tree: 2e098e5707bfd679c04921d1b22b751ab85d37b4 [path history] [tgz]
  1. .cookiecutter_params.json
  2. .gitignore
  3. .reuse/
  4. LICENSES/
  5. Makefile
  6. README.md
  7. VERSION
  8. defaults/
  9. filter_plugins/
  10. handlers/
  11. meta/
  12. molecule/
  13. tasks/
  14. templates/
  15. vars/
README.md

nsd

NSD Authoritative DNS Server

NSD Documentation

By default NSD will listen on 127.0.0.1 and assumes that unbound or a similar recursive resolver or a proxy like dnscurve is on the same host sending it requests.

Both forward and reverse zones can be specified.

Note: Previous revisions of this role allowed for a single forward definition and inferred the reverse zone, but this does not work well with multiple RFC1918 subnets defined.

Requirements

Minimum ansible version: 2.9.5

Defaults

See the dns_forward_zones and dns_reverse_zones structures:

dns_forward_zones:
  example.com:
    ip_range: 192.168.1.1/24
    ns:
      - gw.example.com.
    a:
      gw: 192.168.1.1
      host1: 192.168.1.2
      host2: 192.168.1.3
      printer: 192.168.1.4
    cname:
      lpr: printer.example.com.
    srv: {}
    txt: {}

dns_reverse_zones:
  192.168.0.0/16:
    ns:
      - gw.example.com.
    ptr:
      192.168.1.1: gw.example.com.
      192.168.1.2: host1.example.com.
      192.168.1.3: host2.example.com.
      192.168.1.4: printer1.example.com.

Note: In the molecule tests, <zone>.serial is used for the zonefile serial, and is set to a static value to guarantee idempotency. In production, this must be changed every time the zonefile changes, or can be omitted and the current timestamp is used to generate the serial. Other DNS roles tried complicated solutions <https://github.com/bertvv/ansible-role-bind/blob/master/templates/bind_zone.j2>_ to guarantee the serial changes, but that seems like a lot of trouble, and is only useful for facilitating zone transfers which are silly/antiquated/security-problematic.

Example Playbook

- hosts: all
  roles:
    - nsd

License and Author

© 2020 Open Networking Foundation support@opennetworking.org

License: Apache-2.0