{"id":18185991,"url":"https://github.com/ricsanfre/ansible-role-bind9","last_synced_at":"2025-10-14T03:10:20.830Z","repository":{"id":260753214,"uuid":"874861686","full_name":"ricsanfre/ansible-role-bind9","owner":"ricsanfre","description":"Ansible role for installing and configuring DNS server Bind9","archived":false,"fork":false,"pushed_at":"2025-08-15T10:38:23.000Z","size":32,"stargazers_count":4,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-15T12:18:07.546Z","etag":null,"topics":["ansible","ansible-role","bind9"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/ui/standalone/roles/ricsanfre/bind9/","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ricsanfre.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-10-18T15:41:05.000Z","updated_at":"2025-08-15T10:35:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"18edfddf-255e-4b78-a389-20347e6d1b9b","html_url":"https://github.com/ricsanfre/ansible-role-bind9","commit_stats":{"total_commits":10,"total_committers":1,"mean_commits":10.0,"dds":0.0,"last_synced_commit":"4782eed4efc01adab0124ee52f412f6ab1d9bcf1"},"previous_names":["ricsanfre/ansible-role-bind9"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/ricsanfre/ansible-role-bind9","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fansible-role-bind9","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fansible-role-bind9/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fansible-role-bind9/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fansible-role-bind9/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ricsanfre","download_url":"https://codeload.github.com/ricsanfre/ansible-role-bind9/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fansible-role-bind9/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279017786,"owners_count":26086142,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","bind9"],"created_at":"2024-11-02T23:04:18.900Z","updated_at":"2025-10-14T03:10:20.825Z","avatar_url":"https://github.com/ricsanfre.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"Ansible Role: Bind9 Installation and Configuration\n=========\n\nThis role install and configure [Bind9](https://www.isc.org/bind/) in a Ubuntu server.\n\n\nRequirements\n------------\n\nNone\n\nRole Variables\n--------------\n\nAvailable variables are listed below along with default values (see `defaults\\main.yaml`)\n\n- Bind9 packages to install\n  ```yaml\n  bind9_packages:\n  - bind9\n  - dnsutils\n  ```\n- Bind9 server installation details\n\n  bind UNIX user/group\n  ```yml\n  bind9_user: bind\n  bind9_group: bind\n  ```\n  By default Ubuntu packages install bind configuration files in (`/etc/bind`). Additional directories is created to store Dynamic DNS (DDNS) keys(`bind9_keydir`)\n\n  Ubuntu packate configure Apparmor permissions so `/var/lib/bind` directory is configured with proper permissions. That is the folder that must be used to store the zone files in case DDNS is in going to be used. If that directory is not uses DDNS updates are not working because of permission issues.\n\n  Ansible variable (`bind9_zonedir`) contains that path and it should not be modified. See https://ubuntu.com/server/docs/domain-name-service-dns\n\n  \u003e Note:\n  \u003e If BIND will be receiving automatic updates to the file as with DDNS, then use /var/lib/bind/db.example.com rather than /etc/bind/db.example.com both here and in the copy command below.\n\n  ```yml\n  # Configuration directories\n  bind9_zonedir: /var/lib/bind\n  bind9_keydir: /etc/bind/keys\n  ```\n\n- Bind9 server Configuration\n\n  IPv6 configuration\n  Whether to enable IPv6 or not\n  ```yml\n  bind9_enable_ipv6: false\n  ```\n  \n  Listening IP/IPv6 addresses:\n  ```yml\n  # IPv6 addresses to listen on\n  bind9_listen_on_v6: []\n  # IP addresses to listen on\n  bind9_listen_on: []\n  ```\n  Leave them empty, default value, to enable listening in all IP addresses\n\n  Configure DNS server as Resolver (enabling recursion)\n  ```yaml\n  bind9_recursor: true\n  ```\n  \n  Configure DNS server as Forwarder (`bind9_forward`) and specify the list of forward DNS servers (`bind9_forward_servers`)\n  ```yaml\n  # run bind with forwarding?\n  bind9_forward: true\n  # forward servers\n  bind9_forward_servers:\n    - 1.1.1.1\n    - 8.8.8.8\n  ```\n\n  Confifure DNS server as Authoritative DNS server\n  ```yaml\n  # Run bind as authoritative nameserver?\n  bind9_authoritative: false\n  ```\n\n  Configure networks to include in ACL for querying.