effectivelywild.technitium_dns.technitium_dns_rollover_dnskey module – Rollover DNSKEY for a DNSSEC-signed zone

Note

This module is part of the effectivelywild.technitium_dns collection (version 0.4.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install effectivelywild.technitium_dns.

To use it in a playbook, specify: effectivelywild.technitium_dns.technitium_dns_rollover_dnskey.

New in effectivelywild.technitium_dns 0.4.0

Synopsis

  • Generates and publishes a new private key for the given key that has to be rolled over.

  • The old private key and its associated DNSKEY record will be automatically retired and removed safely once the new key is active.

  • The zone must already be signed with DNSSEC.

  • This module is not idempotent as each rollover generates a new key.

Parameters

Parameter

Comments

api_port

integer

Port for the Technitium DNS API. Defaults to 5380

Default: 5380

api_token

string / required

API token for authentication

api_url

string / required

Base URL for the Technitium DNS API

key_tag

integer / required

The key tag of the private key to rollover

validate_certs

boolean

Whether to validate SSL certificates when making API requests.

Choices:

  • false

  • true ← (default)

zone

string / required

The name of the primary zone to rollover DNSKEY for

See Also

See also

effectivelywild.technitium_dns.technitium_dns_get_dnssec_properties

Get DNSSEC properties for a zone

effectivelywild.technitium_dns.technitium_dns_update_private_key

Update DNSSEC private key properties

Examples

- name: Rollover DNSKEY with tag 12345
  technitium_dns_rollover_dnskey:
    api_url: "http://localhost"
    api_token: "myapitoken"
    zone: "example.com"
    key_tag: 12345

- name: Rollover DNSKEY with custom API port
  technitium_dns_rollover_dnskey:
    api_url: "http://localhost"
    api_port: 5380
    api_token: "myapitoken"
    zone: "example.com"
    key_tag: 67890

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

api_response

dictionary

Full API response from Technitium DNS server

Returned: always

Sample: {"status": "ok"}

changed

boolean

Whether the module made changes

Returned: always

Sample: true

failed

boolean

Whether the module failed

Returned: always

Sample: false

key_tag

integer

The key tag that was rolled over

Returned: success

Sample: 12345

msg

string

Human readable message describing the result

Returned: always

Sample: "DNSKEY rollover initiated for key tag 12345 in zone 'example.com'"

zone

string

The zone where the rollover was performed

Returned: success

Sample: "example.com"

Authors

  • Frank Muise (@effectivelywild)