ansible-role-powerdns/README.md

PowerDNS

All configuration is to be placed inside the powerdns dict.

# key:value of config values
config:
	"allow-axfr-ips":
	- ::1
	- 127.0.0.0/8
	"bind-config": /etc/powerdns/backends/bind.conf
	"config-dir": /etc/powerdns
	"daemon": "yes"
	"default-ttl": 3600
	"guardian": "yes"
	"include-dir": "/etc/powerdns/pdns.d"
	"launch":
		bind: {}
	"master": "no"
	"reuseport": "yes"
	"setgid": pdns
	"setuid": pdns
	"slave": "no"
	"soa-minimum-ttl": 300
	"tcp-control-secret": "{{ lookup('password', '/dev/null length=64') }}"
	"version-string": "1"
# name: *zonemeta*, define meta data for zones. See below for definition
zonemeta: {}

# defaults for zone metadata, See **zonemeta** for definition.
zonemeta_defaults: 
	type: native
	"allow-query":
	- any
	"allow-update":
	- none
	"allow-transfer":
	- none
	"slaves":
	- none

# name: **zone**, define all dns zones. See below for definition.
zones: {}

zonemeta

# Can be master/slave/native
# See https://doc.powerdns.com/authoritative/backends/bind.html#master-slave-native-configuration
type: native

"allow-query":
- any
"allow-update":
- none
"allow-transfer":
- none
"slaves":
- none

zone

The basic format is <dns path>: { <record type>: [<value>, <value>] } It is possible to do short hand notations:

• If there is only a single value for an entry, you can omit the array and use ``: { : }`
• YAML anchors and merges are recommend for situations where a CNAME is not possible
• You can use hierachy to shorten paths. If you have foo.example.com and 'bar.example.com' you could write

"example.com.":
	foo:
		A: 1.1.1.1
	bar:
		A: 1.1.1.1

For the SOA record, ##sequence## is replaced by a generated sqeuence number.

Example for a zone:

"example.de":
	SOA: "ns.example.de zonefile.example.de ##sequence## 1d 2h 4w 1h"
	CAA: 0 issue "letsencrypt.org"

	NS:
		- ns0.example.de
		- ns1.example.de

	ns:
		CNAME: ns0.example.de.

	ns0:
		A: 1.1.1.1
		AAAA: ::5

	git:
		A:
			- 2.2.2.2
			- 3.3.3.3
		AAAA: ::6