This file contains al notable changes to the bind Ansible role.
This file adheres to the guidelines of http://keepachangelog.com/. Versioning follows Semantic Versioning. "GH-X" refers to the X'th issue/pull request on the Github project.
- (GH-53) Add variable
bind_zone_dir
andbind_zone_file_mode
for setting the master zone file path and mode, andbind_extra_include_files
for including arbitrary configuration files into named.conf. (credit: Brad Durrow) - (GH-64) Add variable
bind_query_log
to enable query logging (credit: Angel Barrera)
- (GH-55) Fix issue with non-existing file when grepping domain (credit: Tom Meinlschmidt)
- (GH-57) Fix issue with forwarding in subdomain delegations (credit: Stuart Knight)
- (GH-66) Fix issue that causes playbook to fail when running in
--check
mode (credit: Jörg Eichhorn) - (GH-67) Improved documentation with minimal slave configuration (credit: Christopher Hicks)
- Add Ubuntu 18.04, Debian 8-9 and Arch Linux to list of supported distros.
- (GH-52) Move all zone specific configuration options to
bind_zones
(credit: Stuart Knight)
- (GH-50) Add support for multiple zones (credit: Stuart Knight). This is a breaking change, as it changes the syntax for specifying zones.
- Allow out-of-zone name server records
- Allow multi-line
ansible_managed
comment (credit: Fazle Arefin) - Fix the atrocious implementation of (GH-35)
- Updated documentation for specifying hosts with multiple IP addresses
- Create serial as UTC UNIX time (credit: David J. Haines)
- Fix bugs, linter and deprecation warnings
- (GH-35) Role variable
bind_check_names
, which adds support for check-names (e.g.check-names master ignore;
) - (GH-36) Role variable
bind_allow_recursion
, which adds support for allow-recursion (credit: Loic Dachary) - (GH-39) Role variable
bind_zone_delegate
, which adds support for zone delegation / NS records (credit: Loic Dachary) - (GH-40) Role variables
bind_dnssec_enable
andbind_dnssec_validation
, which makes DNSSEC validation configurable (credit: Guillaume Darmont).
- (GH-38) Only append domain to MX if it does not end with a dot (credit: Loic Dachary)
This release adds support for multiple TXT entries and fixes some bugs.
- (GH-31) Support for multiple TXT entries for the same name (credit: Rafael Bodill)
- (GH-31) Fixed ipv6 reverse zone hash calculation for complete idempotency (credit: Stuart Knight)
- (GH-32, GH-33) Fix for bug where CNAMEs and Multi-IP entries weren't working (credit: Greg Cockburn)
- (GH-29) Zone files are fully idempotent, so are only changed when actual content changes (credit: @Stuart Knight)
- (GH-10) Implement reverse IPv6 lookups
- (GH-28) Add option
bind_forwarders
andbind_forward_only
, which allows BIND to be set up as a caching name server.
- Fixed a bug with generating the reverse zone names.
- (GH-25) Allow slave log file to be set with variable
bind_log
instead of a hard coded value (credit @kartone). - The alignment of columns in the reverse zone file are improved
- (GH-22, 23) Documentation improvements
- (GH-27) Allow dynamic updates (credit: @bverschueren)
- The custom filter plugins were removed. The functionality has since been added to Ansible's built-in filter plugins. This does require
python-netaddr
to be installed on the management node.
- The call to
named-checkconf
was fixed. It had the full path to the binary, which is not the same on all distributions. (GH-20, credit @peterjanes)
- The check for master/slave server is improved (GH-19, credit @josetaas)
- Introduced role variable
bind_log
, the path to the log file. - Introduced role variable
bind_zone_also_notify
, a list of servers that will receive a notification when the master zone file is reloaded (GH-18, credit: Joanna Delaporte) - Reverse zone files now handle the case with only a single host (GH-18, credit: Joanna Delaporte)
- (GH-16) Support for service record (SRV) lookups
- Support for text record (TXT) lookups
- Fixed Ansible 2.0 deprecation warnings
- Generating a serial is no longer considered a change
- Ensured that all role variables have a default value, e.g. empty list instead of undefined. This simplifies template logic (no
if defined
tests), and is considered deprecated in playbooks within a with_ loop.
- The
version:
field inmeta/main.yml
. This an unofficial field that is used by a third-party tool for managing role dependencies (librarian-ansible). Custom meta fields are no longer accepted in Ansible 2.0. See ansible/ansible#13496 for more info. Unfortunately, this will break support for librarian-ansible. As a workaround, until this issue is resolved upstream, use version 3.3.0 of this role.
- Added role variable
bind_other_name_servers
for adding NS records for DNS servers outside of the domain. (GH-12) - Re-added
bind_recursion
, as it is needed in some cases. (GH-14)
- The domain name can now also point to an IP address, enabling e.g. "http://example.com/" (GH-11)
- Add support for multiple IP addresses per host (GH-9)
- Allow setting
rrset-order
(for DNS round robin) - Add support for (multiple) IPv6 (AAAA) records (GH-2). For now, only forward lookups are supported.
- Test code is put into a separate branch. This means that test code is no longer included when installing the role from Ansible Galaxy.
- Add support for zone transfers (GH-8)
- Check whether
bind_zone_master_server_ip
was set (GH-7)
- Role variable
bind_recursion
was removed. This role is explicitly only suitable for an authoritative DNS server, and in this case, recursion should be off.
- You can now set up a master and slave DNS server.
- The variable
bind_zone_master_server_ip
was added. This is a required variable, which makes this release not backwards compatible. - Automated acceptance tests for the test playbook
- Added EL6 to supported platforms. Thanks to @rilindo for verifying this.
- Recursion is turned off by default, which fits an authoritative name server. This change is not backwards compatible, as the behaviour of BIND is different from before when you do not set the variable
bind_recursion
explicitly.
- Firewall settings. This should not be a concern of this role. Configuring the firewall is functionality offered by other roles (e.g. bertvv.bind)
First release!
- Functionality for master DNS server
- Multiple reverse lookup zones