The dnsrecord module allows management of DNS records and is as compatible as possible with the Ansible upstream ipa_dnsrecord
module, but provide some other features like multiple record management in one execution and support for more DNS record types.
- DNS record management.
FreeIPA versions 4.4.0 and up are supported by the ipadnsrecord module.
Controller
- Ansible version: 2.15+
Node
- Supported FreeIPA version (see above)
Example inventory file
[ipaserver]
ipaserver.example.com
Example playbook to ensure an AAAA record is present:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
name: host01
zone_name: example.com
record_type: 'AAAA'
record_value: '::1'
Example playbook to ensure an AAAA record is present, with a TTL of 300:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
name: host01
zone_name: example.com
record_type: 'AAAA'
record_value: '::1'
record_ttl: 300
Example playbook to ensure an AAAA record is present, with a reverse PTR record:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
name: host02
zone_name: example.com
record_type: 'AAAA'
record_value: 'fd00::0002'
create_reverse: yes
Example playbook to ensure a LOC record is present, given its individual attributes:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host03
loc_lat_deg: 52
loc_lat_min: 22
loc_lat_sec: 23.000
loc_lat_dir: N
loc_lon_deg: 4
loc_lon_min: 53
loc_lon_sec: 32.00
loc_lon_dir: E
loc_altitude: -2.00
loc_size: 1.00
loc_h_precision: 10000
loc_v_precision: 10
Example playbook to ensure multiple DNS records are present:
---
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
records:
- name: host02
zone_name: example.com
record_type: A
record_value:
- "{{ ipv4_prefix }}.112"
- "{{ ipv4_prefix }}.122"
- name: host02
zone_name: example.com
record_type: AAAA
record_value: ::1
Example playbook to ensure multiple CNAME records are present:
---
- name: Ensure that 'host03' and 'host04' have CNAME records.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
records:
- name: host03
cname_hostname: host03.example.com
- name: host04
cname_hostname: host04.example.com
Example playbook to ensure NS record is absent:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host04
ns_hostname: host04
state: absent
Example playbook to ensure LOC record is present, with fields:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host04
loc_lat_deg: 52
loc_lat_min: 22
loc_lat_sec: 23.000
loc_lat_dir: N
loc_lon_deg: 4
loc_lon_min: 53
loc_lon_sec: 32.000
loc_lon_dir: E
loc_altitude: -2.00
loc_size: 0.00
loc_h_precision: 10000
loc_v_precision: 10
Change value of an existing LOC record:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host04
loc_size: 1.00
loc_rec: 52 22 23 N 4 53 32 E -2 0 10000 10
Example playbook to ensure multiple A records are present:
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host04
a_rec:
- 192.168.122.221
- 192.168.122.222
- 192.168.122.223
- 192.168.122.224
Example playbook to ensure A and AAAA records are present, with reverse records (PTR):
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host01
a_rec:
- 192.168.122.221
- 192.168.122.222
aaaa_rec:
- fd00:;0001
- fd00::0002
create_reverse: yes
Example playbook to ensure multiple A and AAAA records are present, but only A records have reverse records:
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host01
a_ip_address: 192.168.122.221
aaaa_ip_address: fd00::0001
a_create_reverse: yes
Example playbook to ensure multiple DNS records are absent:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
records:
- name: host01
del_all: yes
- name: host02
del_all: yes
- name: host03
del_all: yes
- name: host04
del_all: yes
- name: _ftp._tcp
del_all: yes
- name: _sip._udp
del_all: yes
state: absent
Variable | Description | Required |
---|---|---|
ipaadmin_principal |
The admin principal is a string and defaults to admin |
no |
