Merge pull request #235 from rjeffman/dnsrecord

New dnsrecord management module.

Merge pull request #235 from rjeffman/dnsrecord
5a290565 · Thomas Woerner · GitHub · 40048c78 · 0abfe8ab · 5a290565
Unverified Commit 5a290565 authored Jun 11, 2020 by Thomas Woerner Committed by GitHub Jun 11, 2020
--- a/README-dnsrecord.md
+++ b/README-dnsrecord.md
+DNSRecord module
+================
+
+Description
+-----------
+
+The dnsrecord module allows management of DNS records and is as compatible as possible with the Ansible upstream `ipa_dnsrecord` module, but provide some other features like multiple record management in one execution and support for more DNS record types.
+
+
+Features
+--------
+* DNS record management.
+
+
+Supported FreeIPA Versions
+--------------------------
+
+FreeIPA versions 4.4.0 and up are supported by the ipadnsrecord module.
+
+
+Requirements
+------------
+
+**Controller**
+* Ansible version: 2.8+
+
+**Node**
+* Supported FreeIPA version (see above)
+
+
+Usage
+=====
+
+Example inventory file
+
+```ini
+[ipaserver]
+ipaserver.example.com
+```
+
+Example playbook to ensure an AAAA record is present:
+
+```yaml
+---
+- ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    name: host01
+    zone_name: example.com
+    record_type: 'AAAA'
+    record_value: '::1'
+```
+
+Example playbook to ensure an AAAA record is present, with a TTL of 300:
+
+```yaml
+---
+- ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    name: host01
+    zone_name: example.com
+    record_type: 'AAAA'
+    record_value: '::1'
+    record_ttl: 300
+```
+
+Example playbook to ensure an AAAA record is present, with a reverse PTR record:
+```yaml
+---
+- ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    name: host02
+    zone_name: example.com
+    record_type: 'AAAA'
+    record_value: 'fd00::0002'
+    create_reverse: yes
+```
+
+Example playbook to ensure a LOC record is present, given its individual attributes:
+```yaml
+---
+- ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    zone_name: example.com
+    name: host03
+    loc_lat_deg: 52
+    loc_lat_min: 22
+    loc_lat_sec: 23.000
+    loc_lat_dir: N
+    loc_lon_deg: 4
+    loc_lon_min: 53
+    loc_lon_sec: 32.00
+    loc_lon_dir: E
+    loc_altitude: -2.00
+    loc_size: 1.00
+    loc_h_precision: 10000
+    loc_v_precision: 10
+```
+
+Example playbook to ensure multiple DNS records are present:
+
+```yaml
+---
+ipadnsrecord:
+  ipaadmin_password: SomeADMINpassword
+  records:
+    - name: host02
+      zone_name: example.com
+      record_type: A
+      record_value:
+        - "{{ ipv4_prefix }}.112"
+        - "{{ ipv4_prefix }}.122"
+    - name: host02
+      zone_name: example.com
+      record_type: AAAA
+      record_value: ::1
+```
+
+Example playbook to ensure multiple CNAME records are present:
+
+```yaml
+---
+- name: Ensure that 'host03' and 'host04' have CNAME records.
+  ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    zone_name: example.com
+    records:
+    - name: host03
+      cname_hostname: host03.example.com
+    - name: host04
+      cname_hostname: host04.example.com
+```
+
+Example playbook to ensure NS record is absent:
+
+```yaml
+---
+- ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    zone_name: example.com
+    name: host04
+    ns_hostname: host04
+    state: absent
+```
+
+Example playbook to ensure LOC record is present, with fields:
+
+```yaml
+---
+- ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    zone_name: example.com
+    name: host04
+    loc_lat_deg: 52
+    loc_lat_min: 22
+    loc_lat_sec: 23.000
+    loc_lat_dir: N
+    loc_lon_deg: 4
+    loc_lon_min: 53
+    loc_lon_sec: 32.000
+    loc_lon_dir: E
+    loc_altitude: -2.00
+    loc_size: 0.00
+    loc_h_precision: 10000
+    loc_v_precision: 10
+```
+
+Change value of an existing LOC record:
+
+```yaml
+---
+- ipadnsrecord:
+  ipaadmin_password: SomeADMINpassword
+  zone_name: example.com
+  name: host04
+  loc_size: 1.00
+  loc_rec: 52 22 23 N 4 53 32 E -2 0 10000 10
+```
+
+Example playbook to ensure multiple A records are present:
+
+```yaml
+- ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    zone_name: example.com
