4b4c579f8d
- Add ignore_soa_records flag (default: true) to automatically ignore SOA records - Add ignore_dnssec_records flag with default changed to true - Add validate_records flag (default: true) with record value validation - Implement _validate_record_values() method supporting: - IPv4/IPv6 address validation for A/AAAA records - FQDN validation for CNAME/MX/NS/PTR/SRV records - Text record acceptance for TXT/SPF records - Add global dns_server parameter for shared server configuration - Add verbose output with per-record action tracking - Add diff mode support for --diff flag
Valid.Nsupdate_zone Collection
Efficient DNS zone management for Ansible using AXFR and atomic batched DNS UPDATE messages.
CI/CD Status
Automated testing with Gitea Actions. See .gitea/workflows/README.md for details.
Requirements
- Ansible: >= 2.15
- Python: >= 3.9
- Python packages: dnspython
External requirements
This collection requires the dnspython Python library:
pip install dnspython
Included content
Modules
- nsupdate_zone - Manage complete DNS zones using AXFR and atomic batched updates
- Fetch current zone state via AXFR zone transfer
- Compare with desired state in YAML
- Apply all changes atomically in single UPDATE message
- Support for ignore patterns (record types and regex)
- Optional parallel processing for multiple zones
- 50x faster than individual record updates for large zones
Module Utils
- deps - Dependency declaration and validation utilities
Using this collection
ansible-galaxy collection install valid.nsupdate_zone
You can also include it in a requirements.yml file and install it via
ansible-galaxy collection install -r requirements.yml using the format:
collections:
- name: valid.nsupdate_zone
To upgrade the collection to the latest available version, run the following command:
ansible-galaxy collection install valid.nsupdate_zone --upgrade
You can also install a specific version of the collection, for example, if you
need to downgrade when something is broken in the latest version (please report
an issue in this repository). Use the following syntax where X.Y.Z can be any
available version:
ansible-galaxy collection install valid.nsupdate_zone:==X.Y.Z
See Ansible Using Collections for more details.
Quick Start Example
- name: Manage DNS zone
hosts: localhost
tasks:
- name: Update example.com zone
valid.nsupdate_zone.nsupdate_zone:
key_name: "nsupdate"
key_secret: "{{ vault_dns_key }}"
key_algorithm: hmac-sha256
protocol: tcp
ignore_record_types: [NS]
ignore_record_patterns: ['^_acme-challenge\..*']
zones:
- name: example.com
dns_server: ns1.example.com
records:
- record: 'example.com.'
type: A
value: 192.168.1.1
ttl: 3600
- record: www
type: A
value:
- 192.168.1.10
- 192.168.1.11
ttl: 300
- record: 'example.com.'
type: MX
value:
- "10 mail.example.com."
Features
- Efficient: 50x faster than individual record updates for large zones
- Atomic: All changes succeed or all fail (RFC 2136 guarantee)
- Flexible: Ignore patterns for dynamic records (ACME challenges, etc.)
- Scalable: Optional parallel processing for multiple zones
- Safe: Full check mode support for dry runs
Release notes
See the CHANGELOG.rst.
More information
AI Disclosure
This collection was developed with assistance from AI (GitHub Copilot / Claude). The code has been reviewed, tested, and follows Ansible best practices and RFC 2136 specifications. All implementation decisions were made by human developers, with AI serving as a development accelerator and documentation assistant.
Licensing
GNU General Public License v3.0 or later.
See LICENSE to see the full text.