tocproject.toc.dns
Purpose
- One role for all DNS roles (SOA, Master, Slaves)
- Based on Bind9
Variables
Views
toc_dns_views:
- name: default
match_clients:
- "any"
Domains
toc_dns_zone_domains:
- name: "example.com"
hostmaster_email: "hostmaster"
networks:
- "10.0.2"
ACLS
Key binding (XFR requests)
Expected element example- name: master_key
algorithm: hmac-sha256
secret: "azertyAZERTY123456"
TSIG key binding
Expected element example - name: "{{ public_domain }}."
algorithm: hmac-sha256
- List of IPv4 address of the network interface(s) to listen on. Set to "any" to listen on all interfaces
toc_dns_listen_ipv4:
- "127.0.0.1"
- List of IPv6 address of the network interface(s) to listen on.
toc_dns_listen_ipv6:
- "::1"
- List of hosts that are allowed to query this DNS server.
toc_dns_allow_query:
- "localhost"
- Determines whether recursion should be allowed.
- List of hosts for which recursion is allowed.
toc_dns_allow_recursion:
- "any"
- Allows BIND to be set up as a caching name server.
toc_dns_forward_only: false
- List of name servers to forward DNS requests to.
- DNS round robin order ('random' or 'cyclic').
toc_dns_rrset_order: "random"
- Statistics channels configuration
toc_dns_statistics_channels: false
toc_dns_statistics_port: 8053
toc_dns_statistics_host: 127.0.0.1
toc_dns_statistics_allow:
- "127.0.0.1"
- DNSSEC configuration
toc_dns_dnssec_enable: true
toc_dns_dnssec_validation: true
- Extra file path to include.
toc_dns_extra_include_files: []
- SOA information
toc_dns_zone_ttl: "1W"
toc_dns_zone_time_to_refresh: "1D"
toc_dns_zone_time_to_retry: "1H"
toc_dns_zone_time_to_expire: "1W"
toc_dns_zone_minimum_ttl: "1D"
- File mode for master zone files (needs to be something like 0660 for dynamic updates)
toc_dns_zone_file_mode: "0640"
Cookbook
Minimal slave configuration
toc_dns_listen_ipv4: ['any']
toc_dns_allow_query: ['any']
bind_zone_master_server_ip: 192.168.111.222
toc_dns_zone_domains:
- name: example.com