118 lines
3 KiB
Markdown
118 lines
3 KiB
Markdown
Knot DNS authoritative
|
|
======================
|
|
|
|
Installs [Knot DNS][knot-dns] authoritative DNS server on Debian/Ubuntu/RedHat or FreeBSD.
|
|
|
|
Requirements
|
|
------------
|
|
|
|
None.
|
|
|
|
Role Variables
|
|
--------------
|
|
|
|
If building from sources, pick a git branch or tag.
|
|
|
|
knot_install_dir: /usr/local
|
|
|
|
If building from sources, pick an installation prefix (`/usr/local` means the binary will be installed in `/usr/local/sbin/knotd` for example).
|
|
|
|
knot_user: knot
|
|
knot_group: knot
|
|
|
|
Create a user for running Knot DNS daemon.
|
|
|
|
knot_daemon: knot
|
|
|
|
Pick a different name for Knot DNS daemon service.
|
|
|
|
knot_interfaces:
|
|
- 127.0.0.1
|
|
- 192.168.1.1@5353
|
|
|
|
Make Knot DNS listen on specific interfaces or ports. By default it listens on default IPv4/v6 interfaces and localhost.
|
|
|
|
knot_zones:
|
|
- { name: 'example.com', file: '/tmp/example.zone', template: 'default', module: 'mymodule' }
|
|
|
|
List of enabled zones. `name` is the only mandatory field, rest is undefined by default.
|
|
You can reference defined templates or modules here.
|
|
|
|
knot_config_extras: |
|
|
server:
|
|
rate-limit: 10
|
|
template:
|
|
- id: default
|
|
semantic-checks: on
|
|
|
|
Extend configuration with server-specific or more advanced configuration here. Here you can define additional templates, ACLs or remotes,
|
|
or redefine server options.
|
|
|
|
Dependencies
|
|
------------
|
|
|
|
None.
|
|
|
|
Example Playbook
|
|
----------------
|
|
|
|
The role can be configured as a slave using just `knot_zones` and `knot_extras` to define remotes, you can complete these
|
|
from host variables or include from a file:
|
|
|
|
- hosts: slaves
|
|
roles:
|
|
- role: knot.auth
|
|
knot_zones:
|
|
- { name: 'example.com' }
|
|
knot_extras: |
|
|
remote:
|
|
- id: master
|
|
address: 192.168.1.1
|
|
acl:
|
|
- id: master_acl
|
|
address: 192.179.1.1
|
|
action: notify
|
|
template:
|
|
- id: default
|
|
master: master
|
|
acl: master_acl
|
|
|
|
Example master role is the opposite, except this role doesn't guarantee bootstrapping of the zone files, you have to do this
|
|
yourself, for example with [synchronize][ansible-synchronize]:
|
|
|
|
- hosts: master01
|
|
roles:
|
|
- role: knot.auth
|
|
knot_zones:
|
|
- { name: 'example.com' }
|
|
knot_keys:
|
|
- { id: 'slave1_key', algorithm: 'hmac-md5', secret: 'Wg==' }
|
|
knot_extras: |
|
|
remote:
|
|
- id: slave01
|
|
address: 192.168.2.1
|
|
key: slave_key
|
|
acl:
|
|
- id: slaves
|
|
address: 192.168.2.0/24
|
|
action: transfer
|
|
key: slave_key
|
|
template:
|
|
- id: default
|
|
storage: /var/lib/zones
|
|
notify: slave01
|
|
acl: slaves
|
|
|
|
License
|
|
-------
|
|
|
|
BSD
|
|
|
|
Author Information
|
|
------------------
|
|
|
|
* [www.knot-dns.cz][knot-dns]
|
|
|
|
[knot-dns]: http://www.knot-dns.cz
|
|
[ansible-synchronize]: http://docs.ansible.com/ansible/synchronize_module.html
|