nemo/ansible-base
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
ansible-base/roles/vavrusa.knot/README.md
Nemo fb30ce6ecd Adapt knot role
2020-08-15 13:58:09 +02:00

3 KiB
Raw Blame History

Knot DNS authoritative

Installs Knot DNS authoritative DNS server on Debian/Ubuntu/RedHat or FreeBSD.

Requirements

None.

Role Variables

If building from sources, pick a git branch or tag.

knot_install_dir: /usr/local

If building from sources, pick an installation prefix (/usr/local means the binary will be installed in /usr/local/sbin/knotd for example).

knot_user: knot
knot_group: knot

Create a user for running Knot DNS daemon.

knot_daemon: knot

Pick a different name for Knot DNS daemon service.

knot_interfaces:
  - 127.0.0.1
  - 192.168.1.1@5353

Make Knot DNS listen on specific interfaces or ports. By default it listens on default IPv4/v6 interfaces and localhost.

knot_zones:
  - { name: 'example.com', file: '/tmp/example.zone', template: 'default', module: 'mymodule' }

List of enabled zones. name is the only mandatory field, rest is undefined by default. You can reference defined templates or modules here.

knot_config_extras: |
  server:
    rate-limit: 10
  template:
    - id: default
      semantic-checks: on

Extend configuration with server-specific or more advanced configuration here. Here you can define additional templates, ACLs or remotes, or redefine server options.

Dependencies

None.

Example Playbook

The role can be configured as a slave using just knot_zones and knot_extras to define remotes, you can complete these from host variables or include from a file:

- hosts: slaves
  roles:
     - role: knot.auth
       knot_zones:
        - { name: 'example.com' }
       knot_extras: |
         remote:
           - id: master
             address: 192.168.1.1
         acl:
           - id: master_acl
             address: 192.179.1.1
             action: notify
         template:
           - id: default
             master: master
             acl: master_acl

Example master role is the opposite, except this role doesn't guarantee bootstrapping of the zone files, you have to do this yourself, for example with synchronize:

- hosts: master01
  roles:
     - role: knot.auth
       knot_zones:
        - { name: 'example.com' }
       knot_keys:
        - { id: 'slave1_key', algorithm: 'hmac-md5', secret: 'Wg==' }
       knot_extras: |
         remote:
           - id: slave01
             address: 192.168.2.1
             key: slave_key
         acl:
           - id: slaves
             address: 192.168.2.0/24
             action: transfer
             key: slave_key
         template:
           - id: default
             storage: /var/lib/zones
             notify: slave01
             acl: slaves

License

BSD

Author Information