stuvusIT.pdns-authoritative-api
pdns-authoritative-api
This Ansible role controls DNS zones using the PowerDNS HTTP API.
Requirements
- Debian or Ubuntu
Role Variables
| Name | Default/Required | Description |
|---|---|---|
pdns_auth_api_connect |
:heavy_check_mark: | Connect to this URL (e.g. http://127.0.0.1:1234) |
pdns_auth_api_server |
localhost |
Server instance to connect to |
pdns_auth_api_key |
:heavy_check_mark: | API Key to use (may be empty if you don't have one) |
pdns_auth_api_zones |
:heavy_check_mark: | Dictionary of DNS zones (see below) |
pdns_auth_api_remove_unknown_zones |
false |
Delete zones not recognized by this role |
pdns_auth_api_default_metadata |
Default metadata that can be changed per-zone |
DNS Zones
| Name | Default/Required | Description |
|---|---|---|
kind |
Master |
Type of this zone (Master, Slave, or Native) |
soaEdit |
(:heavy_check_mark:) | (not for Slave zones) SOA-EDIT value for this zone |
soaEditApi |
({{soaEdit}} |
(not for slave zones) SOA-EDIT-API value |
dnssec |
false |
(not for slave zones) Enable DNSSEC and NSEC3 for this zone |
presigned |
false |
(not for slave zones) Whether the zone is presigned |
apiRectify |
true |
(not for slave zones) Automatically fix the zone via API when changes happen |
nsec3Param |
(not for slave zones) NSEC3PARAM record value | |
nsec3Narrow |
false |
(not for slave zones) Use NSEC3 in narrow mode (false information) |
masters |
(:heavy_check_mark:) | List of the zone masters |
records |
not for Slave zones | List of all records in this zone (see below) |
defaultTTL |
(:heavy_check_mark:) | (not for slave zones) TTL for all RRsets without an explicitly set TTL |
metadata |
Dictionary with the domain metadata. Items in the database but not here are removed |
Records
This role automatically groups records of the same name and type together.
Each record can either set content (c) or set a TTL for the entire group (t).
Records are organized by types within names. See the example below. Unknown groups are removed.
If a SOA record has AUTO as its serial, the current serial value is used.
This is useful when the soaEditApi is set for automatic updates.
Contents
| Name | Default/Required | Description |
|---|---|---|
c |
(:heavy_check_mark:) | Content for this record. Must not be present if t is set |
t |
(:heavy_check_mark:) | TTL for this group of records. Must not be present if c is set |
r |
Also set the PTR record in the reverse zone |
Example Playbook
- hosts: dns
roles:
- pdns-authoritative-api
pdns_auth_api_connect: 'http://127.0.0.1:1234'
pdns_auth_api_key: 'secretsecretkey'
pdns_auth_api_zones:
- name: example.com
dnssec: true
nsec3Salt: abab
defaultNameservers:
- ns1.example.com
- ns2.example.com
metadata:
ALLOW-AXFR-FROM:
- AUTO-NS
- 2001:db8::/48
records:
example.com:
SOA:
- c: ns1.example.com admin.example.com AUTO 3600 1800 604800 600
NS:
- c: ns1.example.com.
- c: ns2.example.com.
- t: 15200
ns1.example.com:
A:
- c: 10.0.0.2
r: True
AAAA:
- c: fe80::1
r: True
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Author Information
Informazioni sul progetto
Configure PowerDNS zones via the HTTP API
Installa
ansible-galaxy install stuvusIT.pdns-authoritative-apiLicenza
other
Download
167
Proprietario
stuvus IT Team - Studierendenvertretung Universität Stuttgart