diff --git a/README.md b/README.md index f7736a7..865edc0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Ansible Collection - s3lph.nameserver -Documentation for the collection. +Authoritative nameserver setup using the [knot][knot] DNS server. -WIP \ No newline at end of file +For a usage example see `docs/`. + +[knot]: https://www.knot-dns.cz/ \ No newline at end of file diff --git a/docs/group_vars/all/zones/zone.example.org.yml b/docs/group_vars/all/zones/zone.example.org.yml new file mode 100644 index 0000000..a11073d --- /dev/null +++ b/docs/group_vars/all/zones/zone.example.org.yml @@ -0,0 +1,48 @@ +--- + +# Replace example.org with your zone name +knot_zone_example.org: + + masters: + - ns1.example.org + replicas: + - ns2.example.org + - ns3.example.org + + # Replace example.org. with your zone name + name: example.org. + + # Configure the SOA record to your liking + soa: + class: IN + primary: ns1.example.org + rname: abuse.example.org + refresh: 3600 + retry: 300 + expire: 7200 + ttl: 3600 + min_ttl: 3600 + + # Place your DNS records here + records: + + - name: "@" + type: NS + value: ns1.example.org. + - name: "@" + type: NS + value: ns2.example.org. + - name: "@" + type: NS + value: ns3.example.org. + + - name: "www" + type: AAAA + value: 2001:db8::42 + + - name: "@" + type: MX + value: 10 mail.example.org. + - name: "@" + type: TXT + value: '"v=spf1 mx a ~all"' diff --git a/docs/host_vars/ns1.example.org/knot.yml b/docs/host_vars/ns1.example.org/knot.yml new file mode 100644 index 0000000..962f6da --- /dev/null +++ b/docs/host_vars/ns1.example.org/knot.yml @@ -0,0 +1,16 @@ +--- + +# Optional: Override nameserver identity and NSID +knot_server_identity: ns1.example.org +knot_server_nsid: ns1.example.org + +# Mandatory for replicated setup: Addresses under which the nameserver +# is reachable +knot_dns_addresses: + - "2001:db8:42::1" + - "10.42.0.1" + +# Change other host specific options here + +# knot 2.7 in Debian stable doesn't know double-ds yet +knot_dnssec_policy_cds_publish: always diff --git a/docs/host_vars/ns2.example.org/knot.yml b/docs/host_vars/ns2.example.org/knot.yml new file mode 100644 index 0000000..1251b55 --- /dev/null +++ b/docs/host_vars/ns2.example.org/knot.yml @@ -0,0 +1,16 @@ +--- + +# Optional: Override nameserver identity and NSID +knot_server_identity: ns2.example.org +knot_server_nsid: ns2.example.org + +# Mandatory for replicated setup: Addresses under which the nameserver +# is reachable +knot_dns_addresses: + - "2001:db8:42::2" + - "10.42.0.2" + +# Change other host specific options here + +# knot 2.7 in Debian stable doesn't know double-ds yet +knot_dnssec_policy_cds_publish: always diff --git a/docs/host_vars/ns3.example.org/knot.yml b/docs/host_vars/ns3.example.org/knot.yml new file mode 100644 index 0000000..e589fba --- /dev/null +++ b/docs/host_vars/ns3.example.org/knot.yml @@ -0,0 +1,5 @@ +--- + +knot_dns_addresses: + - "2001:db8:1337::1" + - "172.16.0.1" diff --git a/docs/inventory.ini b/docs/inventory.ini new file mode 100644 index 0000000..8d47b41 --- /dev/null +++ b/docs/inventory.ini @@ -0,0 +1,11 @@ +[nameserver] +ns1.example.org +ns2.example.org + +[nameserver_external] +# External nameservers not managed here +# +# These hosts only serve as dummy hosts to hold the necessary +# information required for using them as zone transfer sources or +# targets +ns3.example.org \ No newline at end of file diff --git a/docs/playbook.yml b/docs/playbook.yml new file mode 100644 index 0000000..e00aafa --- /dev/null +++ b/docs/playbook.yml @@ -0,0 +1,5 @@ +--- + +- hosts: nameserver + roles: + - s3lph.nameserver.knot diff --git a/docs/requirements.yml b/docs/requirements.yml new file mode 100644 index 0000000..58b858f --- /dev/null +++ b/docs/requirements.yml @@ -0,0 +1,5 @@ +--- +collections: + - name: https://gitlab.com/s3lph/ansible-collection-nameserver + type: git + version: master diff --git a/galaxy.yml b/galaxy.yml index 531884e..a86e6b6 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -21,7 +21,7 @@ authors: ### OPTIONAL but strongly recommended # A short summary description of the collection -description: Authoritative nameserver setup with knot as master and nsd as replicas +description: Authoritative nameserver setup using knot # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'