+    name: host04
+    a_rec:
+      - 192.168.122.221
+      - 192.168.122.222
+      - 192.168.122.223
+      - 192.168.122.224
+```
+
+Example playbook to ensure A and AAAA records are present, with reverse records (PTR):
+```yaml
+- ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    zone_name: example.com
+    name: host01
+    a_rec:
+      - 192.168.122.221
+      - 192.168.122.222
+    aaaa_rec:
+      - fd00:;0001
+      - fd00::0002
+    create_reverse: yes
+```
+
+Example playbook to ensure multiple A and AAAA records are present, but only A records have reverse records:
+```yaml
+- ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    zone_name: example.com
+    name: host01
+    a_ip_address: 192.168.122.221
+    aaaa_ip_address: fd00::0001
+    a_create_reverse: yes
+```
+
+Example playbook to ensure multiple DNS records are absent:
+
+```yaml
+---
+- ipadnsrecord:
+    ipaadmin_password: SomeADMINpassword
+    zone_name: example.com
+    records:
+    - name: host01
+      del_all: yes
+    - name: host02
+      del_all: yes
+    - name: host03
+      del_all: yes
+    - name: host04
+      del_all: yes
+    - name: _ftp._tcp
+      del_all: yes
+    - name: _sip._udp
+      del_all: yes
+    state: absent
+```
+
+Variables
+=========
+
+ipadnsrecord
+------------
+
+Variable | Description | Required
+-------- | ----------- | --------
+`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
+`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
+`zone_name` \| `dnszone` | The DNS zone name to which DNS record needs to be managed. You can use one global zone name for multiple records. | no
+  required: true
+`records` | The list of dns records dicts. Each `records` dict entry can contain **record variables**. | no
+&nbsp; | **Record variables** | no
+**Record variables** | Used when defining a single record. | no
+`state` | The state to ensure. It can be one of `present` or `absent`, and defaults to `present`. | yes
+
+
+**Record Variables:**
+
+Variable | Description | Required
+-------- | ----------- | --------
+`zone_name` \| `dnszone` | The DNS zone name to which DNS record needs to be managed. You can use one global zone name for multiple records. When used on a `records` dict, overrides the global `zone_name`. | yes
+`name` \| `record_name` | The DNS record name to manage. | yes
+`record_type` | The type of DNS record. Supported values are  `A`, `AAAA`, `A6`, `AFSDB`, `CERT`, `CNAME`, `DLV`, `DNAME`, `DS`, `KX`, `LOC`, `MX`, `NAPTR`, `NS`, `PTR`, `SRV`, `SSHFP`, `TLSA`, `TXT`, `URI`, and defaults to `A`. | no
+`record_value` | Manage DNS record name with this values. | no
+`record_ttl` | Set the TTL for the record. (int) | no
+`del_all` | Delete all associated records. (bool) | no
+`a_rec` \| `a_record` | Raw A record. | no
+`aaaa_rec` \| `aaaa_record` |  Raw AAAA record. | no
+`a6_rec` \| `a6_record` | Raw A6 record data. | no
+`afsdb_rec` \| `afsdb_record` | Raw AFSDB record. | no
+`cert_rec` \| `cert_record` | Raw CERT record. | no
+`cname_rec` \| `cname_record` | Raw CNAME record. | no
+`dlv_rec` \| `dlv_record` |  Raw DLV record. | no
+`dname_rec` \| `dname_record` | Raw DNAM record. | no
+`ds_rec` \| `ds_record` | Raw DS record. | no
+`kx_rec` \| `kx_record` |  Raw KX record. | no
+`loc_rec` \| `loc_record` | Raw LOC record. | no
+`mx_rec` \| `mx_record` | Raw MX record. | no
+`naptr_rec` \| `naptr_record` | Raw NAPTR record. | no
+`ns_rec` \| `ns_record` | Raw NS record. | no
+`ptr_rec` \| `ptr_record` | Raw PTR record. | no
+`srv_rec` \| `srv_record` | Raw SRV record. | no
+`sshfp_rec` \| `sshfp_record` | Raw SSHFP record. | no
+`tlsa_rec` \| `tlsa_record` | Raw TLSA record. | no
+`txt_rec` \| `txt_record` | Raw TXT record. | no
+`uri_rec` \| `uri_record` | Raw URI record. | no
+`ip_address` | IP adress for A or AAAA records. Set `record_type` to `A` or `AAAA`. | no
+`create_reverse` \| `reverse` | Create reverse records for `A` and `AAAA` record types. There is no equivalent to remove reverse records. (bool) | no
+`a_ip_address` | IP adress for A records. Set `record_type` to `A`. | no
