effectivelywild.technitium_dns.technitium_dns_publish_all_keys module – Publish all generated DNSSEC private keys in a zone

Note

This module is part of the effectivelywild.technitium_dns collection (version 1.1.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install effectivelywild.technitium_dns.

To use it in a playbook, specify: effectivelywild.technitium_dns.technitium_dns_publish_all_keys.

New in effectivelywild.technitium_dns 0.4.0

Synopsis

  • Publishes all private keys that have state set as Generated by adding associated DNSKEY records for them.

  • Once published, the keys will be automatically activated.

  • For Key Signing Keys (KSK), once the state is set to Ready you can then safely replace the old DS record from the parent zone with a new DS key.

  • Once the new DS record is published at the parent zone, the DNS server will automatically detect and set the KSK state to Active.

  • The zone must already be signed with DNSSEC.

Parameters

Parameter

Comments

api_port

integer

Port for the Technitium DNS API. Defaults to 5380

Default: 5380

api_token

string / required

API token for authentication

api_url

string / required

Base URL for the Technitium DNS API

node

string

The node domain name for which this API call is intended

When unspecified, the current node is used

This parameter can be used only when Clustering is initialized

validate_certs

boolean

Whether to validate SSL certificates when making API requests.

Choices:

  • false

  • true ← (default)

zone

string / required

The name of the primary zone to publish keys for

See Also

See also

effectivelywild.technitium_dns.technitium_dns_add_private_key

Add DNSSEC private key to a zone

effectivelywild.technitium_dns.technitium_dns_get_dnssec_properties

Get DNSSEC properties for a zone

Examples

- name: Publish all generated keys in example.com
  technitium_dns_publish_all_keys:
    api_url: "http://localhost"
    api_token: "myapitoken"
    zone: "example.com"

- name: Publish all generated keys with custom API port
  technitium_dns_publish_all_keys:
    api_url: "http://localhost"
    api_port: 5380
    api_token: "myapitoken"
    zone: "example.com"

- name: Publish all generated keys on a specific cluster node
  technitium_dns_publish_all_keys:
    api_url: "http://localhost"
    api_token: "myapitoken"
    zone: "example.com"
    node: "node1.cluster.example.com"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

api_response

dictionary

Full API response from Technitium DNS server

Returned: always

Sample: {"status": "ok"}

changed

boolean

Whether the module made changes

Returned: always

Sample: true

failed

boolean

Whether the module failed

Returned: always

Sample: false

generated_keys_before

list / elements=string

List of keys that were in Generated state before publishing

Returned: success

Sample: [{"algorithm": "ECDSAP256SHA256", "keyTag": 12345, "keyType": "ZoneSigningKey"}]

msg

string

Human readable message describing the result

Returned: always

Sample: "Published 2 generated keys in zone 'example.com'"

published_keys_count

integer

Number of keys that were published

Returned: success

Sample: 2

Authors

  • Frank Muise (@effectivelywild)