtin.copy:
src: "{{ bind9_cfgdir }}/{{ item.name }}"
dest: "{{ bind9_cfgdir }}/{{ item.name }}.bak"
remote_src: true
owner: root
group: bind
mode: "0640"
changed_when: false
failed_when: false # It's okay if the file doesn't exist yet
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
- name: Template named.conf.generator
ansible.builtin.template:
src: named.conf.generator.j2
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
owner: root
group: bind
mode: "0640"
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
register: bind9_template_result
- name: Validate configuration using named-checkconf
ansible.builtin.command:
cmd: "named-checkconf -z {{ bind9_cfgdir }}/named.conf"
changed_when: false
rescue:
- name: Restore configuration from backup
ansible.builtin.copy:
src: "{{ bind9_cfgdir }}/{{ item.name }}.bak"
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
remote_src: true
owner: root
group: bind
mode: "0640"
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
failed_when: false # Best effort restore
- name: Fail due to invalid configuration
ansible.builtin.fail:
msg: |
Configuration validation failed. Changes have been reverted.
Check the logs for named-checkconf errors.
always:
- name: Remove backup files
ansible.builtin.file:
path: "{{ bind9_cfgdir }}/{{ item.name }}.bak"
state: absent
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
when: bind9_backup_config | bool is false
- name: Ensure the named service is started
ansible.builtin.service:
-1
View File
@@ -1,6 +1,5 @@
{# ACL Macro. Very easy statement. It's just a list of address match elements. #}
{% for acl in item.acl %}
acl {{ acl.name }} {
{{ functions.simple_item_list(acl.addresses) -}}
};
-1
View File
@@ -1,4 +1,3 @@
controls {
{% filter indent(bind9_config_indent, true) %}
{% for control in item.controls %}
-1
View File
@@ -1,5 +1,4 @@
{% for dlz in item.dlz if item.dlz is iterable %}
dlz "{{ dlz.name }}" {
{% filter indent(bind9_config_indent, true) %}
{{ ('database "' + simple_item_list(dlz.database) + '";') }}
-1
View File
@@ -1,5 +1,4 @@
{% for policy in item.dnssec_policy if item.dnssec_policy is iterable %}
dnssec-policy "{{ policy.name }}" {
{% filter indent(bind9_config_indent, true) %}
{% if policy.keys is defined and policy.keys %}
-1
View File
@@ -1,5 +1,4 @@
{% for dyndb in item.dyndb if item.dyndb is iterable %}
dyndb {{ dyndb.name }} "{{ dyndb.driver }}" {
{% filter indent(bind9_config_indent, true) %}
{{ functions.simple_item_list(dyndb.parameters) -}}
-32
View File
@@ -111,35 +111,3 @@
{{ name }} "{{ value }}";
{% endif %}
{% endmacro %}
{% macro list_address_port_tls(dict, indent=bind9_config_indent) %}
{# This macro is for use for statements with grammar like #}
{# address port 00 tls str; address port 00 tls str; #}
{# it is usually called by a parent macro #}
{% filter indent(indent, true) %}
{% for item in dict %}
{% if item is not mapping %}
{{ item }};
{% else %}
{{ item.address }}
{{- (' port ' + item.port | string) if item.port is defined and item.port -}}
{{- (' tls ' + item.tls | string) if item.tls is defined and item.tls -}};
{% endif %}
{% endfor %}
{% endfilter %}
{% endmacro %}
{% macro parent_address_port_tls(name, dict) %}
{# This macro is for use for statements with grammar like #}
{# statement port 00 tls str { address port 00 tls str; address port 00 tls str; } #}
{# the list inside the statement is handled by list_address_port_tls #}
{% if dict is not mapping and dict is iterable %}
{{ name }} {
{{ list_address_port_tls(dict) }}};
{% else %}
{{ name }}
{{- (' port ' + dict.port | string) if dict.port is defined and dict.port -}}
{{- (' tls ' + dict.tls | string) if dict.tls is defined and dict.tls }} {
{{ list_address_port_tls(dict.addresses) }}};
{% endif %}
{% endmacro %}
+5
View File
@@ -1,7 +1,12 @@
{% import 'named.conf.functions.j2' as functions with context %}
{{ ansible_managed | comment }}
{% if item.options is defined and item.options %}
options {
{% filter indent(bind9_config_indent,true)%}
{% include 'named.conf.options.j2' %}
{% endfilter %}
};
{% endif %}
{% if item.acl is defined and item.acl %}
{% include 'named.conf.acl.j2' %}
-1
View File
@@ -1,5 +1,4 @@
{% for http in item.http if item.http is iterable %}
http {{ http.name }} {
{% filter indent(bind9_config_indent, true) %}
{% if http.endpoints is defined and http.endpoints %}
-1
View File
@@ -1,4 +1,3 @@
{% for file in item.include %}
include "{{ file }}";
{% endfor %}
-1
View File
@@ -1,5 +1,4 @@
{% for keyname in item.keylist if item.keylist is iterable %}
key {{ keyname.name }} {
