migrate reverse dns zones to new auth-dns server

improve knot roles reloading behavior
With this change, the nameserver is not restarted on configuration updates but only reloaded instead.
2026-05-06 14:33:04 +02:00 · 2026-05-06 14:33:04 +02:00
9 changed files with 33 additions and 16 deletions
--- a/inventories/chaosknoten/host_vars/auth-dns.yaml
+++ b/inventories/chaosknoten/host_vars/auth-dns.yaml
@ -38,3 +38,26 @@ knot__zones:
    notify_targets: [ "ns-intern.hamburg.ccc.de" ]
    content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone') }}"
  - domain: "3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa."
    notify_targets: [ "ns-intern.hamburg.ccc.de" ]
    content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
  - domain: "2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa."
    notify_targets: [ "ns-intern.hamburg.ccc.de" ]
    content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
  - domain: "3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa."
    notify_targets: [ "ns-intern.hamburg.ccc.de" ]
    content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
  - domain: "4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa."
    notify_targets: [ "ns-intern.hamburg.ccc.de" ]
    content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
  - domain: "5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa."
    notify_targets: [ "ns-intern.hamburg.ccc.de" ]
    content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
  - domain: "6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa."
    notify_targets: [ "ns-intern.hamburg.ccc.de" ]
    content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}"
--- a/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone
+++ b/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone
@ -1,6 +1,6 @@
 $TTL 7200
-@               IN      SOA     ns-intern.hamburg.ccc.de. haegar.ccc.de. (
+@               IN      SOA     auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
 		2025020101
 		10800
 		3600
--- a/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone
+++ b/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone
@ -1,6 +1,6 @@
 $TTL 7200
-@               IN      SOA     ns.hamburg.ccc.de. haegar.ccc.de. (
+@               IN      SOA     auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
                2023073001
                10800
                3600
--- a/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone
+++ b/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone
@ -1,6 +1,6 @@
 $TTL 7200
-@               IN      SOA     ns.hamburg.ccc.de. haegar.ccc.de. (
+@               IN      SOA     auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
                2025020102
                10800
                3600
--- a/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone
+++ b/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone
@ -1,6 +1,6 @@
 $TTL 7200
-@               IN      SOA     ns.hamburg.ccc.de. haegar.ccc.de. (
+@               IN      SOA     auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
                2023072900
                10800
                3600
--- a/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone
+++ b/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone
@ -1,6 +1,6 @@
 $TTL 7200
-@               IN      SOA     ns.hamburg.ccc.de. haegar.ccc.de. (
+@               IN      SOA     auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
                2023072900
                10800
                3600
--- a/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone
+++ b/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone
@ -1,6 +1,6 @@
 $TTL 7200
-@               IN      SOA     ns.hamburg.ccc.de. haegar.ccc.de. (
+@               IN      SOA     auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
                2023072900
                10800
                3600
--- a/roles/knot/handlers/main.yaml
+++ b/roles/knot/handlers/main.yaml
@ -1,16 +1,10 @@
 ---
- name: restart knot
+- name: reload knot
  tags: [ auth-dns ]
  become: true
  ansible.builtin.systemd:
    name: knot.service
-    state: restarted
+    state: reloaded
 - name: reload knot zones
  tags: [ auth-dns ]
  become: true
  changed_when: true
  ansible.builtin.command: "knotc zone-reload"
 - name: netplan apply
  tags: [ auth-dns ]
--- a/roles/knot/tasks/02-configure.yaml
+++ b/roles/knot/tasks/02-configure.yaml
@ -13,7 +13,7 @@
 - name: Deploy knot configuration file
  tags: [ auth-dns ]
  become: true
-  notify: restart knot
+  notify: reload knot
  ansible.builtin.template:
    src: knot.conf.j2
    dest: /etc/knot/knot.conf
@ -24,7 +24,7 @@
 - name: Deploy configured zones
  tags: [ auth-dns ]
  become: true
-  notify: reload knot zones
+  notify: reload knot
  loop: "{{ knot__zones }}"
  loop_control:
    label: "{{ item.domain }}"
Author	SHA1	Message	Date
lilly	021843b5ce	migrate reverse dns zones to new auth-dns server All checks were successful / Ansible Lint (push) Successful in 2m36s Details	2026-05-06 14:33:04 +02:00
lilly	5283d2da95	improve knot roles reloading behavior With this change, the nameserver is not restarted on configuration updates but only reloaded instead.	2026-05-06 14:33:04 +02:00