roles/named: Support managing zones
The *named* role now supports generating configuration for authoritative DNS zones and DNSSEC keys. Zones are defined by populating the `named_zones` variable with a list of objects describing the zone. Zone properties can include: * `name`: The DNS domain name * `type`: The zone type, defaults to `master` * `allow_update`: A list of hosts/networks or DNSSEC key names (which must be specified as an object with a `key` property) * `update_policy`: A list of BIND update policy statements * `ttl`: The default (minimum) TTL for the zone * `origin`: The authoritative name server for the zone * `refresh`, `retry`, `expire`: Record cache timeout values * `default_records`: A list of default records, defined as objects with the following properties: * `name`: The RR name * `type`: The RR type (default: `A`) * `value`: The RR value Zone files will be created in `/var/named/dynamic`. Existing zone files will **not** be overwritten; management of zone records is done using `nsupdate` or similar.
This commit is contained in:
26
roles/named/templates/named.zones.j2
Normal file
26
roles/named/templates/named.zones.j2
Normal file
@@ -0,0 +1,26 @@
|
||||
// Zone configuration for ISC BIND
|
||||
{% for zone in named_zones %}
|
||||
|
||||
zone "{{ zone.zone }}" {
|
||||
type {{ zone.type|d('master') }};
|
||||
file "dynamic/{{ zone.zone }}.zone";
|
||||
{% if zone.allow_update|d %}
|
||||
allow-update {
|
||||
{% for auth in zone.allow_update %}
|
||||
{% if auth.key is defined %}
|
||||
key {{ auth.key }};
|
||||
{% else %}
|
||||
{{ auth }};
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
};
|
||||
{% endif %}
|
||||
{% if zone.update_policy|d %}
|
||||
update-policy {
|
||||
{% for auth in zone.update_policy %}
|
||||
{{ auth }};
|
||||
{% endfor %}
|
||||
};
|
||||
{% endif %}
|
||||
};
|
||||
{% endfor %}
|
||||
Reference in New Issue
Block a user