\n  ```yaml\n  # Permitted hosts/networks in ACL for querying\n  bind9_acl_networks:\n    - 10.10.0.0/16\n    - 10.20.0.0/16\n  ```\n  Enable logging\n  ```yaml\n  # Enable logging\n  bind9_named_logging: false\n  bind9_log_path: /var/log/named\n  ```\n  Enable statistics channel\n  ```yaml\n  # Enable statistics channel\n  bind9_named_statistics_channel_enable: false\n  bind9_named_statistics_port: 8053\n  ```\n\n- Configure Zone files\n\n  Zone files to be deployed in the Authoritative DNS server are defined in a dict `bind9_zones`\n  The list of zones can include forward zones and reverse zone file definitions\n\n  ```yaml\n  bind9_zones:\n    - name: homelab.example.com\n      type: primary\n      default_ttl: 600\n      serial: 2024101102\n      refresh: 1D\n      retry: 2H\n      expire: 1000H\n      primary: ns.homelab.example.com\n      admin: admin.example.com\n      ns_records:\n        - ns.homelab.example.com\n      rrs:\n        - label: ns\n          type: A\n          rdata: 192.168.2.11\n        - label: node1\n          type: A\n          rdata: 192.168.2.11\n        - label: node2\n          type: A\n          rdata: 192.168.2.12\n        - label: node3\n          type: A\n          rdata: 192.168.2.13\n    - name: 168.192.in-addr.arpa\n      type: primary\n      default_ttl: 600\n      serial: 2024101102\n      refresh: 1D\n      retry: 2H\n      expire: 1000H\n      primary: ns.homelab.example.com\n      admin: admin.homelab.example.com\n      ns_records:\n        - ns1.homelab.example.com.\n      rrs:\n        - label: 11.2\n          type: PTR\n          rdata: ns.homelab.example.com.\n        - label: 12.2\n          type: PTR\n          rdata: node2.homelab.example.com.\n        - label: 13.2\n          type: PTR\n          rdata: node3.homelab.example.com.\n  ```\n\nZone files definition \n\n- Dynamic DNS (DNS)\n\n  Whether the DDNS keys are generated or not\n  ```yaml\n  bind9_generate_ddns_key: true\n  ```\n\n  For each zone supporting dynamic updates the `ddns_update_key` and `ddns_update_policy_grant` need to be added. `ddns_update_key` contains file name of the key to be stored in `/etc/bind/keys` directory. `ddns_update_policy_grant` contain the grant policy description to be used. See details in [Bind9: Dynamic Update Policies](https://bind9.readthedocs.io/en/v9.16.20/reference.html#dynamic-update-policies)\n\n\n  ```yaml\n  bind9_zones:\n    - name: homelab.example.com\n      type: master\n      ddns_update_key: ddnskey\n      ddns_update_policy_grant: \"zonesub any\"\n  ```\n\n- Primary/Secondary configuration\n\n  In primary server, zone definition has to be configured as `type` primary\n  Also `secondary_servers` has to include list of IP addresses of secondary servers\n\n  ```yaml\n  bind9_zones:\n    - name: homelab.example.com\n      type: primary\n      secondary_servers:\n        - 10.11.0.12\n  ```\n  In secondary servers, zone definition has to be configured as `type` secondary\n  Also `primary_servers` has to include IP addresses of the primary server\n\n  ```yaml\n  bind9_zones:\n    - name: homelab.example.com\n      type: secondary\n      primary_servers:\n        - 10.11.0.11\n  ```\n- Null forwarders configuration\n\n If you would like to be able delegate a subdomain from your authoritative server to another server, you may need to set `null_forwarders` to true. This enables the delegtion and proper name resolution when running both an authoritative server, and a general forwarder. For more details see https://kb.isc.org/docs/aa-00538.\n\n  ```yaml\n  bind9_zones:\n    - name: homelab.example.com\n      type: primary\n      secondary_servers:\n        - 10.11.0.12\n      null_forwarders: true\n  ```\n  \n\n\nDependencies\n------------\n\nNone\n\nExample Playbooks\n-----------------\n\n\nThe following playbook install and configure DNS server as authoritative server for domain `homelab.example.com`, it also configure it as Forwarder and Resolver.\n\n```yml\n---\n- name: Install and configure Minio Server\n  hosts: dns-server\n  become: true\n  gather_facts: true\n  roles:\n    - role: ricsanfre.bind9\n      bind9_authoritative: true\n      bind9_forward: true\n      bind9_recursor: true\n      bind9_forward_servers:\n        - 8.8.8.8\n        - 4.4.4.4\n      bind9_generate_ddns_key: true\n      bind9_zones:\n        - name: homelab.example.com\n          type: primary\n          ddns_update_key: ddnskey\n          ddns_update_policy_grant: \"zonesub any\"\n          default_ttl: 600\n          serial: 2024101102\n          refresh: 1D\n          retry: 2H\n          expire: 1000H\n          null_forwarders: false\n          primary: ns.homelab.example.com\n          admin: admin.example.com\n          ns_records:\n            - ns.homelab.example.com\n          rrs:\n            - label: ns\n              type: A\n              rdata: 192.168.2.11\n            - label: node1\n              type: A\n              rdata: 192.168.2.11\n            - label: node2\n              type: A\n              rdata: 192.168.2.12\n            - label: node3\n              type: A\n              rdata: 192.168.2.13\n        - name: 168.192.in-addr.arpa\n          type: primary\n          default_ttl: 600\n          serial: 2024101102\n          refresh: 1D\n          retry: 2H\n          expire: 1000H\n          primary: ns.homelab.example.com\n          admin: admin.homelab.example.com\n          ns_records:\n            - ns1.homelab.example.com.