This file contains al notable changes to the bind Ansible role.
This file adheres to the guidelines of http://keepachangelog.com/. Versioning follows Semantic Versioning. "GH-X" refers to the X'th issue/pull request on the Github project.
This release is long overdue. Apologies to all of you who have been waiting for this!
- (GH-132) Add support for forward type zones and zone type auto-detection (credit: Gregory Shulov)
- (GH-134) Add support to listen on custom port numbers (credit: flora-five)
- (GH-151) Add switch to choose Python version (credit: itbane)
- (GH-156) Add DNS Certification Authority Authorization (CAA) (credit: roumano)
- (GH-165) Add role variable
bind_allow_transfer
to populate allow-transfer setting instead of adding all defined ACLs. That means that from now on, you need to specify your ACLs explicitly in allow-transfer if you expect this behavior!
- (GH-131) Give nodes a consistent IP in Molecule tests (credit: Gregory Shulov)
- (GH-140) Replace
py36-netaddr
withpy37-netaddr
on FreeBSD (credit: Shawn Wilsher) - (GH-150) Fix config template for BIND 9.16 re:
dnssec-enable
(credit: itbane) - (GH-152) Configure TSIG keys for notify/update queries (credit: itbane)
- (GH-155) Fix Jinja block indent in querylog (credit: Miroslav Hudec)
- (GH-160) Corrected regex, so that IPv6 reverse DNS entries get created correctly (credit: Zephyr82)
Quite a bit of breaking changes in this release, so update your playbooks!
- (GH-122) Support for DNS64 (credit: Paulius Mazeika)
- The test playbook now enables the statistics-channels. Enter http://SERVER_IP:8053 in a webbrowser to view the server statistics.
- Ubuntu 16.04 is now included in CI tests
- The terms
master
andslave
were replaced byprimary
andsecondary
, respectively, in all playbooks, templates and documentation. This reflects changes in recent versions of BIND. Remark that the actual configuration files still use the "old" names, because most supported distros still have older versions of BIND in their software package repositories. bind_zone_domains
is renamed tobind_zones
master_server_ip
is renamed toprimaries
and is now a list instead of a string. This makes it possible to specify multiple primary servers. (Inspired by GH-124 by @pavel-z1)- It is now possible to specify the type of each zone individually. If
bind_zones.hosts
is defined, it becomes a primary zone, if not a secondary. (Inspired by GH-125 by @pavel-z1)
See the documentation in the README and the test playbook for updated examples.
- (GH-130) Primary and secondary server configuration is now unified (a single template instead of separate). CI tests are now executed on Github Actions. Acceptance tests are now performed using a playbook instead of BATS. (credit: Gregory Shulov)
- Code cleanup (linter warnings, deprecated comments, etc.)
An update that's been long overdue. Several PRs with new features were merged!
A special thanks to @blofeldthefish for his willingness to help out with maintaining this role and to @RobinsOphalvens for contributing the new testing harness based on Molecule. Thanks to them, further development of this role got out of the deadlock it's been in since the previous version.
- New supported platforms
- CentOS 8 (GH-107, credit: Paulius Mazeika)
- Debian 10 (no changes were needed)
- FreeBSD (GH-100, credit: psa)
- Ubuntu 20.04 LTS (no changes were needed)
- (GH-69) Allow TTLs for individual records (credit: Stuart Knight)
- (GH-79) Added support for the SSHFP record type (credit: Romuald)
- (GH-81) Added support for the DNAME record type (credit: B. Verschueren)
- (GH-82) Added support for the NAPTR record type (credit: Aido)
- (GH-83) Added support for the
$GENERATE
directive (credit: Rayford Johnson) - (GH-85) New role variable
bind_other_logs
(credit: Paulo E. Castro) - (GH-87) New role variable
bind_dns_keys
, a list of binding keys (credit: Jérôme Avond) - (GH-88) New role variable
bind_statistics_channels
(credit: Stuart Knight) - (GH-105, GH-113) New role variable
bind_query_log
, with more flexibility w.r.t. query logging (credit: Romuald and Jascha Sticher) - New keys in
bind_zone_domains
:create_forward_zones
andcreate_reverse_zones
. When present and set to false, they will prevent the creation of the forward or reverse zones, respectively. This results in a reverse only or forward only name server for that zone.
- Molecule is now used as testing harness (credit: Robin Ophalvens). The previous system was written before any standardised testing tools were available. It became too cumbersome to maintain, which had serious impact on the further development of this role.
- (GH-75) Refactored hash gathering to determine if zone files need to be regenerated (credit: Stuart Knight)
- (GH-89) Add missing
allow-recursion
parameter for bind slaves, allowing them to handle recursion correctly (credit: Lennart Weller) - (GH-91) Ensure the directory for cached slave zones is created (credit: Otto Sabart)
- (GH-99) Use
bind_group
variable instead of hard-coded value (credit: Boris Momčilović) - (GH-114,115) Fix error with scenario in conjunction with a dhcp shared secret key to provide dynamic dns updates. (credit: Fabio Rocha)
- (GH-106) Removed DNSSEC Lookaside Validation, this service has been shut down
- (GH-53) Add variable
bind_zone_dir
andbind_zone_file_mode
for setting the master zone file path and mode, andbind_extra_include_files
for including arbitrary configuration files into named.conf. (credit: Brad Durrow) - (GH-64) Add variable
bind_query_log
to enable query logging (credit: Angel Barrera)
- (GH-55) Fix issue with non-existing file when grepping domain (credit: Tom Meinlschmidt)
- (GH-57) Fix issue with forwarding in subdomain delegations (credit: Stuart Knight)
- (GH-66) Fix issue that causes playbook to fail when running in
--check
mode (credit: Jörg Eichhorn) - (GH-67) Improved documentation with minimal slave configuration (credit: Christopher Hicks)
- Add Ubuntu 18.04, Debian 8-9 and Arch Linux to list of supported distros.