ipaadmin_password |
The admin password is a string and is required if there is no admin ticket available on the node | no |
ipaapi_context |
The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are server and client . |
no |
ipaapi_ldap_cache |
Use LDAP cache for IPA connection. The bool setting defaults to yes. (bool) | no |
zone_name | dnszone |
The DNS zone name to which DNS record needs to be managed. You can use one global zone name for multiple records. | no |
required: true | ||
records |
The list of dns records dicts. Each records dict entry can contain record variables. |
no |
Record variables | no | |
Record variables | Used when defining a single record. | no |
state |
The state to ensure. It can be one of present or absent , and defaults to present . |
yes |
Record Variables:
Variable | Description | Required |
---|---|---|
zone_name | dnszone |
The DNS zone name to which DNS record needs to be managed. You can use one global zone name for multiple records. When used on a records dict, overrides the global zone_name . |
yes |
name | record_name |
The DNS record name to manage. | yes |
record_type |
The type of DNS record. Supported values are A , AAAA , A6 , AFSDB , CERT , CNAME , DLV , DNAME , DS , KX , LOC , MX , NAPTR , NS , PTR , SRV , SSHFP , TLSA , TXT , URI , and defaults to A . |
no |
record_value |
Manage DNS record name with this values. | no |
record_ttl |
Set the TTL for the record. (int) | no |
del_all |
Delete all associated records. (bool) | no |
a_rec | a_record |
Raw A record. | no |
aaaa_rec | aaaa_record |
Raw AAAA record. | no |
a6_rec | a6_record |
Raw A6 record data. | no |
afsdb_rec | afsdb_record |
Raw AFSDB record. | no |
cert_rec | cert_record |
Raw CERT record. | no |
cname_rec | cname_record |
Raw CNAME record. | no |
dlv_rec | dlv_record |
Raw DLV record. | no |
dname_rec | dname_record |
Raw DNAM record. | no |
ds_rec | ds_record |
Raw DS record. | no |
kx_rec | kx_record |
Raw KX record. | no |
loc_rec | loc_record |
Raw LOC record. | no |
mx_rec | mx_record |
Raw MX record. | no |
naptr_rec | naptr_record |
Raw NAPTR record. | no |
ns_rec | ns_record |
Raw NS record. | no |
ptr_rec | ptr_record |
Raw PTR record. | no |
srv_rec | srv_record |
Raw SRV record. | no |
sshfp_rec | sshfp_record |
Raw SSHFP record. | no |
tlsa_rec | tlsa_record |
Raw TLSA record. | no |
txt_rec | txt_record |
Raw TXT record. | no |
uri_rec | uri_record |
Raw URI record. | no |
ip_address |
IP adress for A or AAAA records. Set record_type to A or AAAA . |
no |
create_reverse | reverse |
Create reverse records for A and AAAA record types. There is no equivalent to remove reverse records. (bool) |
no |
a_ip_address |
IP adress for A records. Set record_type to A . |
no |
a_create_reverse |
Create reverse records only for A records. There is no equivalent to remove reverse records. (bool) |
no |
aaaa_ip_address |
IP adress for AAAA records. Set record_type AAAA . |
no |
aaaa_create_reverse |
Create reverse records only for AAAA record types. There is no equivalent to remove reverse records. (bool) |
no |
a6_data |
A6 record. Set record_type to A6 . |
no |
afsdb_subtype |
AFSDB Subtype. Set record_type to AFSDB . (int) |
no |
afsdb_hostname |
AFSDB Hostname. Set record_type to AFSDB . |
no |
cert_type |
CERT Certificate Type. Set record_type to CERT . (int) |
no |
cert_key_tag |
CERT Key Tag. Set record_type to CERT . (int) |
no |
cert_algorithm |
CERT Algorithm. Set record_type to CERT . (int) |
no |
cert_certificate_or_crl |
CERT Certificate or Certificate Revocation List (CRL). Set record_type to CERT . |
no |
cname_hostname |
A hostname which this alias hostname points to. Set record_type to CNAME . |
no |
dlv_key_tag |
DS Key Tag. Set record_type to DLV . (int) |
no |
dlv_algorithm |
DLV Algorithm. Set record_type to DLV . (int) |
no |
dlv_digest_type |