\n          rrs:\n            - label: 11.2\n              type: PTR\n              rdata: ns.homelab.example.com.\n            - label: 12.2\n              type: PTR\n              rdata: node2.homelab.example.com.\n            - label: 13.2\n              type: PTR\n              rdata: node3.homelab.example.com.\n```\n\nThe following configure a primary (`ns1.homelab.example.com`) and secondary (`ns2.homelab.example.com`) DNS servers\n\n```yaml\n---\n- name: DNS1\n  hosts: ns1.homelab.example.com\n  become: true\n  gather_facts: true\n  roles:\n    - role: ricsanfre.bind9\n      bind9_authoritative: true\n      bind9_forward: true\n      bind9_recursor: true\n      bind9_forward_servers:\n        - 8.8.8.8\n        - 4.4.4.4\n      bind9_generate_ddns_key: true\n      bind9_zones:\n        - name: homelab.example.com\n          type: primary\n          secondary_servers:\n            - 10.11.0.12\n          ddns_update_key: ddnskey\n          ddns_update_policy_grant: \"zonesub any\"\n          default_ttl: 600\n          serial: 2024101102\n          refresh: 1D\n          retry: 2H\n          expire: 1000H\n          # NS and other pre-formatted records values must be given as full qualified domain names, with or without final dot, but not relative to the zone\n          primary: ns.homelab.example.com         # Optional, if you don't define it, firs NS is taken\n          admin: admin.example.com\n          ns_records:\n            - ns1.homelab.example.com\n            - ns2.homelab.example.com\n          # RR values are either relative to the zone, either with a final dot when outside.\n          rrs:\n            - label: ns1\n              type: A\n              rdata: 10.11.0.11\n            - label: ns2\n              type: A\n              rdata: 10.11.0.12\n            - label: node1\n              type: A\n              rdata: 10.11.0.21\n            - label: node2\n              type: A\n              rdata: 10.11.0.22\n        - name: 11.10.in-addr.arpa\n          type: primary\n          default_ttl: 600\n          serial: 2024101102\n          refresh: 1D\n          retry: 2H\n          expire: 1000H\n          # NS and other pre-formatted records values must be given as full qualified domain names, with or without final dot, but not relative to the zone\n          primary: ns1.homelab.example.com         # Optional, if you don't define it, firs NS is taken\n          admin: admin.homelab.example.com\n          ns_records:\n            - ns1.homelab.example.com.\n            - ns2.homelab.example.com.\n          # RR values are either relative to the zone, either with a final dot when outside.\n          rrs:\n            - label: 0.1\n              type: PTR\n              rdata: ns1.homelab.example.com\n            - label: 0.2\n              type: PTR\n              rdata: ns2.homelab.example.com.\n            - label: 0.21\n              type: PTR\n              rdata: node1.homelab.example.com.\n            - label: 0.22\n              type: PTR\n              rdata: node2.homelab.example.com.\n\n- name: DNS1\n  hosts: ns2.homelab.example.com\n  become: true\n  gather_facts: true\n  roles:\n    - role: ricsanfre.bind9\n      bind9_authoritative: true\n      bind9_forward: true\n      bind9_recursor: true\n      bind9_forward_servers:\n        - 8.8.8.8\n        - 4.4.4.4\n      bind9_zones:\n        - name: homelab.example.com\n          type: secondary\n          primary_servers:\n            - 10.11.0.11\n        - name: 11.10.in-addr.arpa\n          type: secondary\n          primary_servers:\n            - 10.11.0.11\n```\n\n\nLicense\n-------\n\nMIT\n\nAuthor Information\n------------------\n\nCreated by Ricardo Sanchez (ricsanfre)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fricsanfre%2Fansible-role-bind9","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fricsanfre%2Fansible-role-bind9","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fricsanfre%2Fansible-role-bind9/lists"}