{% filter indent(bind9_config_indent, true) %}
{{ ('algorithm ' + keyname.algorithm + ';\n') if keyname.algorithm is defined and keyname.algorithm -}}
-1
View File
@@ -1,4 +1,3 @@
logging {
{% filter indent(bind9_config_indent, true) %}
{% for category in item.logging.categories if item.logging.categories is defined and item.logging.categories %}
+1 -7
View File
@@ -1,6 +1,3 @@
options {
{% filter indent(bind9_config_indent,true)%}
{# Unicorn Options#}
{% if item.options.rrset_order is defined and item.options.rrset_order %}
rrset-order {
@@ -101,7 +98,7 @@ listen-on
{{ functions.simple_item_list(item.options.listen_on.addresses) }}};
{% endfor %}
{% endif %}
{{ functions.parent_address_port_tls("forwarders", item.options.forwarders) if item.options.forwarders is defined and item.options.forwarders -}}
{{ functions.parent_address_port_dscp("forwarders", item.options.forwarders) if item.options.forwarders is defined and item.options.forwarders -}}
{% if item.options.dual_stack_servers is defined and item.options.dual_stack_servers %}
dual-stack-servers
{{ (' port ' + item.options.dual_stack_servers.port | string) if item.options.dual_stack_servers.port is defined and item.options.dual_stack_servers }} {
@@ -463,6 +460,3 @@ tkey-dhkey "{{ item.options.tkey_dhkey.key_name }}" {{ item.options.tkey_dhkey.k
{{ (functions.boolean_option('use-alt-transfer-source', item.options.use_alt_transfer_source) + '\n') if item.options.use_alt_transfer_source is defined -}}
{{ (functions.boolean_option('zero-no-soa-ttl', item.options.zero_no_soa_ttl) + '\n') if item.options.zero_no_soa_ttl is defined -}}
{{ (functions.boolean_option('zero-no-soa-ttl-cache', item.options.zero_no_soa_ttl_cache) + '\n') if item.options.zero_no_soa_ttl_cache is defined -}}
{% endfilter %}
};
-1
View File
@@ -1,5 +1,4 @@
{% for agent in item.parental_agents if item.parental_agents is iterable %}
parental-agents {{ agent.name -}}
{{ (' port ' + agent.port | string) if agent.port is defined and agent.port -}}
{{ (' dscp ' + agent.dscp | string) if agent.dscp is defined and agent.dscp }} {
-1
View File
@@ -1,5 +1,4 @@
{% for primary in item.primaries if item.primaries is iterable %}
primaries {{ primary.name -}}
{{ (' port ' + primary.port | string) if primary.port is defined and primary.port -}}
{{ (' dscp ' + primary.dscp | string) if primary.dscp is defined and primary.dscp }} {
-1
View File
@@ -1,5 +1,4 @@
{% for server in item.server if item.server is iterable %}
server {{ server.prefix }} {
{% filter indent(bind9_config_indent, true) %}
{% if server.transfer_source is defined and server.transfer_source is mapping %}
@@ -1,4 +1,3 @@
statistics-channels {
{% filter indent(bind9_config_indent, true) %}
{% for channel in item.statistics_channels if item.statistics_channels is iterable %}
-1
View File
@@ -1,5 +1,4 @@
{% for tls in item.tls if item.tls is iterable %}
tls {{ tls.name }} {
{% filter indent(bind9_config_indent, true) %}
{{ ('cert-file "' + tls.cert_file + '";\n') if tls.cert_file is defined and tls.cert_file -}}
-1
View File
@@ -1,4 +1,3 @@
trust-anchors {
{% filter indent(bind9_config_indent, true) %}
{% for anchor in item.trust_anchors if item.trust_anchors is iterable %}
-1
View File
@@ -1,5 +1,4 @@
{% for view in item.view if item.view is iterable %}
view {{ view.name }} {
{% filter indent(bind9_config_indent, true) %}
{{ ('match-recursive-only ' + functions.named_boolean(view.match_recursive_only) + ';\n') if view.match_recursive_only is defined -}}
+3 -2
View File
@@ -1,5 +1,5 @@
# Zones Macro
{% for zone in item.zones %}
zone "{{ zone.name }}" {
{% filter indent(bind9_config_indent, true) %}
# Zone {{ zone.name }} type {{ zone.type }}
@@ -47,7 +47,7 @@ server-names {
server-addresses {
{{ functions.simple_item_list(zone.server_addresses) }}};
{% endif %}
{{ functions.parent_address_port_tls('forwarders', zone.forwarders) if zone.forwarders is defined and zone.forwarders -}}
{{ functions.parent_address_port_dscp('forwarders', zone.forwarders) if zone.forwarders is defined and zone.forwarders -}}
{% if zone.allow_transfer is defined and zone.allow_transfer is not string %}
allow-transfer
{{- (' port ' + zone.allow_transfer.port | string) if zone.allow_transfer.port is defined and zone.allow_transfer.port -}}
@@ -156,4 +156,5 @@ parental-source-v6 {{ zone.parental_source_v6.address -}}
{{ ('in-view ' + zone.in_view | string+';\n') if zone.in_view is defined and zone.in_view -}}
{% endfilter %}
};
{% endfor %}
+1 -1
View File
@@ -2,4 +2,4 @@
- hosts: localhost
remote_user: root
roles:
- bind9 # noqa: syntax-check[specific]
- bind9