effectivelywild.technitium_dns.technitium_dns_set_server_settings module – Update DNS server settings

Note

This module is part of the effectivelywild.technitium_dns collection (version 1.1.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install effectivelywild.technitium_dns.

To use it in a playbook, specify: effectivelywild.technitium_dns.technitium_dns_set_server_settings.

New in effectivelywild.technitium_dns 1.1.0

Synopsis

• Update Technitium DNS server settings.

Parameters

Parameter	Comments
allowTxtBlockingReport boolean	Include TXT blocking report for TXT queries. Choices: false true
api_port integer	Port for the Technitium DNS API. Defaults to 5380 Default: 5380
api_token string / required	API token for authenticating with the Technitium DNS API
api_url string / required	Base URL for the Technitium DNS API
blockingAnswerTtl integer	TTL in seconds for blocking responses.
blockingBypassList list / elements=string	Networks allowed to bypass blocking.
blockingType string	Response type for blocked domains. Choices: "AnyAddress" "NxDomain" "CustomAddress"
blockListUpdateIntervalHours integer	Interval in hours to update block lists.
blockListUrls list / elements=string	Block list URLs. Use clear_blockListUrls to remove all block list URLs.
cacheFailureRecordTtl integer	Failure TTL value for caching ServerFailure responses.
cacheMaximumEntries integer	Maximum cache entries.
cacheMaximumRecordTtl integer	Maximum TTL allowed in cache.
cacheMinimumRecordTtl integer	Minimum TTL allowed in cache.
cacheNegativeRecordTtl integer	Negative TTL value.
cachePrefetchEligibility integer	Minimum initial TTL to be eligible for prefetching.
cachePrefetchSampleEligibilityHitsPerHour integer	Minimum hits per hour to be eligible for auto prefetch.
cachePrefetchSampleIntervalInMinutes integer	Interval to sample eligible domains for auto prefetch.
cachePrefetchTrigger integer	TTL trigger to start prefetch; 0 disables.
clear_blockListUrls boolean	Clear all block list URLs. Cannot be used together with blockListUrls. Choices: false ← (default) true
clear_forwarders boolean	Clear all forwarders to use recursion. Cannot be used together with forwarders. Choices: false ← (default) true
clear_qpmPrefixLimitsIPv4 boolean	Clear all IPv4 prefix limits. Cannot be used together with qpmPrefixLimitsIPv4. Choices: false ← (default) true
clear_qpmPrefixLimitsIPv6 boolean	Clear all IPv6 prefix limits. Cannot be used together with qpmPrefixLimitsIPv6. Choices: false ← (default) true
clear_recursionNetworkACL boolean	Clear recursion network ACL entries. Cannot be used together with recursionNetworkACL. Choices: false ← (default) true
clear_tsigKeys boolean	Clear all TSIG keys. Cannot be used together with tsigKeys. Choices: false ← (default) true
clientTimeout integer	Time in ms before responding ServerFailure when no answer (1000-10000).
concurrentForwarding boolean	Query multiple forwarders concurrently. Choices: false true
customBlockingAddresses list / elements=string	Custom addresses returned when blockingType is CustomAddress.
defaultRecordTtl integer	Default TTL value for records when not specified.
defaultResponsiblePerson string	Default SOA Responsible Person email for new primary zones.
dnsAppsEnableAutomaticUpdate boolean	Enable automatic DNS App updates every 24 hours. Choices: false true
dnsOverHttpPort integer	TCP port for DNS-over-HTTP.
dnsOverHttpRealIpHeader string	Header to read client IP for DNS-over-HTTP when behind reverse proxy.
dnsOverHttpsPort integer	TCP port for DNS-over-HTTPS.
dnsOverQuicPort integer	UDP port for DNS-over-QUIC.
dnsOverTcpProxyPort integer	TCP port for DNS-over-TCP-PROXY.
dnsOverTlsPort integer	TCP port for DNS-over-TLS.
dnsOverUdpProxyPort integer	UDP port for DNS-over-UDP-PROXY.
dnssecValidation boolean	Enable DNSSEC validation for responses. Choices: false true
dnsServerDomain string	Primary domain name used by this DNS Server to identify itself.
dnsServerIPv4SourceAddresses list / elements=string	IPv4 source addresses to use for outbound DNS requests.
dnsServerIPv6SourceAddresses list / elements=string	IPv6 source addresses to use for outbound DNS requests.
dnsServerLocalEndPoints list / elements=string	List of IP:port endpoints to listen for DNS requests.
dnsTlsCertificatePassword string	Password for DNS TLS certificate.
dnsTlsCertificatePath string	PKCS
eDnsClientSubnet boolean	Enable EDNS Client Subnet. Choices: false true
eDnsClientSubnetIpv4Override string	IPv4 network to use as ECS override.
eDnsClientSubnetIPv4PrefixLength integer	EDNS Client Subnet IPv4 prefix length.
eDnsClientSubnetIpv6Override string	IPv6 network to use as ECS override.
eDnsClientSubnetIPv6PrefixLength integer	EDNS Client Subnet IPv6 prefix length.
enableBlocking boolean	Enable blocking via blocked zones and lists. Choices: false true
enableDnsOverHttp boolean	Accept DNS-over-HTTP requests. Choices: false true
enableDnsOverHttp3 boolean	Accept DNS-over-HTTP/3 requests. Choices: false true
enableDnsOverHttps boolean	Accept DNS-over-HTTPS requests. Choices: false true
enableDnsOverQuic boolean	Accept DNS-over-QUIC requests. Choices: false true
enableDnsOverTcpProxy boolean	Accept DNS-over-TCP-PROXY requests. Choices: false true
enableDnsOverTls boolean	Accept DNS-over-TLS requests. Choices: false true
enableDnsOverUdpProxy boolean	Accept DNS-over-UDP-PROXY requests. Choices: false true
enableInMemoryStats boolean	Store only last hour stats in memory (no disk stats). Choices: false true
enableLogging boolean	Legacy flag for enabling logging (use loggingType). Choices: false true
enableUdpSocketPool boolean	Enable UDP socket pool for outbound DNS-over-UDP requests. Choices: false true