- (GH-52) Move all zone specific configuration options to
bind_zones
(credit: Stuart Knight)
- (GH-50) Add support for multiple zones (credit: Stuart Knight). This is a breaking change, as it changes the syntax for specifying zones.
- Allow out-of-zone name server records
- Allow multi-line
ansible_managed
comment (credit: Fazle Arefin) - Fix the atrocious implementation of (GH-35)
- Updated documentation for specifying hosts with multiple IP addresses
- Create serial as UTC UNIX time (credit: David J. Haines)
- Fix bugs, linter and deprecation warnings
- (GH-35) Role variable
bind_check_names
, which adds support for check-names (e.g.check-names master ignore;
) - (GH-36) Role variable
bind_allow_recursion
, which adds support for allow-recursion (credit: Loic Dachary) - (GH-39) Role variable
bind_zone_delegate
, which adds support for zone delegation / NS records (credit: Loic Dachary) - (GH-40) Role variables
bind_dnssec_enable
andbind_dnssec_validation
, which makes DNSSEC validation configurable (credit: Guillaume Darmont).
- (GH-38) Only append domain to MX if it does not end with a dot (credit: Loic Dachary)
This release adds support for multiple TXT entries and fixes some bugs.
- (GH-31) Support for multiple TXT entries for the same name (credit: Rafael Bodill)
- (GH-31) Fixed ipv6 reverse zone hash calculation for complete idempotency (credit: Stuart Knight)
- (GH-32, GH-33) Fix for bug where CNAMEs and Multi-IP entries weren't working (credit: Greg Cockburn)
- (GH-29) Zone files are fully idempotent, so are only changed when actual content changes (credit: @Stuart Knight)
- (GH-10) Implement reverse IPv6 lookups
- (GH-28) Add option
bind_forwarders
andbind_forward_only
, which allows BIND to be set up as a caching name server.
- Fixed a bug with generating the reverse zone names.
- (GH-25) Allow slave log file to be set with variable
bind_log
instead of a hard coded value (credit @kartone). - The alignment of columns in the reverse zone file are improved
- (GH-22, 23) Documentation improvements
- (GH-27) Allow dynamic updates (credit: @bverschueren)
- The custom filter plugins were removed. The functionality has since been added to Ansible's built-in filter plugins. This does require
python-netaddr
to be installed on the management node.
- The call to
named-checkconf
was fixed. It had the full path to the binary, which is not the same on all distributions. (GH-20, credit @peterjanes)
- The check for master/slave server is improved (GH-19, credit @josetaas)
- Introduced role variable
bind_log
, the path to the log file. - Introduced role variable
bind_zone_also_notify
, a list of servers that will receive a notification when the master zone file is reloaded (GH-18, credit: Joanna Delaporte) - Reverse zone files now handle the case with only a single host (GH-18, credit: Joanna Delaporte)
- (GH-16) Support for service record (SRV) lookups
- Support for text record (TXT) lookups
- Fixed Ansible 2.0 deprecation warnings
- Generating a serial is no longer considered a change
- Ensured that all role variables have a default value, e.g. empty list instead of undefined. This simplifies template logic (no
if defined
tests), and is considered deprecated in playbooks within a with_ loop.
- The
version:
field inmeta/main.yml
. This an unofficial field that is used by a third-party tool for managing role dependencies (librarian-ansible). Custom meta fields are no longer accepted in Ansible 2.0. See ansible/ansible#13496 for more info. Unfortunately, this will break support for librarian-ansible. As a workaround, until this issue is resolved upstream, use version 3.3.0 of this role.
- Added role variable
bind_other_name_servers
for adding NS records for DNS servers outside of the domain. (GH-12) - Re-added
bind_recursion
, as it is needed in some cases. (GH-14)
- The domain name can now also point to an IP address, enabling e.g. "http://example.com/" (GH-11)
- Add support for multiple IP addresses per host (GH-9)
- Allow setting
rrset-order
(for DNS round robin) - Add support for (multiple) IPv6 (AAAA) records (GH-2). For now, only forward lookups are supported.
- Test code is put into a separate branch. This means that test code is no longer included when installing the role from Ansible Galaxy.
- Add support for zone transfers (GH-8)
- Check whether
bind_zone_master_server_ip
was set (GH-7)
- Role variable
bind_recursion
was removed. This role is explicitly only suitable for an authoritative DNS server, and in this case, recursion should be off.
- You can now set up a master and slave DNS server.
- The variable
bind_zone_master_server_ip
was added. This is a required variable, which makes this release not backwards compatible. - Automated acceptance tests for the test playbook
- Added EL6 to supported platforms. Thanks to @rilindo for verifying this.
- Recursion is turned off by default, which fits an authoritative name server. This change is not backwards compatible, as the behaviour of BIND is different from before when you do not set the variable
bind_recursion
explicitly.
- Firewall settings. This should not be a concern of this role. Configuring the firewall is functionality offered by other roles (e.g. bertvv.bind)
First release!
- Functionality for master DNS server
- Multiple reverse lookup zones