daniel/valid.nsupdate_zone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CDNSKEY, CDS, and TYPE65534 to ignored DNSSEC record types

Browse Source 
- Extend ignore_dnssec_records to include CDNSKEY, CDS, and TYPE65534
- These are DNSSEC-related record types that are often managed by DNS servers
- Update documentation to reflect all ignored DNSSEC types
This commit is contained in:
Daniel Akulenok
2026-01-29 21:59:50 +01:00
parent 226fa43e39
commit 5bc1f789d7
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/modules/nsupdate_zone.py
View File

@@ -132,7 +132,7 @@ options:
ignore_dnssec_records:
description:
- Automatically ignore DNSSEC-managed record types.
- When enabled, DNSKEY, RRSIG, NSEC, NSEC3, and NSEC3PARAM records are added to the ignore list.
- When enabled, DNSKEY, RRSIG, NSEC, NSEC3, NSEC3PARAM, CDNSKEY, CDS, and TYPE65534 records are added to the ignore list.
- Useful when DNS servers manage DNSSEC records automatically and they should not be modified.
type: bool
default: true
@@ -365,7 +365,7 @@ class DNSZoneManager:
# Add DNSSEC record types to ignore list if enabled
if module.params.get('ignore_dnssec_records', True):
dnssec_types = {'DNSKEY', 'RRSIG', 'NSEC', 'NSEC3', 'NSEC3PARAM'}
dnssec_types = {'DNSKEY', 'RRSIG', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'CDNSKEY', 'CDS', 'TYPE65534'}
self.ignore_types.update(dnssec_types)
# Add SOA record type to ignore list if enabled