0746dc187b
Logs show that the nameservers are being notified via ipv6 and rejecting the request: nsd[18851]: notify for acme.opendev.org. \ from 2001:4800:7819:104:be76:4eff:fe04:43d0 refused, no acl matches. Modify the nsd ACL to allow the ipv6 of the master to trigger updates. This is important for the letsencrypt process, where we need the acme.opendev.org domain updated in a timely fashion so that TXT authentication works. Change-Id: I785f9636dd05e15b8ffd211845f439be7e8344a3
47 lines
1.2 KiB
ReStructuredText
47 lines
1.2 KiB
ReStructuredText
Configure an authoritative nameserver
|
|
|
|
This role installs and configures nsd to be an authoritative
|
|
nameserver.
|
|
|
|
**Role Variables**
|
|
|
|
.. zuul:rolevar:: tsig_key
|
|
:type: dict
|
|
|
|
The TSIG key used to authenticate connections between nameservers.
|
|
|
|
.. zuul:rolevar:: algorithm
|
|
|
|
The algorithm used by the key.
|
|
|
|
.. zuul:rolevar:: secret
|
|
|
|
The secret portion of the key.
|
|
|
|
.. zuul:rolevar:: dns_zones
|
|
:type: list
|
|
|
|
A list of zones that should be served by named. Each item in the
|
|
list is a dictionary with the following keys:
|
|
|
|
.. zuul:rolevar:: name
|
|
|
|
The name of the zone.
|
|
|
|
.. zuul:rolevar:: source
|
|
|
|
The repo name and path of the directory containing the zone
|
|
file. For example if a repo was provided to
|
|
:zuul:rolevar:`master-nameserver.dns_repos.name` with the name
|
|
``example.com``, and within that repo, the ``zone.db`` file was
|
|
located at ``zones/example_com/zone.db``, then the value here
|
|
should be ``example.com/zones/example_com``.
|
|
|
|
.. zuul:rolevar:: dns_master_ipv4
|
|
|
|
Required argument. The IPv4 addresses of the master nameserver.
|
|
|
|
.. zuul:rolevar:: dns_master_ipv6
|
|
|
|
Required argument. The IPv6 addresses of the master nameserver.
|