Update ns to improve dnssec
This commit is contained in:
parent
812ea79c3e
commit
ed57707c8b
|
|
@ -8,10 +8,10 @@ if [ -z "$DOMAIN" ]; then
|
|||
fi
|
||||
|
||||
echo -e "\n> DS record 1 [Digest Type = SHA1] :"
|
||||
ldns-key2ds -n -1 "/etc/nsd/zones/${DOMAIN}.signed"
|
||||
ldns-key2ds -n -1 "/etc/nsd/zones/${DOMAIN}.zone.signed"
|
||||
|
||||
echo -e "\n> DS record 2 [Digest Type = SHA256] :"
|
||||
ldns-key2ds -n -2 "/etc/nsd/zones/${DOMAIN}.signed"
|
||||
ldns-key2ds -n -2 "/etc/nsd/zones/${DOMAIN}.zone.signed"
|
||||
|
||||
echo -e "\n> Public KSK Key :"
|
||||
tail -n 1 "/etc/nsd/zones/K${DOMAIN}.ksk.key"
|
||||
|
|
|
|||
|
|
@ -29,10 +29,10 @@
|
|||
template:
|
||||
src: zone.j2
|
||||
dest: "/etc/nsd/zones/{{ item.name }}.zone"
|
||||
mode: '0640'
|
||||
loop: "{{ dns_zones }}"
|
||||
when: "dns_zones is defined"
|
||||
|
||||
|
||||
- name: Enable NSD on boot and start it
|
||||
service: name=nsd state=started enabled=yes
|
||||
|
||||
|
|
@ -52,3 +52,12 @@
|
|||
when: "dns_zones is defined"
|
||||
register: dsrecord
|
||||
|
||||
- name: Fix permissions on /etc/nsd/zones
|
||||
file:
|
||||
path: /etc/nsd/zones
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0640
|
||||
state: directory
|
||||
recurse: yes
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue