{"id":19331100,"url":"https://github.com/systemli/ansible-role-bind9","last_synced_at":"2025-11-16T15:31:01.458Z","repository":{"id":37003995,"uuid":"130109486","full_name":"systemli/ansible-role-bind9","owner":"systemli","description":"Ansible role to install and maintain the Bind9 nameserver on Debian","archived":false,"fork":false,"pushed_at":"2025-02-10T08:23:25.000Z","size":113,"stargazers_count":24,"open_issues_count":9,"forks_count":26,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-02-10T09:27:58.784Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/systemli.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-18T19:05:26.000Z","updated_at":"2025-02-10T08:23:28.000Z","dependencies_parsed_at":"2025-01-06T08:35:08.226Z","dependency_job_id":null,"html_url":"https://github.com/systemli/ansible-role-bind9","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemli%2Fansible-role-bind9","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemli%2Fansible-role-bind9/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemli%2Fansible-role-bind9/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemli%2Fansible-role-bind9/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/systemli","download_url":"https://codeload.github.com/systemli/ansible-role-bind9/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240434302,"owners_count":19800550,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T02:39:01.646Z","updated_at":"2025-11-16T15:31:01.452Z","avatar_url":"https://github.com/systemli.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible role to install and maintain the Bind9 nameserver on Debian\n\n[![Build Status](https://github.com/systemli/ansible-role-bind9/workflows/Integration/badge.svg?branch=main)](https://github.com/systemli/ansible-role-bind9/actions?query=workflow%3AIntegration)\n[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-bind9-blue.svg)](https://galaxy.ansible.com/systemli/bind9/)\n\nThis role installs and configures the Bind9 nameserver on Debian.\n\nFeatures:\n\n* Support for configuring an authoritative nameserver for DNS zones and/or a DNS recursor\n* Extensive DNSSEC support:\n  * automatic KSK and ZSK key creation\n  * automatic zone DNSSEC configuration\n* Support for hidden primary and authoritative secondary configuration\n* Support for so called \"static\" zones, i.e. zones defined uploading their raw .db bind file\n* Validity check of zone files with named-checkzone\n* Basic support for so called \"dynamic\" zones, i.e. defined from variables yaml variables sets\n\n## Basic server configuration\n\n### Master server\n\n* set vars for your master server, for instance in `host_vars/master_name/vars/XX_bind.yml`, here with an example.com static zones and forwarder:\n\n```yaml\nbind9_authoritative: yes\nbind9_zones_static:\n- { name: example.com , type=master }\nbind9_forward: yes\nbind9_forward_servers:\n- 8.8.8.8\n- 4.4.4.4\nbind9_slaves:\n- slave_ip_1\n- slave_ip_2\n- slave_ip_3\nbind9_our_neighbors:\n- slave_ip_1\n- slave_ip_2\n- slave_ip_3\n```\n\n* Place your BIND zone file in ansible directory (not in role directory): `files/bind/zones/db.example.com\n\n### Slave servers\n\n* set vars for your slave servers:\n\n```yaml\nbind9_zones_static:\n- { name: example.com, type: slave }\nbind9_forward: yes\nbind9_forward_servers:\n- 8.8.8.8\n- 4.4.4.4\nbind9_masters:\n- { name: master_name, addresses: [master_ip] }\nbind9_recursor: our_network\n```\n\n### Dynamic zones\n\nSo called \"dynamic\" zones' records are defined through YAML ansible variable `bind9_zones_dynamic` which is parsed by [`bind/zones/db.template.j2`](templates/bind/zones/db.template.j2) template.\nAs there can be several zones, and zone definitions can be long, zone vars are worthily defined in a different vars file, for instance `host_vars/master_name/vars/YY_zones.yml`.  `bind9_zones_dynamic` can be split in several variables, which can be defined in specific files, as in the example below.\n\nIn `YY_zones.yml` we may have:\n\n```yaml\nbind9_zones_dynamic: \u003e\n        {{ zones_my_domains\n        | union ( zone_my_reverse_inaddr_arpa )\n        | union ( zone_my_reverse_ip6_arpa ) }}\n\n# bind9_zone_static:  zone files copied from `files/bind/zones/`\n\nbind9_zones_static:\n- name: static_dom.org\n  type: master\n- name: static_dom2.org\n  type: master\n- name: static_dom3.org\n  type: slave\n```\n\nAnd in other vars files:\n\n```yaml\nzones_my_domains:\n# This is the variables set for my domain\n- name: dyn_domain.org\n  type: master\n  default_ttl: 600\n  serial: 2022050501\n  refresh: 1D\n  retry: 2H\n  expire: 1000H\n  # NS and other pre-formatted records values must be given as full qualified domain names, with or without final dot, but not relative to the zone\n  primary: ns1.dyn_domain.org         # Optional, if you don't define it, firs NS is taken\n  admin: postmaster.dyn_domain.org\n  ns_records:\n  - ns1.dyn_domain.org\n  - ns2.dyn_domain.org\n  # RR values are either relative to the zone, either with a final dot when outside.\n  rrs:\n  - {label: \"@\", type: MX, rdata: 10 mail}\n  - {label: webmail, type: CNAME, rdata: mail}\n  - {label: \"@\", type: A, rdata: 8.8.8.221}\n  - {label: \"@\", type: AAAA, rdata: 2001:db8:6a::95}\n  - {label: www, type: CNAME, rdata: webserver.dyn_domain.org.}\n  - {label: mail, type: A, rdata: 8.8.8.222}\n  - {label: mail, type: AAAA, rdata: 2001:db8:6a::22}\n  - {label: webserver, ttl: 86400, type: A, rdata: 8.8.8.223}\n  - {label: webserver, ttl: 86400, type: AAAA, rdata: 2001:db8:6a::23}\n```\n\nAnd similarly `zone_my_reverse_inaddr_arpa` and `zone_my_reverse_ip6_arpa` for IP reverse DNS resolution. Note that we adopted for generic NS records the terminology defined in [RFC 1034, Section 3.6](https://datatracker.ietf.org/doc/html/rfc1034#section-3.6)\n\n* deploy role to your servers\n\n### DDNS updates\n\n## Key generation\n\nIf you want to have your DDNS keys created by this role configure `bind9_generate_ddns_key`:\n\n```yaml\n-  bind9_generate_ddns_key: true\n```\n\nKeys will by default be stored to `files/bind/zones` withinin your playbook location, but you can customize this with `bind9_local_keydir`\n\n```yaml\n-  bind9_local_keydir: credentials/bind\n```\n\n## Zone database\n\nPlease note that for DDNS updates to work, the location of the zone files needs to be writable by the BIND process.\nLinux distros with Mandatory Access Control (Apparmor, SELinux) ususally don't allow writing to the default `/etc/bind/zones` path. In order to circumvent this you may want to change the zone files location to `/var/lib/bind/zones` instead:\n\n```yaml\n-  bind9_zonedir: /var/lib/bind/zones\n```\n\n## Role varibles\n\nSee `defaults/main.yml` for a list of role variables.\n\nTesting \u0026 Development\n---------------------\n\nTests\n-----\n\nFor developing and testing the role we use Github Actions, Molecule and Vagrant. On the local environment you can easily test the role with\n\nRun local tests with:\n\n```\nmolecule test\n```\n\n## License\n\nThis Ansible role is licensed under the GNU GPLv3.\n\n## Author\n\nCopyright 2017-2020 systemli.org (\u003chttps://www.systemli.org/\u003e)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsystemli%2Fansible-role-bind9","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsystemli%2Fansible-role-bind9","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsystemli%2Fansible-role-bind9/lists"}