dns/application: Added configuration for session-key

4 years ago · be6303576a
parent 49d53d0213
commit be6303576a
2 changed files with 7 additions and 0 deletions
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -36,6 +36,9 @@ global_credentials_directory: "credentials"
 global_public_key_directory: "public_keys"

 global_dns_list_directory: "{{ global_public_key_directory }}/dns"
+global_dns_session_key_name: "local-ddns"
+global_dns_session_key_path: "/var/run/named/session.key"
+global_dns_session_key_algorithm: "{{ global_dns_update_key_algorithm }}"
 global_dns_update_key_algorithm: "ED25519"

 global_ssh_key_directory: "{{ global_public_key_directory }}/ssh"
--- a/roles/dns/application/templates/named.conf.options
+++ b/roles/dns/application/templates/named.conf.options
@ -3,6 +3,10 @@ options {
    directory "/var/cache/bind";
    // configure dnssec
    dnssec-validation yes;
+    // session update key
+    session-keyfile "{{ global_dns_session_key_path }}";
+    session-keyname "{{ global_dns_session_key_name }}";
+    session-keyalg "{{ global_dns_session_key_algorithm }}";
    // etc
    auth-nxdomain no;
    listen-on-v6 { any; };