Dustin C. Hatch
0629a063bc
The *named* role now supports generating configuration for authoritative DNS zones and DNSSEC keys. Zones are defined by populating the `named_zones` variable with a list of objects describing the zone. Zone properties can include: * `name`: The DNS domain name * `type`: The zone type, defaults to `master` * `allow_update`: A list of hosts/networks or DNSSEC key names (which must be specified as an object with a `key` property) * `update_policy`: A list of BIND update policy statements * `ttl`: The default (minimum) TTL for the zone * `origin`: The authoritative name server for the zone * `refresh`, `retry`, `expire`: Record cache timeout values * `default_records`: A list of default records, defined as objects with the following properties: * `name`: The RR name * `type`: The RR type (default: `A`) * `value`: The RR value Zone files will be created in `/var/named/dynamic`. Existing zone files will **not** be overwritten; management of zone records is done using `nsupdate` or similar.