Dryusdan
1e720a1ffe
|
||
|---|---|---|
| files | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| .gitignore | ||
| LICENSE | ||
| README.md | ||
README.md
ansible-nsd
A playbook to manage NSD and generate zone file with DNSSEC
Example of usage :
Master
zones:
- name: dryusdan.space
secret: AMAIZINGSECRET
slaves:
- 5.6.7.8
- 9.10.11.12
- name: drycat.fr
secret: AMAIZINGSECRET
slaves:
- 5.6.7.8
- 9.10.11.12
Slave
zones:
- name: dryusdan.space
secret: AMAIZINGSECRET
masters:
- 1.2.3.4
- name: drycat.fr
secret: AMAIZINGSECRET
masters:
- 1.2.3.4
And Zone :
dns_zones:
- name: dryusdan.space
ttl: 3600
ns_master: ns1.dryusdan.fr
email: contact@dryusdan.fr
refresh: 86400
retry: 7200
expire: 3600000
default_ttl: 600
records:
- dryusdan.space. IN NS ns1.dryusdan.fr.
- dryusdan.space. IN NS ns2.dryusdan.fr.
- dryusdan.space. IN NS ns3.dryusdan.fr.
- dryusdan.space. IN MX 1 mail.dryusdan.fr.
- dryusdan.space. IN A 5.9.38.80
- dryusdan.space. IN AAAA 2a01:4f8:161:2269:8000::1337:c0de
- dryusdan.space. IN TXT "4|www.tristan-le-chanony.fr"
- dryusdan.space. IN TXT "v=spf1 a mx ip4:195.201.35.125 ip6:2a01:4f8:1c0c:5b90:7331::2 ~all"
- www IN A 5.9.38.80
- www IN AAAA 2a01:4f8:161:2269:8000::1337:c0de
- name: drycat.fr
ttl: 86400
ns_master: ns1.dryusdan.fr
email: contact@dryusdan.fr
refresh: 86400
retry: 7200
expire: 3600000
default_ttl: 600
records:
- drycat.fr. IN NS ns1.dryusdan.fr.
- drycat.fr. IN NS ns2.dryusdan.fr.
- drycat.fr. IN NS ns3.dryusdan.fr.
- drycat.fr. IN MX 10 mail.dryusdan.fr.
- drycat.fr. IN A 5.9.38.80
- drycat.fr. IN AAAA 2a01:4f8:161:2269:8000:0:1337:c0de
- drycat.fr. IN TXT "v=spf1 a mx ip4:195.201.35.125 ip6:2a01:4f8:1c0c:5b90:7331::2 ~all"
- www IN A 5.9.38.80
- www IN AAAA 2a01:4f8:161:2269:8000::1337:c0de
- _matrix._tcp.matrix.drycat.fr. IN SRV 10 0 443 matrix.drycat.fr.
- mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0kewpyp/k3CN8V3/sEToa+oyv/+Jr+StkPnPqWMV8hp2kEMQ+aIh56RPxeMoN/jVvl8qkltL/Yiz5F2+/OQvN8wMQ0OUGOxLtbTYEUCKori5qrmwvMuP4IqqSejylMQ5rnMlPoOLizhJnS70IvY8DyEHEbmYre2WrMcMww+xM5OqrPxq3LOy6+S864hZktV+GvzeeX9bXNv8z6TRe"
"8omsNK0Ez9L+ffggL6F0W3DvrM4EWBtLpnA5Z8Pw97HfbYb1/YUbxOq5jBVTQkXcjkE1Fod1Rfv15OU8AtHrbg2xDMp6L8537r9a6S8+RfoE+wIWKq1lb3/+S//pPgBO5Og0btWxGhFeIiXKQ6uCGeMQ7fpecxUd6DhSfFIFJQn+gKrIYHIcrnVobW/DrerFlBtdJW4kC/3yIbYFdyYKh0dF3138xRUtfhbTrjp20WbFXUwK9CibbFoR7IyE6MK"
"mRhL4mSkpHZxrOmLDDSTtGUp2lblY+VHKdVxs3+/WOWG66xVUNC4b4pS4YwMS72nKIJB5GV19jGqela5ZoIM9Yexmo2jVH2E98v36lZl9WKa2I2/lUNZYp/d4pngPBftT61ylYZW4+3DeaDf4DbcOSp6K4qfjGm3NyRVsg6jjGbpI0gZvAtQ2nc6s4gKy15uAxW0STUwD8irW+ySQ6IQ2MsGzj0CAwEAAQ==") ;
- _dmarc IN TXT ( "v=DMARC1;p=quarantine;sp=quarantine;pct=100;adkim=r;aspf=r;fo=1;ri=86400;rua=mailto:dmarc@dryusdan.fr;ruf=mailto:dmarc@dryusdan.fr;rf=afrf" )
To get DS record, connect to nameserver and write this command : /usr/local/bin/ds-records dryusdan.space