Documentation

README.md

@@ -1,5 +1,7 @@
 # Ansible Collection - s3lph.nameserver
 
-Documentation for the collection.
+Authoritative nameserver setup using the [knot][knot] DNS server.
 
-WIP
+For a usage example see `docs/`.
+
+[knot]: https://www.knot-dns.cz/

docs/group_vars/all/zones/zone.example.org.yml

@@ -0,0 +1,48 @@
+---
+
+# Replace example.org with your zone name
+knot_zone_example.org:
+
+  masters:
+    - ns1.example.org
+  replicas:
+    - ns2.example.org
+    - ns3.example.org
+
+  # Replace example.org. with your zone name
+  name: example.org.
+
+  # Configure the SOA record to your liking
+  soa:
+    class: IN
+    primary: ns1.example.org
+    rname: abuse.example.org
+    refresh: 3600
+    retry: 300
+    expire: 7200
+    ttl: 3600
+    min_ttl: 3600
+
+  # Place your DNS records here
+  records:
+
+    - name: "@"
+      type: NS
+      value: ns1.example.org.
+    - name: "@"
+      type: NS
+      value: ns2.example.org.
+    - name: "@"
+      type: NS
+      value: ns3.example.org.
+
+    - name: "www"
+      type: AAAA
+      value: 2001:db8::42
+
+    - name: "@"
+      type: MX
+      value: 10 mail.example.org.
+    - name: "@"
+      type: TXT
+      value: '"v=spf1 mx a ~all"'

docs/host_vars/ns1.example.org/knot.yml

@@ -0,0 +1,16 @@
+---
+
+# Optional: Override nameserver identity and NSID
+knot_server_identity: ns1.example.org
+knot_server_nsid: ns1.example.org
+
+# Mandatory for replicated setup: Addresses under which the nameserver
+# is reachable
+knot_dns_addresses:
+  - "2001:db8:42::1"
+  - "10.42.0.1"
+
+# Change other host specific options here
+
+# knot 2.7 in Debian stable doesn't know double-ds yet
+knot_dnssec_policy_cds_publish: always

docs/host_vars/ns2.example.org/knot.yml

@@ -0,0 +1,16 @@
+---
+
+# Optional: Override nameserver identity and NSID
+knot_server_identity: ns2.example.org
+knot_server_nsid: ns2.example.org
+
+# Mandatory for replicated setup: Addresses under which the nameserver
+# is reachable
+knot_dns_addresses:
+  - "2001:db8:42::2"
+  - "10.42.0.2"
+
+# Change other host specific options here
+
+# knot 2.7 in Debian stable doesn't know double-ds yet
+knot_dnssec_policy_cds_publish: always

docs/host_vars/ns3.example.org/knot.yml

@@ -0,0 +1,5 @@
+---
+
+knot_dns_addresses:
+  - "2001:db8:1337::1"
+  - "172.16.0.1"

docs/inventory.ini

@@ -0,0 +1,11 @@
+[nameserver]
+ns1.example.org
+ns2.example.org
+
+[nameserver_external]
+# External nameservers not managed here
+#
+# These hosts only serve as dummy hosts to hold the necessary
+# information required for using them as zone transfer sources or
+# targets
+ns3.example.org

docs/playbook.yml

@@ -0,0 +1,5 @@
+---
+
+- hosts: nameserver
+  roles:
+    - s3lph.nameserver.knot

docs/requirements.yml

@@ -0,0 +1,5 @@
+---
+collections:
+  - name: https://gitlab.com/s3lph/ansible-collection-nameserver
+    type: git
+    version: master

galaxy.yml

@@ -21,7 +21,7 @@ authors:
 
 ### OPTIONAL but strongly recommended
 # A short summary description of the collection
-description: Authoritative nameserver setup with knot as master and nsd as replicas
+description: Authoritative nameserver setup using knot
 
 # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
 # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'