effectivelywild.technitium_dns.technitium_dns_publish_all_keys module – Publish all generated DNSSEC private keys in a zone

Note

This module is part of the effectivelywild.technitium_dns collection (version 0.9.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install effectivelywild.technitium_dns.

To use it in a playbook, specify: effectivelywild.technitium_dns.technitium_dns_publish_all_keys.

New in effectivelywild.technitium_dns 0.4.0

Synopsis

  • Publishes all private keys that have state set as Generated by adding associated DNSKEY records for them.

  • Once published, the keys will be automatically activated.

  • For Key Signing Keys (KSK), once the state is set to Ready you can then safely replace the old DS record from the parent zone with a new DS key.

  • Once the new DS record is published at the parent zone, the DNS server will automatically detect and set the KSK state to Active.

  • The zone must already be signed with DNSSEC.

Parameters

Parameter

Comments

api_port

integer

Port for the Technitium DNS API. Defaults to 5380

Default: 5380

api_token

string / required

API token for authentication

api_url

string / required

Base URL for the Technitium DNS API

validate_certs

boolean

Whether to validate SSL certificates when making API requests.

Choices:

  • false

  • true ← (default)

zone

string / required

The name of the primary zone to publish keys for

See Also

See also

effectivelywild.technitium_dns.technitium_dns_add_private_key

Add DNSSEC private key to a zone

effectivelywild.technitium_dns.technitium_dns_get_dnssec_properties

Get DNSSEC properties for a zone

Examples

- name: Publish all generated keys in example.com
  technitium_dns_publish_all_keys:
    api_url: "http://localhost"
    api_token: "myapitoken"
    zone: "example.com"

- name: Publish all generated keys with custom API port
  technitium_dns_publish_all_keys:
    api_url: "http://localhost"
    api_port: 5380
    api_token: "myapitoken"
    zone: "example.com"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

api_response

dictionary

Full API response from Technitium DNS server

Returned: always

Sample: {"status": "ok"}

changed

boolean

Whether the module made changes

Returned: always

Sample: true

failed

boolean

Whether the module failed

Returned: always

Sample: false

generated_keys_before

list / elements=string

List of keys that were in Generated state before publishing

Returned: success

Sample: [{"algorithm": "ECDSAP256SHA256", "keyTag": 12345, "keyType": "ZoneSigningKey"}]

msg

string

Human readable message describing the result

Returned: always

Sample: "Published 2 generated keys in zone 'example.com'"

published_keys_count

integer

Number of keys that were published

Returned: success

Sample: 2

Authors

  • Frank Muise (@effectivelywild)