DLV Digest Type. Set record_type to DLV . (int) |
no |
dlv_digest |
DLV Digest. Set record_type to DLV . |
no |
dname_target |
DNAME Target. Set record_type to DNAME . |
no |
ds_key_tag |
DS Key Tag. Set record_type to DS . (int) |
no |
ds_algorithm |
DS Algorithm. Set record_type to DS . (int) |
no |
ds_digest_type |
DS Digest Type. Set record_type to DS . (int) |
no |
ds_digest |
DS Digest. Set record_type to DS . |
no |
kx_preference |
Preference given to this exchanger. Lower values are more preferred. Set record_type to KX . (int) |
no |
kx_exchanger |
A host willing to act as a key exchanger. Set record_type to KX . |
no |
loc_lat_deg |
LOC Degrees Latitude. Set record_type to LOC . (int) |
no |
loc_lat_min |
LOC Minutes Latitude. Set record_type to LOC . (int) |
no |
loc_lat_sec |
LOC Seconds Latitude. Set record_type to LOC . (float) |
no |
loc_lat_dir |
LOC Direction Latitude. Valid values are N or S . Set record_type to LOC . (int) |
no |
loc_lon_deg |
LOC Degrees Longitude. Set record_type to LOC . (int) |
no |
loc_lon_min |
LOC Minutes Longitude. Set record_type to LOC . (int) |
no |
loc_lon_sec |
LOC Seconds Longitude. Set record_type to LOC . (float) |
no |
loc_lon_dir |
LOC Direction Longitude. Valid values are E or W . Set record_type to LOC . (int) |
no |
loc_altitude |
LOC Altitude. Set record_type to LOC . (float) |
no |
loc_size |
LOC Size. Set record_type to LOC . (float) |
no |
loc_h_precision |
LOC Horizontal Precision. Set record_type to LOC . (float) |
no |
loc_v_precision |
LOC Vertical Precision. Set record_type to LOC . (float) |
no |
mx_preference |
Preference given to this exchanger. Lower values are more preferred. Set record_type to MX . (int) |
no |
mx_exchanger |
A host willing to act as a mail exchanger. Set record_type to LOC . |
no |
naptr_order |
NAPTR Order. Set record_type to NAPTR . (int) |
no |
naptr_preference |
NAPTR Preference. Set record_type to NAPTR . (int) |
no |
naptr_flags |
NAPTR Flags. Set record_type to NAPTR . |
no |
naptr_service |
NAPTR Service. Set record_type to NAPTR . |
no |
naptr_regexp |
NAPTR Regular Expression. Set record_type to NAPTR . |
no |
naptr_replacement |
NAPTR Replacement. Set record_type to NAPTR . |
no |
ns_hostname |
NS Hostname. Set record_type to NS . |
no |
ptr_hostname |
The hostname this reverse record points to. . Set record_type to PTR . |
no |
srv_priority |
Lower number means higher priority. Clients will attempt to contact the server with the lowest-numbered priority they can reach. Set record_type to SRV . (int) |
no |
srv_weight |
Relative weight for entries with the same priority. Set record_type to SRV . (int) |
no |
srv_port |
SRV Port. Set record_type to SRV . (int) |
no |
srv_target |
The domain name of the target host or '.' if the service is decidedly not available at this domain. Set record_type to SRV . |
no |
sshfp_algorithm |
SSHFP Algorithm. Set record_type to SSHFP . (int) |
no |
sshfp_fp_type |
SSHFP Fingerprint Type. Set record_type to SSHFP . (int) |
no |
sshfp_fingerprint |
SSHFP Fingerprint. Set record_type to SSHFP . (int) |
no |
txt_data |
TXT Text Data. Set record_type to TXT . |
no |
tlsa_cert_usage |
TLSA Certificate Usage. Set record_type to TLSA . (int) |
no |
tlsa_selector |
TLSA Selector. Set record_type to TLSA . (int) |
no |
tlsa_matching_type |
TLSA Matching Type. Set record_type to TLSA . (int) |
no |
tlsa_cert_association_data |
TLSA Certificate Association Data. Set record_type to TLSA . |
no |
uri_target |
Target Uniform Resource Identifier according to RFC 3986. Set record_type to URI . |
no |
uri_priority |
Lower number means higher priority. Clients will attempt to contact the URI with the lowest-numbered priority they can reach. Set record_type to URI . (int) |
no |
uri_weight |
Relative weight for entries with the same priority. Set record_type to URI . (int) |
no |
Rafael Guterres Jeffman