forwarderConcurrency integer	Number of concurrent requests per forwarder.
forwarderProtocol string	Forwarder transport protocol. Choices: "Udp" "Tcp" "Tls" "Https" "Quic"
forwarderRetries integer	Number of forwarder retries.
forwarders list / elements=string	Forwarders list. Use clear_forwarders to remove all forwarders and use recursion.
forwarderTimeout integer	Forwarder timeout in ms.
ignoreResolverLogs boolean	Stop logging resolver errors. Choices: false true
listenBacklog integer	Max pending inbound connections.
logFolder string	Folder path for log files.
loggingType string	How error/audit logs are written. Choices: "None" "File" "Console" "FileAndConsole"
logQueries boolean	Log every query and response. Choices: false true
maxConcurrentResolutionsPerCore integer	Max concurrent outbound resolutions per CPU core.
maxLogFileDays integer	Max days to keep log files; 0 disables auto delete.
maxStatFileDays integer	Max days to keep dashboard stats; 0 disables auto delete.
minSoaRefresh integer	Minimum refresh interval for secondary, stub, and catalog zones.
minSoaRetry integer	Minimum retry interval for secondary, stub, and catalog zones.
notifyAllowedNetworks list / elements=string	Networks allowed to notify all secondary zones.
preferIPv6 boolean	Prefer IPv6 for querying when possible. Choices: false true
proxyAddress string	Proxy server hostname or IP.
proxyBypass list / elements=string	Bypass list for proxy (IP, CIDR, or hostnames).
proxyPassword string	Proxy password.
proxyPort integer	Proxy server port.
proxyType string	Proxy protocol for outbound DNS. Choices: "None" "Http" "Socks5"
proxyUsername string	Proxy username.
qnameMinimization boolean	Enable QNAME minimization for recursive resolution. Choices: false true
qpmLimitBypassList list / elements=string	Networks allowed to bypass QPM limit.
qpmLimitSampleMinutes integer	Client query stats sample size in minutes.
qpmLimitUdpTruncationPercentage integer	Percentage of UDP requests truncated when QPM limit exceeds (0-100).
qpmPrefixLimitsIPv4 list / elements=dictionary	List of IPv4 prefix limits. Use clear_qpmPrefixLimitsIPv4 to remove all entries.
prefix integer / required	IPv4 prefix length to limit (e.g. 32, 24)
tcpLimit integer / required	Allowed TCP queries per minute for the prefix
udpLimit integer / required	Allowed UDP queries per minute for the prefix
qpmPrefixLimitsIPv6 list / elements=dictionary	List of IPv6 prefix limits. Use clear_qpmPrefixLimitsIPv6 to remove all entries.
prefix integer / required	IPv6 prefix length to limit (e.g. 128, 64)
tcpLimit integer / required	Allowed TCP queries per minute for the prefix
udpLimit integer / required	Allowed UDP queries per minute for the prefix
quicIdleTimeout integer	Idle timeout in ms for QUIC connections (1000-90000).
quicMaxInboundStreams integer	Max inbound bidirectional streams per QUIC connection (1-1000).
randomizeName boolean	Enable QNAME randomization. Choices: false true
recursion string	Recursion policy. Choices: "Deny" "Allow" "AllowOnlyForPrivateNetworks" "UseSpecifiedNetworkACL"
recursionNetworkACL list / elements=string	ACL for recursion when policy is UseSpecifiedNetworkACL. Use clear_recursionNetworkACL to remove entries.
resolverConcurrency integer	Number of concurrent resolver requests.
resolverMaxStackCount integer	Max resolver stack count.
resolverRetries integer	Number of resolver retries.
resolverTimeout integer	Resolver timeout in ms.
reverseProxyNetworkACL list / elements=string	ACL for reverse proxy sources.
saveCache boolean	Save DNS cache on disk at shutdown. Choices: false true
serveStale boolean	Serve stale records when upstream unavailable. Choices: false true
serveStaleAnswerTtl integer	TTL in seconds for answers in stale response (0-300).
serveStaleMaxWaitTime integer	Max wait time in ms before serving stale records (0-1800).
serveStaleResetTtl integer	TTL reset value in seconds when refresh fails (10-900).
serveStaleTtl integer	TTL in seconds for stale records (max 604800).
socketPoolExcludedPorts list / elements=integer	Ports to exclude from UDP socket pool.
tcpReceiveTimeout integer	Max time in ms to receive TCP data (1000-90000).
tcpSendTimeout integer	Max time in ms to send TCP response (1000-90000).
tsigKeys list / elements=dictionary	List of TSIG keys. Use clear_tsigKeys to remove all keys.
algorithmName string / required	TSIG algorithm name (e.g. hmac-sha256)
keyName string / required	TSIG key name
sharedSecret string / required	Base64-encoded shared secret
udpPayloadSize integer	Maximum EDNS UDP payload size (512-4096).
useLocalTime boolean	Use local time for logging. Choices: false true
useSoaSerialDateScheme boolean	Use SOA serial date scheme as default for new zones. Choices: false true
validate_certs boolean	Whether to validate SSL certificates when making API requests. Choices: false true ← (default)
webServiceEnableHttp3 boolean	Enable HTTP/3 for web service. Choices: false true
webServiceEnableTls boolean	Enable HTTPS service. Choices: false true
webServiceHttpPort integer	HTTP port for web console/API.
webServiceHttpToTlsRedirect boolean	Redirect HTTP to HTTPS. Choices: false true
webServiceLocalAddresses list / elements=string	Local addresses for web service.
webServiceRealIpHeader string	Header to read client IP when behind reverse proxy.
webServiceTlsCertificatePassword string	Password for TLS certificate file.
webServiceTlsCertificatePath string	Path to PKCS
webServiceTlsPort integer	HTTPS port for web console.
webServiceUseSelfSignedTlsCertificate boolean	Use self-signed certificate when TLS cert path is not set. Choices: false true
zoneTransferAllowedNetworks list / elements=string	Networks allowed for zone transfers across all zones.

