effectivelywild.technitium_dns.technitium_dns_rollover_dnskey module – Rollover DNSKEY for a DNSSEC-signed zone

Note

This module is part of the effectivelywild.technitium_dns collection (version 1.1.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install effectivelywild.technitium_dns.

To use it in a playbook, specify: effectivelywild.technitium_dns.technitium_dns_rollover_dnskey.

New in effectivelywild.technitium_dns 0.4.0

Synopsis

  • Generates and publishes a new private key for the given key that has to be rolled over.

  • The old private key and its associated DNSKEY record will be automatically retired and removed safely once the new key is active.

  • The zone must already be signed with DNSSEC.

  • This module is not idempotent as each rollover generates a new key.

Parameters

Parameter

Comments

api_port

integer

Port for the Technitium DNS API. Defaults to 5380

Default: 5380

api_token

string / required

API token for authentication

api_url

string / required

Base URL for the Technitium DNS API

key_tag

integer / required

The key tag of the private key to rollover

node

string

The node domain name for which this API call is intended

When unspecified, the current node is used

This parameter can be used only when Clustering is initialized

validate_certs

boolean

Whether to validate SSL certificates when making API requests.

Choices:

  • false

  • true ← (default)

zone

string / required

The name of the primary zone to rollover DNSKEY for

See Also

See also

effectivelywild.technitium_dns.technitium_dns_get_dnssec_properties

Get DNSSEC properties for a zone

effectivelywild.technitium_dns.technitium_dns_update_private_key

Update DNSSEC private key properties

Examples

- name: Rollover DNSKEY with tag 12345
  technitium_dns_rollover_dnskey:
    api_url: "http://localhost"
    api_token: "myapitoken"
    zone: "example.com"
    key_tag: 12345

- name: Rollover DNSKEY with custom API port
  technitium_dns_rollover_dnskey:
    api_url: "http://localhost"
    api_port: 5380
    api_token: "myapitoken"
    zone: "example.com"
    key_tag: 67890

- name: Rollover DNSKEY on a specific cluster node
  technitium_dns_rollover_dnskey:
    api_url: "http://localhost"
    api_token: "myapitoken"
    zone: "example.com"
    key_tag: 12345
    node: "node1.cluster.example.com"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

api_response

dictionary

Full API response from Technitium DNS server

Returned: always

Sample: {"status": "ok"}

changed

boolean

Whether the module made changes

Returned: always

Sample: true

failed

boolean

Whether the module failed

Returned: always

Sample: false

key_tag

integer

The key tag that was rolled over

Returned: success

Sample: 12345

msg

string

Human readable message describing the result

Returned: always

Sample: "DNSKEY rollover initiated for key tag 12345 in zone 'example.com'"

zone

string

The zone where the rollover was performed

Returned: success

Sample: "example.com"

Authors

  • Frank Muise (@effectivelywild)