+`a_create_reverse` | Create reverse records only for `A` records. There is no equivalent to remove reverse records. (bool) | no
+`aaaa_ip_address` | IP adress for AAAA records. Set `record_type` `AAAA`. | no
+`aaaa_create_reverse` | Create reverse records only for `AAAA` record types. There is no equivalent to remove reverse records. (bool) | no
+`a6_data` | A6 record. Set `record_type` to `A6`. | no
+`afsdb_subtype` | AFSDB Subtype. Set `record_type` to `AFSDB`. (int) | no
+`afsdb_hostname` | AFSDB Hostname. Set `record_type` to `AFSDB`. | no
+`cert_type` | CERT Certificate Type. Set `record_type` to `CERT`. (int) | no
+`cert_key_tag` | CERT Key Tag. Set `record_type` to `CERT`. (int) | no
+`cert_algorithm` | CERT Algorithm. Set `record_type` to `CERT`. (int) | no
+`cert_certificate_or_crl` | CERT Certificate or  Certificate Revocation List (CRL). Set `record_type` to `CERT`. | no
+`cname_hostname` | A hostname which this alias hostname points to. Set `record_type` to `CNAME`. | no
+`dlv_key_tag` | DS Key Tag. Set `record_type` to `DLV`. (int) | no
+`dlv_algorithm` | DLV Algorithm. Set `record_type` to `DLV`. (int) | no
+`dlv_digest_type` | DLV Digest Type. Set `record_type` to `DLV`. (int) | no
+`dlv_digest` | DLV Digest. Set `record_type` to `DLV`. | no
+`dname_target` | DNAME Target. Set `record_type` to `DNAME`. | no
+`ds_key_tag` | DS Key Tag. Set `record_type` to `DS`. (int) | no
+`ds_algorithm` | DS Algorithm. Set `record_type` to `DS`. (int) | no
+`ds_digest_type` | DS Digest Type. Set `record_type` to `DS`. (int) | no
+`ds_digest` | DS Digest. Set `record_type` to `DS`. | no
+`kx_preference` | Preference given to this exchanger. Lower values are more preferred. Set `record_type` to `KX`. (int) | no
+`kx_exchanger` | A host willing to act as a key exchanger.  Set `record_type` to `KX`. | no
+`loc_lat_deg` | LOC Degrees Latitude. Set `record_type` to `LOC`. (int) | no
+`loc_lat_min` | LOC Minutes Latitude. Set `record_type` to `LOC`. (int) | no
+`loc_lat_sec` | LOC Seconds Latitude. Set `record_type` to `LOC`. (float) | no
+`loc_lat_dir` | LOC Direction Latitude. Valid values are `N` or `S`. Set `record_type` to `LOC`. (int) | no
+`loc_lon_deg` | LOC Degrees Longitude. Set `record_type` to `LOC`. (int) | no
+`loc_lon_min` | LOC Minutes Longitude. Set `record_type` to `LOC`. (int) | no
+`loc_lon_sec` | LOC Seconds Longitude. Set `record_type` to `LOC`. (float) | no
+`loc_lon_dir` | LOC Direction Longitude. Valid values are `E` or `W`. Set `record_type` to `LOC`. (int) | no
+`loc_altitude` | LOC Altitude. Set `record_type` to `LOC`. (float) | no
+`loc_size` | LOC Size. Set `record_type` to `LOC`. (float) | no
+`loc_h_precision` | LOC Horizontal Precision. Set `record_type` to `LOC`. (float) | no
+`loc_v_precision` | LOC Vertical Precision. Set `record_type` to `LOC`. (float) | no
+`mx_preference` | Preference given to this exchanger. Lower values are more preferred. Set `record_type` to `MX`. (int) | no
+`mx_exchanger` | A host willing to act as a mail exchanger.  Set `record_type` to `LOC`. | no
+`naptr_order` | NAPTR Order. Set `record_type` to `NAPTR`. (int) | no
+`naptr_preference` | NAPTR Preference. Set `record_type` to `NAPTR`. (int) | no
+`naptr_flags` | NAPTR Flags. Set `record_type` to `NAPTR`. | no
+`naptr_service` | NAPTR Service. Set `record_type` to `NAPTR`. | no
+`naptr_regexp` | NAPTR Regular Expression. Set `record_type` to `NAPTR`. | no
+`naptr_replacement` | NAPTR Replacement. Set `record_type` to `NAPTR`. | no
+`ns_hostname` | NS Hostname. Set `record_type` to `NS`. | no
+`ptr_hostname` | The hostname this reverse record points to. . Set `record_type` to `PTR`. | no
+`srv_priority` | Lower number means higher priority. Clients will attempt to contact the server with the lowest-numbered priority they can reach. Set `record_type` to `SRV`. (int) | no
+`srv_weight` | Relative weight for entries with the same priority. Set `record_type` to `SRV`. (int) | no
+`srv_port` | SRV Port. Set `record_type` to `SRV`. (int) | no
+`srv_target` | The domain name of the target host or '.' if the service is decidedly not available at this domain. Set `record_type` to `SRV`. | no
+`sshfp_algorithm` | SSHFP Algorithm. Set `record_type` to `SSHFP`. (int) | no
