Tip

Check out the repository on GitHub

Report missing/incorrect information or broken links

DNS - Unbound - DNS-over-TLS

STATE: stable

TESTS: Playbook

API Docs: Core - Unbound

Service Docs: Unbound

Definition

Definition

Parameter	Type	Required	Default	Aliases	Comment
domain	string	false	-	dom, d	Provide a domain to limit the DNS-over-TLS to or leave empty to act as a catch-all
target	string	true	-	server, srv, tgt	DNS target server
port	string	false	53	p	DNS port of the target server
verify	string	false	-	common_name, cn, hostname	Verify if CN in certificate matches this value, if not set - certificate verification will not be performed! Must be a valid IP-Address or hostname.
reload	boolean	false	true	-	If the running config should be reloaded on change - this may take some time. For mass-managing items you might want to reload it ‘manually’ after all changes are done => using the ansibleguy.opnsense.reload module.

For basic parameters see: Basic

Info

This module manages DNS-over-TLS configuration that can be found in the WEB-UI menu: ‘Services - Unbound DNS - DNS over TLS’

Mass-Manage

If you are mass-managing DNS records or using DNS-Blocklists - you might want to disable reload: false on single module-calls!

This takes a long time, as the service gets reloaded every time!

You might want to reload it ‘manually’ after all changes are done => using the ansibleguy.opnsense.reload module

Warning

Unbound service actions like reload can take long. Please be aware of the possible downtime!

You may also need to increase the module timeout.

Examples

- hosts: localhost
  gather_facts: no
  module_defaults:
    group/ansibleguy.opnsense.all:
      firewall: 'opnsense.template.ansibleguy.net'
      api_credential_file: '/home/guy/.secret/opn.key'

    ansibleguy.opnsense.list:
      target: 'unbound_dot'

  tasks:
    - name: Example
      ansibleguy.opnsense.unbound_dot:
        target: '1.1.1.1'
        # domain: ''
        # port: 53
        # verify: ''
        # state: 'present'
        # reload: true
        # enabled: true
        # debug: false

    - name: Adding
      ansibleguy.opnsense.unbound_dot:
        domain: 'dot.template.ansibleguy.net'
        target: '1.1.1.1'
        verify: 'dot.template.ansibleguy.net'

    - name: Listing
      ansibleguy.opnsense.list:
      #  target: 'unbound_dot'
      register: existing_entries

    - name: Printing DNS-over-TLS entries
      ansible.builtin.debug:
        var: existing_entries.data