community.general.nsupdate module – Manage DNS records.

Note

This module is part of the community.general collection (version 4.8.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.nsupdate.

Synopsis

  • Create, update and remove DNS records using DDNS updates

Requirements

The below requirements are needed on the host that executes this module.

  • dnspython

Parameters

Parameter

Comments

key_algorithm

string

Specify key algorithm used by key_secret.

Choices:

  • HMAC-MD5.SIG-ALG.REG.INT

  • hmac-md5 ← (default)

  • hmac-sha1

  • hmac-sha224

  • hmac-sha256

  • hmac-sha384

  • hmac-sha512

key_name

string

Use TSIG key name to authenticate against DNS server

key_secret

string

Use TSIG key secret, associated with key_name, to authenticate against server

port

integer

Use this TCP port when connecting to server.

Default: 53

protocol

string

Sets the transport protocol (TCP or UDP). TCP is the recommended and a more robust option.

Choices:

  • tcp ← (default)

  • udp

record

string / required

Sets the DNS record to modify. When zone is omitted this has to be absolute (ending with a dot).

server

string / required

Apply DNS modification on this server, specified by IPv4 or IPv6 address.

state

string

Manage DNS record.

Choices:

  • present ← (default)

  • absent

ttl

integer

Sets the record TTL.

Default: 3600

type

string

Sets the record type.

Default: “A”

value

list / elements=string

Sets the record value.

zone

string

DNS record will be modified on this zone.

When omitted DNS will be queried to attempt finding the correct zone.

Starting with Ansible 2.7 this parameter is optional.

Examples

- name: Add or modify ansible.example.org A to 192.168.1.1"
  community.general.nsupdate:
    key_name: "nsupdate"
    key_secret: "+bFQtBCta7j2vWkjPkAFtgA=="
    server: "10.1.1.1"
    zone: "example.org"
    record: "ansible"
    value: "192.168.1.1"

- name: Add or modify ansible.example.org A to 192.168.1.1, 192.168.1.2 and 192.168.1.3"
  community.general.nsupdate:
    key_name: "nsupdate"
    key_secret: "+bFQtBCta7j2vWkjPkAFtgA=="
    server: "10.1.1.1"
    zone: "example.org"
    record: "ansible"
    value: ["192.168.1.1", "192.168.1.2", "192.168.1.3"]

- name: Remove puppet.example.org CNAME
  community.general.nsupdate:
    key_name: "nsupdate"
    key_secret: "+bFQtBCta7j2vWkjPkAFtgA=="
    server: "10.1.1.1"
    zone: "example.org"
    record: "puppet"
    type: "CNAME"
    state: absent

- name: Add 1.1.168.192.in-addr.arpa. PTR for ansible.example.org
  community.general.nsupdate:
    key_name: "nsupdate"
    key_secret: "+bFQtBCta7j2vWkjPkAFtgA=="
    server: "10.1.1.1"
    record: "1.1.168.192.in-addr.arpa."
    type: "PTR"
    value: "ansible.example.org."
    state: present

- name: Remove 1.1.168.192.in-addr.arpa. PTR
  community.general.nsupdate:
    key_name: "nsupdate"
    key_secret: "+bFQtBCta7j2vWkjPkAFtgA=="
    server: "10.1.1.1"
    record: "1.1.168.192.in-addr.arpa."
    type: "PTR"
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

string

If module has modified record

Returned: success

dns_rc

integer

dnspython return code

Returned: always

Sample: 4

dns_rc_str

string

dnspython return code (string representation)

Returned: always

Sample: “REFUSED”

record

string

DNS record

Returned: success

Sample: “ansible”

ttl

integer

DNS record TTL

Returned: success

Sample: 86400

type

string

DNS record type

Returned: success

Sample: “CNAME”

value

list / elements=string

DNS record value(s)

Returned: success

Sample: “192.168.1.1”

zone

string

DNS record zone

Returned: success

Sample: “example.org.”

Authors

  • Loic Blot (@nerzhul)