slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

: DNSSEC signing and auto-signing

Browse Source
This commit is contained in:
VC
2024-07-05 11:53:53 +02:00
parent cedd523536
commit eac088a11e
8 changed files with 82 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
roles/nsd/templates/resignall.sh.j2 Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
for i in {{ nsd_default_etc_path }}keys/*/*.ds
do
# Get the different names
FILENAME=${i##*/}
KEYNAME=${FILENAME/.ds/}
DIRPATH=${i/${FILENAME}/}
_ZONEFILEPATH=${DIRPATH/keys/zones}
ZONEFILEPATH=${_ZONEFILEPATH%/*}.zone
_ZONENAME=${_ZONEFILEPATH%/*}
ZONENAME=${_ZONENAME##*/}
cd $DIRPATH
sudo -u nsd /usr/bin/ldns-signzone -o ${ZONENAME} -u ${ZONEFILEPATH} ${KEYNAME}
/usr/sbin/nsd-control reload ${ZONENAME}
done

2
roles/nsd/templates/zone.j2
View File

@@ -3,7 +3,7 @@
{% set default_ipv6 = hostvars[other_server].ansible_default_ipv6.address -%}
zone:
name: "{{ item.name }}"
zonefile: {{ item.name }}.zone
zonefile: {{ item.name }}.zone.signed
{% if nsd_master -%}
{% for server in other_server -%}
{% set default_ipv4 = hostvars[server].natted_ipv4 | default(hostvars[server].ansible_default_ipv4.address) -%}

1
roles/nsd/templates/zones/parking.zone.j2
View File

@@ -14,6 +14,7 @@ $TTL 86400
$ORIGIN {{ item.name }}.
$TTL 7200
@ CAA 0 issue ";"
@ MX 0 .
@ TXT "v=spf1 -all"
@ TXT "spf2.0/mfrom -all"
_dmarc TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;"