effectivelywild.technitium_dns.technitium_dns_get_dnssec_properties module – Get DNSSEC properties for a primary zone

Note

This module is part of the effectivelywild.technitium_dns collection (version 0.9.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install effectivelywild.technitium_dns.

To use it in a playbook, specify: effectivelywild.technitium_dns.technitium_dns_get_dnssec_properties.

New in effectivelywild.technitium_dns 0.1.0

Synopsis

  • Retrieve DNSSEC properties for a signed zone.

Parameters

Parameter

Comments

api_port

integer

Port for the Technitium DNS API. Defaults to 5380

Default: 5380

api_token

string / required

API token for authenticating with the Technitium DNS API

api_url

string / required

Base URL for the Technitium DNS API

validate_certs

boolean

Whether to validate SSL certificates when making API requests.

Choices:

  • false

  • true ← (default)

zone

string / required

The name of the primary zone to get DNSSEC properties for.

See Also

See also

effectivelywild.technitium_dns.technitium_dns_sign_zone

Sign a zone (DNSSEC)

effectivelywild.technitium_dns.technitium_dns_unsign_zone

Unsign a zone (DNSSEC)

effectivelywild.technitium_dns.technitium_dns_convert_to_nsec

Convert signed zone from NSEC to NSEC3

effectivelywild.technitium_dns.technitium_dns_convert_to_nsec3

Convert signed zone from NSEC3 to NSEC

Examples

- name: Get DNSSEC properties for example.com
  technitium_dns_get_dnssec_properties:
    api_url: "http://localhost"
    api_token: "myapitoken"
    zone: "example.com"
  register: result

- debug:
    var: result.dnssec_properties

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Whether the module made changes (always false for get operations)

Returned: always

Sample: false

dnssec_properties

dictionary

DNSSEC properties and configuration for the zone

Contains comprehensive information about DNSSEC signing status, keys, and settings

Returned: always

disabled

boolean

Whether the zone is disabled

Returned: always

dnsKeyTtl

integer

TTL for DNSKEY records in seconds

Returned: always

dnssecPrivateKeys

list / elements=string

List of DNSSEC private keys used for signing

Returned: always

algorithm

string

DNSSEC algorithm name

Returned: always

Sample: "ECDSAP256SHA256"

algorithmNumber

integer

DNSSEC algorithm number

Returned: always

Sample: 13

isRetiring

boolean

Whether the key is being retired

Returned: always

keyTag

integer

Key tag identifier

Returned: always

keyType

string

Type of key (KeySigningKey or ZoneSigningKey)

Returned: always

rolloverDays

integer

Rollover frequency in days

Returned: always

state

string

Current state of the key

Returned: always

stateChangedOn

string

When the key state last changed (ISO timestamp)

Returned: always

stateReadyBy

string

When the key will be ready for next state (ISO timestamp)

Returned: when available

dnssecStatus

string

DNSSEC signing status

Returned: always

Sample: "SignedWithNSEC3"

internal

boolean

Whether the zone is internal

Returned: always

name

string

Zone name

Returned: always

nsec3Iterations

integer

NSEC3 iterations parameter

Returned: when zone uses NSEC3

nsec3SaltLength

integer

NSEC3 salt length parameter

Returned: when zone uses NSEC3

type

string

Zone type

Returned: always

Sample: "Primary"

failed

boolean

Whether the module failed

Returned: always

Sample: false

Authors

  • Frank Muise (@effectivelywild)