effectivelywild.technitium_dns.technitium_dns_sign_zone module – Sign a DNS zone
Note
This module is part of the effectivelywild.technitium_dns collection (version 0.4.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install effectivelywild.technitium_dns.
To use it in a playbook, specify: effectivelywild.technitium_dns.technitium_dns_sign_zone.
New in effectivelywild.technitium_dns 0.1.0
Synopsis
Signs a primary DNS zone using the Technitium DNS API.
Will not update DNSSEC properties once intially signed.
Parameters
Parameter |
Comments |
|---|---|
The algorithm to use for signing Choices:
|
|
Port for the Technitium DNS API. Defaults to 5380 Default: |
|
API token for authentication |
|
Base URL for the Technitium DNS API |
|
TTL for DNSKEY records |
|
NSEC3 iterations |
|
The size of the Key Signing Key (KSK) in bits to be used when using |
|
Proof of non-existence Choices:
|
|
PEM private key for KSK When this parameter is specified, the private key specified is used instead of automatically generating it. |
|
PEM private key for ZSK When this parameter is specified, the private key specified is used instead of automatically generating it. |
|
NSEC3 salt length |
|
Whether to validate SSL certificates when making API requests. Choices:
|
|
The name of the primary zone to sign |
|
The size of the Zone Signing Key (ZSK) in bits to be used when using |
|
ZSK rollover frequency in days |
See Also
See also
- effectivelywild.technitium_dns.technitium_dns_unsign_zone
Unsign a zone with DNSSEC
- effectivelywild.technitium_dns.technitium_dns_convert_to_nsec
Convert signed zone from NSEC to NSEC3
- effectivelywild.technitium_dns.technitium_dns_convert_to_nsec3
Convert signed zone from NSEC3 to NSEC
- effectivelywild.technitium_dns.technitium_dns_get_dnssec_properties
Get dnssec properties for a zone
Examples
- name: Sign a primary zone with ECDSA
technitium_dns_sign_zone:
api_url: "http://localhost:5380"
api_token: "{{ technitium_api_token }}"
zone: "example.com"
algorithm: "ECDSA"
curve: "P256"
dnsKeyTtl: 86400
zskRolloverDays: 30
nxProof: "NSEC3"
iterations: 0
saltLength: 0
- name: Sign a zone with RSA algorithm and custom key sizes
technitium_dns_sign_zone:
api_url: "http://localhost:5380"
api_token: "{{ technitium_api_token }}"
zone: "secure.example.com"
algorithm: "RSA"
hashAlgorithm: "SHA256"
kskKeySize: 2048
zskKeySize: 1024
dnsKeyTtl: 3600
zskRolloverDays: 90
nxProof: "NSEC"
- name: Sign a zone with EDDSA and custom NSEC3 parameters
technitium_dns_sign_zone:
api_url: "http://localhost:5380"
api_token: "{{ technitium_api_token }}"
zone: "modern.example.com"
algorithm: "EDDSA"
curve: "ED25519"
dnsKeyTtl: 172800
zskRolloverDays: 60
nxProof: "NSEC3"
iterations: 10
saltLength: 8
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Complete raw API response from Technitium DNS Returned: always |
|
The API response payload (empty dict for successful sign operations) Returned: always Sample: |
|
API response status Returned: always Sample: |
|
Whether the module made changes Returned: always Sample: |
|
Whether the module failed Returned: always Sample: |
|
Human readable message describing the result Returned: always Sample: |