infra/ansible-role-powerdns
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
20 commits 1 branch 0 tags 57 KiB
Find a file
Julian Rother a270aad58e
Bookworm compatibility 
Disables security update notifications. In Bookworm PowerDNS fails to start
with security update notifications enabled.

Adds special handling of config value "omit" for setting new config options
in a backwards-compatible way.
2023-10-17 23:40:41 +02:00
defaults Bookworm compatibility 2023-10-17 23:40:41 +02:00
handlers fix linter 2021-07-17 01:51:03 +02:00
tasks fix linter 2021-07-17 01:51:03 +02:00
templates Bookworm compatibility 2023-10-17 23:40:41 +02:00
README.md add updatedns flag description 2020-10-26 13:04:21 +01:00

README.md

PowerDNS

All configuration is to be placed inside the powerdns dict. To only update zonefiles in an existing setup (and skip the setup procedure and everything else) use the "updatedns" tag.

# key:value of config values
config:
	"allow-axfr-ips":
		- ::1
		- 127.0.0.0/8
	"bind-config": /etc/powerdns/backends/bind.conf
	"config-dir": /etc/powerdns
	"daemon": "yes"
	"default-ttl": 3600
	"guardian": "yes"
	"include-dir": "/etc/powerdns/pdns.d"
	"launch":
		bind: {}
	"master": "no"
	"reuseport": "yes"
	"setgid": pdns
	"setuid": pdns
	"slave": "no"
	"soa-minimum-ttl": 300
	"tcp-control-secret": "{{ lookup('password', '/dev/null length=64') }}"
	"version-string": "1"
# name: *zonemeta*, define meta data for zones. See below for definition
zonemeta: {}

# defaults for zone metadata, See **zonemeta** for definition.
zonemeta_defaults: 
	type: native
	"allow-query":
	- any
	"allow-update":
	- none
	"allow-transfer":
	- none
	"slaves":
	- none

# name: **zone**, define all dns zones. See below for definition.
zones: {}

zonemeta

# Can be master/slave/native
# See https://doc.powerdns.com/authoritative/backends/bind.html#master-slave-native-configuration
type: native

"allow-query":
- any
"allow-update":
- none
"allow-transfer":
- none
"slaves":
- none

zone

The basic format is <dns path>: { <record type>: [<value>, <value>] } It is possible to do short hand notations:

  • If there is only a single value for an entry, you can omit the array and use ``: { : }`
  • YAML anchors and merges are recommend for situations where a CNAME is not possible
  • You can use hierachy to shorten paths. If you have foo.example.com and bar.example.com you could write
"example.com.":
	foo:
		A: 1.1.1.1
	bar:
		A: 1.1.1.1

For the SOA record, ##sequence## is replaced by a generated sqeuence number.

Example for a zone:

"example.de":
	SOA: "ns.example.de zonefile.example.de ##sequence## 1d 2h 4w 1h"
	CAA: 0 issue "letsencrypt.org"

	NS:
		- ns0.example.de
		- ns1.example.de

	ns:
		CNAME: ns0.example.de.

	ns0:
		A: 1.1.1.1
		AAAA: ::5

	git:
		A:
			- 2.2.2.2
			- 3.3.3.3
		AAAA: ::6