A role to configure an authoritative name server, either knot, nsd or bind in a consistant way.
There are no requirements, though you'll need internet access to download packages.
nameserver_instances:
- name: knot # name for the instance.
index: 0 # index, hope to make this optional.
server: knot # which piece of software to use.
log_syslog: True # Log to syslog?
log_file: True # Log to file?
log_severity: info # minimum severity to log.
source_v4: 192.168.0.1 # What v4 address to source connections from.
source_v6: fd0:5353:5353::1 # What v6 address to source connections from.
listen: # A dict of port and addresses to listen on.
53:
v4_addr:
- 192.168.0.1
v6_addr:
-
zones: # The zone configurations.
- knot-group
rrl_qps: 400
rrl_slip: 2
nameserver_zone_groups:
knot-group: # The name of the configuration referenced above.
settings:
upstream: upstream-knot # Named group of upstream and downstream servers.
zones:
- name: 1.example # The names of the zones to serve.
- name: 2.example
- name: 3.example
nameserver_host_groups:
upstream-knot:
- server: master1 # Name of the server.
ip: 192.168.0.4 # IP address of the upstream.
tsig: knot-tsig # Named tsig key configuration.
nameserver_tsig_keys:
knot-tsig: # Name of the tsig key.
key: '<some key>' # Some base64 encoded key.
algorithm: hmac-sha512 # The algorithm used.There are no dependenices.
- hosts: all
roles:
- ns-auth-chroot
BSD
Daniel Griggs [email protected]