Project

General

Profile

README

Ansible role for OpenDNSSEC installation

Introduction

OpenDNSSEC is a tool to help manage DNSSEC automatic signing of DNS zones.

This role installs and configure the application. The list of zones is updated as needed, nevertheless
installation of zone files needs to be done in your playbook.

Variables

  • hsm_pin: SoftHSM Slot PIN
  • ksk: KSK key generation parameters
    • algorithm: algorithm number
    • length: key length in bits (if applicable to this algorithm)
  • signed_zones_dir: signed zone files output directory (defaults to /etc/bind/master/signed) it needs to be created beforehand.
  • zones: list of zone names
  • zones_dir: clear zone files directory (defaults to /etc/bind/master) it needs to be created beforehand.
  • zones_policy: optional zone name <-> policy association the default policy is 'default'

Policies

The generated policies are:
- default: signed zone with secure parameters
- unsigned: safely unsign a previously signed zone

Statistics
| Branch: | Revision:

ansible-role-opendnssec @ master

Name Size Revision Age Author Comment
  defaults 54ecd5a1 11 months Marc Dequènes allow specifying a zone non-default policy and ...
  files 520ef12b 11 months Marc Dequènes Initial release
  handlers 520ef12b 11 months Marc Dequènes Initial release
  meta d9f1c112 10 months Marc Dequènes add meta
  tasks b918ff7b 10 months Marc Dequènes fix POSIX ACLs
  templates 54ecd5a1 11 months Marc Dequènes allow specifying a zone non-default policy and ...
  vars 520ef12b 11 months Marc Dequènes Initial release
README.md 1.09 KB 54ecd5a1 11 months Marc Dequènes allow specifying a zone non-default policy and ...

Latest revisions

# Date Author Comment
d9f1c112 2018-05-14 18:08 Marc Dequènes

add meta

b918ff7b 2018-05-13 19:59 Marc Dequènes

fix POSIX ACLs

54ecd5a1 2018-05-03 03:53 Marc Dequènes

allow specifying a zone non-default policy and provide an unsigned one

35c0359b 2018-05-02 16:43 Marc Dequènes

fix zones path

0c458fcb 2018-05-02 10:33 Marc Dequènes

zones directories: only add POSIX ACLs

Leave zones directories creation to another role (bind9) and uses POSIX
ACLs to add the rights we need. This is to avoid both roles from
interfering with each other.

520ef12b 2018-05-02 08:07 Marc Dequènes

Initial release

View all revisions | View revisions

Also available in: Atom