See Also

See also

effectivelywild.technitium_dns.technitium_dns_get_server_settings

Get DNS server settings

Examples

- name: Enable HTTPS for web service
  effectivelywild.technitium_dns.technitium_dns_set_server_settings:
    api_url: "http://localhost"
    api_token: "myapitoken"
    webServiceEnableTls: true
    webServiceTlsPort: 53443
    webServiceUseSelfSignedTlsCertificate: true

- name: Configure resolver behavior and logging
  effectivelywild.technitium_dns.technitium_dns_set_server_settings:
    api_url: "http://localhost"
    api_token: "myapitoken"
    resolverTimeout: 2000
    resolverRetries: 3
    loggingType: File
    logQueries: true

- name: Set forwarders with HTTPS transport
  effectivelywild.technitium_dns.technitium_dns_set_server_settings:
    api_url: "http://localhost"
    api_token: "myapitoken"
    forwarders:
      - "1.1.1.1"
      - "1.0.0.1"
    forwarderProtocol: Https
    forwarderTimeout: 1500

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
changed boolean	Whether the module made changes Returned: always
diff dictionary	Dictionary showing which settings changed Returned: when changes are detected Sample: {"resolverTimeout": {"current": 1500, "desired": 2000}}
failed boolean	Whether the module failed Returned: always
msg string	Human readable message describing the result Returned: always
settings dictionary	Updated DNS server settings returned by the API Returned: always

Authors

• Frank Muise (@effectivelywild)

Collection links

• Issue Tracker
• Repository (Sources)