Configuration options for notify, dns sec validation, local path to zone files

README.md

@@ -34,6 +34,23 @@ Optionally: If your nameservers acts as a secondary nameserver, here is a sample
             - example.net
             - example.org
 
+Optionally: If you want to notify a server, here is a sample configuration. Note that by default all servers in NS records will be notified.
+
+      bind_config_master_zones:
+        # also_notify is a list of IPs
+        - name: example.com
+          also_notify: [127.0.1.2]
+        - name: example.org
+          also_notify:
+            - 127.0.1.2
+            - 127.0.2.3
+
+Optionally: If you want to disable default notify a server, here is a sample:
+
+      bind_config_master_zones:
+        # valid values for notify: "yes", "no", explicit. Make sure "yes" and "no" are strings
+        - name: example.com
+          notify: explicit
 
 Optionally: If you need to forward some zones directly to another nameserver, here is a sample:
 
@@ -53,6 +70,10 @@ Optionally: If you want to adjust the allow-query option globally, here is a sam
     bind_config_allow_query: [ '127.1.0.1', '127.1.0.2' ]
 
 
+Optionally: If you want to use DNS-SEC validation, here is is how to enable this:
+
+    bind_config_dnssec_enabled: true
+
 ## Dependencies
 
 None.

defaults/main.yml

@@ -10,6 +10,8 @@ bind_service_enabled: yes
 bind_pkg_state: installed
 bind_base_zones_path: "/var/lib/bind"
 bind_masterzones_path: "masters"
+bind_masterzones_local_path: "{{ bind_masterzones_path }}"
 bind_slavezones_path: "slaves"
 bind_config_listen_on: any
 bind_config_allow_query: []
+bind_config_dnssec_enabled: false

tasks/main.yml

@@ -26,7 +26,7 @@
   notify: restart bind
 
 - name: Copy master zone files
-  copy: src={{ bind_masterzones_path }}/db.{{ item.name }} dest={{ bind_base_zones_path }}/{{bind_masterzones_path}} owner={{ bind_user }} group={{ bind_group }}
+  copy: src={{ bind_masterzones_local_path }}/db.{{ item.name }} dest={{ bind_base_zones_path }}/{{bind_masterzones_path}} owner={{ bind_user }} group={{ bind_group }}
   with_items: "{{ bind_config_master_zones }}"
   notify: reload bind
   tags: bind-zones

templates/named.conf.local.master.j2

@@ -4,12 +4,23 @@
 zone "{{ master_zone.name }}" {
     type master;
     file "{{bind_base_zones_path}}/{{bind_masterzones_path}}/db.{{ master_zone.name }}";
+{% if master_zone.notify is defined and master_zone.notify in ['yes', 'no','explicit']  %}
+    notify {{ master_zone.notify }};
+{% endif %}
 {% if master_zone.allow_transfer is defined %}
     allow-transfer {
 {% for allow_transfer in master_zone.allow_transfer %}
         {{ allow_transfer }};
 {% endfor %}
     };
+    also-notify {
+{% if master_zone.also_notify is defined %}
+{% for notified_host in master_zone.also_notify %}
+        {{ notified_host }};
+{% endfor %}
+{% endif %}
+    };
+
 {% endif %}
 {% if master_zone.allow_update is defined %}
     allow-update {

templates/named.conf.options.j2

@@ -10,7 +10,7 @@ options {
         // port by default.
 
         //query-source address * port 53;
-  
+
         query-source address * port *;
 
         transfer-source *;
@@ -41,23 +41,25 @@ options {
         };
 	{% endif %}
 
-        //dnssec-enable yes;
-        //dnssec-validation yes;
+{% if bind_config_dnssec_enabled %}
+        dnssec-enable yes;
+        dnssec-validation auto;
+{% endif %}
 
         auth-nxdomain no;    # conform to RFC1035
-        
-        listen-on { {{ bind_config_listen_on }}; }; 
+
+        listen-on { {{ bind_config_listen_on }}; };
         listen-on-v6 { any; };
 
-  {% if bind_config_allow_query %}
+{% if bind_config_allow_query %}
       allow-query {
       {% for queries in bind_config_allow_query %}
         {{ queries }};
       {% endfor %}
       };
-  {% else %}
+{% else %}
         allow-query { any; };              // This is the default
-  {% endif %}
+{% endif %}
 
         recursion {{ bind_config_recursion }};                      // Do not provide recursive service
         zone-statistics yes;