I’ve been managing my DNS zones with Ansible for a while now and thought I’d share my setup. It’s built around deSEC as the DNS provider and uses their REST API directly.
What it does:
- Generates normalized zone files from a simple YAML config
- Applies changes directly to deSEC API with full prune support
- Separates defaults from zone-specific records
- Keeps everything in Git with clear diffs
Key features:
- Single source of truth in
vars/zones.yml - Automatic merging with defaults from
vars/dns_defaults.yml - Provider-managed records (NS/SOA) are ignored automatically
- Workflow:
make generate→ review diff →make apply
Stack:
- Ansible with native
urimodule - deSEC API (REST)
If you’re looking for a Git-driven DNS workflow with deSEC, this might be a good starting point. Happy to answer questions!