ansible/playbooks/knotd.yml

#!/usr/bin/env ansible-playbook
---
- hosts: ns-master.int.infra.auro.re
  roles:
    - knotd

- hosts:
    - ns-1.auro.re
    - ns-2.auro.re
  vars:
    knotd__listen:
      - address: 0.0.0.0
      - address: "::"
    knotd__keys:
      xfr:
        algorithm: hmac-sha512
        secret: "{{ vault_knotd_xfr_key }}"
    knotd__remotes:
      xfr-master:
        address: 10.128.0.110
        key: xfr
    knotd__acl:
      notify-master:
        address:
          - 10.128.0.110
          - 2a09:6840:128::110
        key: xfr
        action: notify
    knotd__queryacl:
      local:
        addresses:
          - 10.0.0.0/8
    knotd__zones:
      auro.re:
        dnssec_validation: true
        acl:
          - notify-master
        master: xfr-master
      infra.auro.re:
        dnssec_validation: true
        acl:
          - notify-master
        #queryacl: local
        master: xfr-master
      108.66.45.in-addr.arpa:
        dnssec_validation: false
        acl:
          - notify-master
        master: xfr-master
      109.66.45.in-addr.arpa:
        dnssec_validation: false
        acl:
          - notify-master
        master: xfr-master
      110.66.45.in-addr.arpa:
        dnssec_validation: false
        acl:
          - notify-master
        master: xfr-master
      111.66.45.in-addr.arpa:
        dnssec_validation: false
        acl:
          - notify-master
        master: xfr-master
      0.4.8.6.9.0.a.2.ip6.arpa:
        dnssec_validation: false
        acl:
          - notify-master
        master: xfr-master
  roles:
    - knotd
...