# ansible-nsd
A playbook to manage NSD and generate zone file with DNSSEC

Example of usage : 

Master
```
zones:
  - name: dryusdan.space
    secret: AMAIZINGSECRET
    slaves:
      - ip: 5.6.7.8
      - ip: 9.10.11.12
        nokey: True
  - name: drycat.fr
    secret: AMAIZINGSECRET
    slaves:
      - ip: 5.6.7.8
      - ip: 9.10.11.12
        nokey: True
```

Slave
```
zones:
  - name: dryusdan.space
    secret: AMAIZINGSECRET
    masters:
      - 1.2.3.4
  - name: drycat.fr
    secret: AMAIZINGSECRET
    masters:
      - 1.2.3.4
```
And Zone : 
```
dns_zones:
  - name: dryusdan.space
    ttl: 3600
    ns_master: ns1.dryusdan.fr
    email: contact@dryusdan.fr
    refresh: 86400
    retry: 7200
    expire: 3600000
    default_ttl: 600
    records:
      - dryusdan.space.  IN NS     ns1.dryusdan.fr.
      - dryusdan.space.  IN NS     ns2.dryusdan.fr.
      - dryusdan.space.  IN NS     ns3.dryusdan.fr.
      - dryusdan.space.  IN MX 1   mail.dryusdan.fr.
      - dryusdan.space.  IN A      5.9.38.80
      - dryusdan.space.  IN AAAA   2a01:4f8:161:2269:8000::1337:c0de
      - dryusdan.space.  IN TXT    "4|www.tristan-le-chanony.fr"
      - dryusdan.space.  IN TXT    "v=spf1 a mx ip4:195.201.35.125 ip6:2a01:4f8:1c0c:5b90:7331::2 ~all"
      - www  IN A    5.9.38.80
      - www  IN AAAA 2a01:4f8:161:2269:8000::1337:c0de

  - name: drycat.fr
    ttl: 86400
    ns_master: ns1.dryusdan.fr
    email: contact@dryusdan.fr
    refresh: 86400
    retry: 7200
    expire: 3600000
    default_ttl: 600
    records:
      - drycat.fr.          IN NS     ns1.dryusdan.fr.
      - drycat.fr.          IN NS     ns2.dryusdan.fr.
      - drycat.fr.          IN NS     ns3.dryusdan.fr.
      - drycat.fr.          IN MX 10  mail.dryusdan.fr.
      - drycat.fr.          IN A    5.9.38.80
      - drycat.fr.          IN AAAA 2a01:4f8:161:2269:8000:0:1337:c0de
      - drycat.fr.          IN TXT  "v=spf1 a mx ip4:195.201.35.125 ip6:2a01:4f8:1c0c:5b90:7331::2 ~all"
      - www                 IN A     5.9.38.80
      - www                 IN AAAA  2a01:4f8:161:2269:8000::1337:c0de
      - _matrix._tcp.matrix.drycat.fr.  IN SRV 10 0 443 matrix.drycat.fr.
      - mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
         "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0kewpyp/k3CN8V3/sEToa+oyv/+Jr+StkPnPqWMV8hp2kEMQ+aIh56RPxeMoN/jVvl8qkltL/Yiz5F2+/OQvN8wMQ0OUGOxLtbTYEUCKori5qrmwvMuP4IqqSejylMQ5rnMlPoOLizhJnS70IvY8DyEHEbmYre2WrMcMww+xM5OqrPxq3LOy6+S864hZktV+GvzeeX9bXNv8z6TRe"
         "8omsNK0Ez9L+ffggL6F0W3DvrM4EWBtLpnA5Z8Pw97HfbYb1/YUbxOq5jBVTQkXcjkE1Fod1Rfv15OU8AtHrbg2xDMp6L8537r9a6S8+RfoE+wIWKq1lb3/+S//pPgBO5Og0btWxGhFeIiXKQ6uCGeMQ7fpecxUd6DhSfFIFJQn+gKrIYHIcrnVobW/DrerFlBtdJW4kC/3yIbYFdyYKh0dF3138xRUtfhbTrjp20WbFXUwK9CibbFoR7IyE6MK"
         "mRhL4mSkpHZxrOmLDDSTtGUp2lblY+VHKdVxs3+/WOWG66xVUNC4b4pS4YwMS72nKIJB5GV19jGqela5ZoIM9Yexmo2jVH2E98v36lZl9WKa2I2/lUNZYp/d4pngPBftT61ylYZW4+3DeaDf4DbcOSp6K4qfjGm3NyRVsg6jjGbpI0gZvAtQ2nc6s4gKy15uAxW0STUwD8irW+ySQ6IQ2MsGzj0CAwEAAQ==") ;
      - _dmarc IN TXT ( "v=DMARC1;p=quarantine;sp=quarantine;pct=100;adkim=r;aspf=r;fo=1;ri=86400;rua=mailto:dmarc@dryusdan.fr;ruf=mailto:dmarc@dryusdan.fr;rf=afrf" )
```


To get DS record, connect to nameserver and write this command : `/usr/local/bin/ds-records dryusdan.space`