diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 6943a26..be590ac 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -36,6 +36,9 @@ global_credentials_directory: "credentials" global_public_key_directory: "public_keys" global_dns_list_directory: "{{ global_public_key_directory }}/dns" +global_dns_session_key_name: "local-ddns" +global_dns_session_key_path: "/var/run/named/session.key" +global_dns_session_key_algorithm: "{{ global_dns_update_key_algorithm }}" global_dns_update_key_algorithm: "ED25519" global_ssh_key_directory: "{{ global_public_key_directory }}/ssh" diff --git a/roles/dns/application/templates/named.conf.options b/roles/dns/application/templates/named.conf.options index b6e0c49..de65576 100644 --- a/roles/dns/application/templates/named.conf.options +++ b/roles/dns/application/templates/named.conf.options @@ -3,6 +3,10 @@ options { directory "/var/cache/bind"; // configure dnssec dnssec-validation yes; + // session update key + session-keyfile "{{ global_dns_session_key_path }}"; + session-keyname "{{ global_dns_session_key_name }}"; + session-keyalg "{{ global_dns_session_key_algorithm }}"; // etc auth-nxdomain no; listen-on-v6 { any; };