Skip to content
DNS zonefile generation and NSD configuration for my servers.
Python Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
filter_plugins
group_vars/all
roles
.gitignore
Makefile
README
TODO
hosts
zones.yml

README

zones

DNS zones for my domains and managed by my servers.

TSIG generation

The TSIG secret just has to be a random string. I use the following:

head -c $(expr 384 / 8) /dev/urandom | base64

That generates a 384-bit secret and base-64 encodes it. This ought to be long enough, as RFC2845 states that the key length should be at lesst as long as the message digest. For the algorithm, I currently use 'hmac-sha256'.

The choice of a 384-bit shared secret is mainly because it's a number that divides evenly into 8 and 6, meaning you don't get a bunch of padding at the end of the base-64 string.

For key ID generation, do:

echo $(uuidgen | tr A-Z a-z).talideon.com.

SOA serial number generation

This requires dnspython to be present, which will typically be installed as a dependency of Ansible anyway. No checks are currently performed to see if the zone has actually changed. Something like ldns-compare-zones could be used for this.

You can’t perform that action at this time.