daniel/valid.nsupdate_zone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
226fa43e39a1851531b14d92a22f6af8b6e8026b
valid.nsupdate_zone/docs/sample_zone_format.yml
Daniel Akulenok 0a4c83c4b0 docs(examples): update to use Ansible FQCN 
- Updated debug tasks to use ansible.builtin.debug (FQCN)
- Removed trailing whitespace
- Fixed line length violations
- Examples now follow Ansible guidelines
2026-01-29 21:24:16 +01:00

97 lines
3.1 KiB
YAML
Raw Blame History

---
# Sample zone file matching the format from the user's request
# This demonstrates how to use nsupdate_zone with the specified YAML format
list_of_nsupdate_zones:
- name: hugs.dk
dns_server: ns1.mydns.com
records:
# To remove a record, set state: absent
- record: dnshenet-key
type: TXT
value: 'c8445a4f-cf4c-4130-94c8-21c2b0da80c0'
state: absent
# Multiple values are specified in list form.
- record: 'hugs.dk.'
type: CAA
value:
- "0 issue letsencrypt.org"
- "0 iodef mailto:caa@valid.dk"
# the 'record' field is prepended to the 'name' of the zone unless it is terminated with a dot '.'.
# This record will be 'skibidi.ohio.hugs.dk' and will point to 'doesntexist.hugs.dk.'
- record: skibidi.ohio
type: CNAME
value: doesntexist
# You CANNOT specify other record types when the name already has a CNAME.
# The following example will never be able to make it into the zone file
# COMMENTED OUT because it would cause a CNAME conflict error
# - record: skibidi.ohio
# type: TXT
# value:
# - "Q: Hey can we add an SPF record to this third party vendors CNAME?"
# - "A: The answer is always no"
# Star aliases work as expected
- record: '*'
type: CNAME
value: 'hugs.dk.'
# When referencing the base domain, specify its FQDN followed by a period '.'
# Like this
- record: 'hugs.dk.'
type: TXT
value:
- "v=spf1 mx a include:_spf.google.com ~all"
- "google-site-verification=8PimrghUKUJi9dJhfj1CGyB7s5zzf6ZiiZxukzPALM0"
# Complex records with multiple fields are simply
# separated by a space in the value field.
- record: 'hugs.dk.'
type: MX
value:
- "1 aspmx.l.google.com."
- "5 alt2.aspmx.l.google.com."
- "5 alt1.aspmx.l.google.com."
- "10 alt3.aspmx.l.google.com."
- "10 alt4.aspmx.l.google.com."
# Example playbook to use this zone file
---
- name: Provision DNS zones efficiently
hosts: localhost
gather_facts: false
vars_files:
- sample_zone_format.yml
vars:
# Your TSIG key for authentication
dns_tsig_key_name: "nsupdate"
dns_tsig_key_secret: "{{ vault_dns_key }}" # Store in ansible-vault
tasks:
- name: Update DNS zones
valid.nsupdate_zone.nsupdate_zone:
key_name: "{{ dns_tsig_key_name }}"
key_secret: "{{ dns_tsig_key_secret }}"
key_algorithm: hmac-sha256
protocol: tcp
# SOA and DNSSEC records are ignored by default
ignore_record_patterns:
- '^_acme-challenge\..*'
zones: "{{ list_of_nsupdate_zones }}"
register: zone_update_result
- name: Display update summary
ansible.builtin.debug:
msg: |
Zone: {{ item.zone }}
Changed: {{ item.changed }}
Changes: +{{ item.changes.adds }} -{{ item.changes.deletes }} ~{{ item.changes.updates }}
loop: "{{ zone_update_result.results }}"
loop_control:
label: "{{ item.zone }}"
Reference in New Issue View Git Blame Copy Permalink