Try SpotterManage DNS profiles on a BIG-IP
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Tim Rupp (@caphrim007)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Manage DNS profiles on a BIG-IP. There are many DNS profiles options, each with their own adjustments to the standard C(dns) profile. Users of this module should be aware that many of the configurable options have no module default. Instead, the default is assigned by the BIG-IP system itself which, in most cases, is acceptable.
- name: Create a DNS profile
bigip_profile_dns:
name: foo
enable_dns_express: false
enable_dnssec: false
enable_gtm: false
process_recursion_desired: false
use_local_bind: false
enable_dns_firewall: true
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
name:
description:
- Specifies the name of the DNS profile.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- When C(present), ensures the profile exists.
- When C(absent), ensures the profile is removed.
type: str
parent:
description:
- Specifies the profile from which this profile inherits settings.
- When creating a new profile, if this parameter is not specified, the default is
the system-supplied C(dns) profile.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
partition:
default: Common
description:
- Device partition to manage resources on.
type: str
cache_name:
description:
- Specifies the user-created cache the system uses to cache DNS responses.
- When you select a cache for the system to use, you must also set C(enable_dns_cache)
to C(true)
type: str
enable_gtm:
description:
- Specifies whether the system uses Global Traffic Manager (now BIG-IP DNS) to manage
the response.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
type: bool
enable_cache:
description:
- Specifies whether the system caches DNS responses.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
- When C(true), the BIG-IP system caches DNS responses handled by the virtual servers
associated with this profile. When you enable this setting, you must also specify
a value for C(cache_name).
- When C(false), the BIG-IP system does not cache DNS responses handled by the virtual
servers associated with this profile. However, the profile retains the association
with the DNS cache in the C(cache_name) parameter. Disable this setting when you
want to debug the system.
type: bool
enable_dnssec:
description:
- Specifies whether the system signs responses with DNSSEC keys and replies to DNSSEC
specific queries (for example, DNSKEY query type).
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
type: bool
use_local_bind:
description:
- Specifies whether the system forwards non-wide IP queries to the local BIND server
on the BIG-IP system.
- For best performance, disable this setting when using a DNS cache.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
type: bool
enable_dns_express:
description:
- Specifies whether the DNS Express engine is enabled.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
- The DNS Express engine receives zone transfers from the authoritative DNS server
for the zone. If the C(enable_zone_transfer) setting is also C(true) on this profile,
the DNS Express engine also responds to zone transfer requests made by the nameservers
configured as zone transfer clients for the DNS Express zone.
type: bool
enable_dns_firewall:
description:
- Specifies whether the DNS firewall is enabled.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
type: bool
enable_zone_transfer:
description:
- Specifies whether the system answers zone transfer requests for a DNS zone created
on the system.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
- The C(enable_dns_express) and C(enable_zone_transfer) settings on a DNS profile
affect how the system responds to zone transfer requests.
- When the C(enable_dns_express) and C(enable_zone_transfer) settings are both C(true),
if a zone transfer request matches a DNS Express zone, DNS Express answers the request.
- When the C(enable_dns_express) setting is C(no) and the C(enable_zone_transfer)
setting is C(true), the BIG-IP system processes zone transfer requests based on
the last action and answers the request from local BIND or a pool member.
type: bool
unhandled_query_action:
choices:
- allow
- drop
- reject
- hint
- no-error
description:
- Specifies the action to take when a query does not match a Wide IP or a DNS Express
Zone.
- When C(allow), the BIG-IP system forwards queries to a DNS server or pool member.
If a pool is not associated with a listener and the Use BIND Server on BIG-IP setting
is set to Enabled, requests are forwarded to the local BIND server.
- When C(drop), the BIG-IP system does not respond to the query.
- When C(reject), the BIG-IP system returns the query with the REFUSED return code.
- When C(hint), the BIG-IP system returns the query with a list of root name servers.
- When C(no-error), the BIG-IP system returns the query with the NOERROR return code.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
type: str
process_recursion_desired:
description:
- Specifies whether to process client-side DNS packets with Recursion Desired set
in the header.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
- If set to C(false), processing of the packet is subject to the unhandled-query-action
option.
type: bool
cache_name:
description: Name of the cache used by DNS.
returned: changed
sample: /Common/cache1
type: str
enable_cache:
description: Whether DNS caching is enabled or not.
returned: changed
sample: false
type: bool
enable_dns_express:
description: Whether DNS Express is enabled on the resource or not.
returned: changed
sample: true
type: bool
enable_dns_firewall:
description: Whether DNS firewall capability is enabled or not.
returned: changed
sample: false
type: bool
enable_dnssec:
description: Whether DNSSEC is enabled on the resource or not.
returned: changed
sample: false
type: bool
enable_gtm:
description: Whether GTM is used to manage the resource or not.
returned: changed
sample: true
type: bool
enable_zone_transfer:
description: Whether zone transfer are enabled on the resource or not.
returned: changed
sample: false
type: bool
process_recursion_desired:
description: Whether client-side DNS packets are processed with Recursion Desired
set.
returned: changed
sample: true
type: bool
unhandled_query_action:
description: What to do with unhandled queries
returned: changed
sample: allow
type: str
use_local_bind:
description: Whether non-wide IP queries are forwarded to the local BIND server
or not.
returned: changed
sample: false
type: bool