From 5283d2da951629c6213e6acc9dcba7e986dc451a Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 14:14:17 +0200 Subject: [PATCH 1/2] improve knot roles reloading behavior With this change, the nameserver is not restarted on configuration updates but only reloaded instead. --- roles/knot/handlers/main.yaml | 10 ++-------- roles/knot/tasks/02-configure.yaml | 4 ++-- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/roles/knot/handlers/main.yaml b/roles/knot/handlers/main.yaml index 11944a0..f89fedd 100644 --- a/roles/knot/handlers/main.yaml +++ b/roles/knot/handlers/main.yaml @@ -1,16 +1,10 @@ --- -- name: restart knot +- name: reload knot tags: [ auth-dns ] become: true ansible.builtin.systemd: name: knot.service - state: restarted - -- name: reload knot zones - tags: [ auth-dns ] - become: true - changed_when: true - ansible.builtin.command: "knotc zone-reload" + state: reloaded - name: netplan apply tags: [ auth-dns ] diff --git a/roles/knot/tasks/02-configure.yaml b/roles/knot/tasks/02-configure.yaml index 12b5732..2b0b0fa 100644 --- a/roles/knot/tasks/02-configure.yaml +++ b/roles/knot/tasks/02-configure.yaml @@ -13,7 +13,7 @@ - name: Deploy knot configuration file tags: [ auth-dns ] become: true - notify: restart knot + notify: reload knot ansible.builtin.template: src: knot.conf.j2 dest: /etc/knot/knot.conf @@ -24,7 +24,7 @@ - name: Deploy configured zones tags: [ auth-dns ] become: true - notify: reload knot zones + notify: reload knot loop: "{{ knot__zones }}" loop_control: label: "{{ item.domain }}" From 021843b5cebcdd46409c8cc3e6ca1fcff242d338 Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 14:14:17 +0200 Subject: [PATCH 2/2] migrate reverse dns zones to new auth-dns server --- .../chaosknoten/host_vars/auth-dns.yaml | 23 +++++++++++++++++++ .../zones/17.31.172.in-addr.arpa.zone | 2 +- ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- ....0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- 7 files changed, 29 insertions(+), 6 deletions(-) diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index 007ff0e..2fa8f91 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -38,3 +38,26 @@ knot__zones: notify_targets: [ "ns-intern.hamburg.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone') }}" + - domain: "3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" + + - domain: "2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" + + - domain: "3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" + + - domain: "4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" + + - domain: "5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" + + - domain: "6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" diff --git a/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone index ea2c1ce..dd13af3 100644 --- a/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns-intern.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2025020101 10800 3600 diff --git a/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index 205bda5..d7e02c3 100644 --- a/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2023073001 10800 3600 diff --git a/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone index 240d783..59fc28f 100644 --- a/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2025020102 10800 3600 diff --git a/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index 3b3921c..a14e026 100644 --- a/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2023072900 10800 3600 diff --git a/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index 4bba9bc..1a8fb86 100644 --- a/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2023072900 10800 3600 diff --git a/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index 8eeaf64..d46cc3c 100644 --- a/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2023072900 10800 3600