+`sshfp_fp_type` | SSHFP Fingerprint Type. Set `record_type` to `SSHFP`. (int) | no
+`sshfp_fingerprint`| SSHFP Fingerprint. Set `record_type` to `SSHFP`. (int) | no
+`txt_data` | TXT Text Data. Set `record_type` to `TXT`. | no
+`tlsa_cert_usage` | TLSA Certificate Usage. Set `record_type` to `TLSA`. (int) | no
+`tlsa_selector` | TLSA Selector. Set `record_type` to `TLSA`. (int) | no
+`tlsa_matching_type` | TLSA Matching Type. Set `record_type` to `TLSA`. (int) | no
+`tlsa_cert_association_data` | TLSA Certificate Association Data. Set `record_type` to `TLSA`. | no
+`uri_target` | Target Uniform Resource Identifier according to RFC 3986. Set `record_type` to `URI`. | no
+`uri_priority` | Lower number means higher priority. Clients will attempt to contact the URI with the lowest-numbered priority they can reach. Set `record_type` to `URI`. (int) | no
+`uri_weight` | Relative weight for entries with the same priority. Set `record_type` to `URI`. (int) | no
+
+
+Authors
+=======
+
+Rafael Guterres Jeffman
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ Features
 * One-time-password (OTP) support for client installation
 * Repair mode for clients
 * Modules for dns forwarder management
+* Modules for dns record management
 * Modules for dns zone management
 * Modules for group management
 * Modules for hbacrule management
@@ -411,6 +412,7 @@ Modules in plugin/modules

 * [ipadnsconfig](README-dnsconfig.md)
 * [ipadnsforwardzone](README-dnsforwardzone.md)
+* [ipadnsrecord](README-dnsrecord.md)
 * [ipadnszone](README-dnszone.md)
 * [ipagroup](README-group.md)
 * [ipahbacrule](README-hbacrule.md)

--- a/playbooks/dnsrecord/ensure-A-and-AAAA-records-are-absent.yml
+++ b/playbooks/dnsrecord/ensure-A-and-AAAA-records-are-absent.yml
+---
+- name: Test PTR Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure a PTR record is present
+  - name: Ensure that 'host04' has A and AAAA records.
+    ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      zone_name: ipatest.local
+      records:
+      - name: host04
+        a_ip_address: 192.168.122.104
+      - name: host04
+        aaaa_ip_address: ::1
+      state: absent
--- a/playbooks/dnsrecord/ensure-A-and-AAAA-records-are-present.yml
+++ b/playbooks/dnsrecord/ensure-A-and-AAAA-records-are-present.yml
+---
+- name: Test PTR Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure a PTR record is present
+  - name: Ensure that 'host04' has A and AAAA records.
+    ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      zone_name: ipatest.local
+      records:
+      - name: host04
+        a_ip_address: 192.168.122.104
+      - name: host04
+        aaaa_ip_address: ::1
--- a/playbooks/dnsrecord/ensure-CNAME-record-is-absent.yml
+++ b/playbooks/dnsrecord/ensure-CNAME-record-is-absent.yml
+---
+- name: Test CNAME Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure that 'host04' has CNAME, with cname_hostname
+  - ipadnsrecord:
+      zone_name: example.com
+      name: host04
+      cname_hostname: host04.example.com
+      state: absent
--- a/playbooks/dnsrecord/ensure-CNAME-record-is-present.yml
+++ b/playbooks/dnsrecord/ensure-CNAME-record-is-present.yml
+---
+- name: Test CNAME Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure that 'host04' has CNAME, with cname_hostname
+  - ipadnsrecord:
+      zone_name: example.com
+      name: host04
+      cname_hostname: host04.example.com
--- a/playbooks/dnsrecord/ensure-MX-record-is-present.yml
+++ b/playbooks/dnsrecord/ensure-MX-record-is-present.yml
+---
+- name: Ensure MX Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure an MX record is absent
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      name: '@'
+      record_type: 'MX'
+      record_value: '1 mailserver.example.com'
+      zone_name: example.com
+      state: present
--- a/playbooks/dnsrecord/ensure-PTR-record-is-present.yml
+++ b/playbooks/dnsrecord/ensure-PTR-record-is-present.yml
+---
+- name: Test PTR Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure a PTR record is present
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      name: 5
+      record_type: 'PTR'
+      record_value: 'internal.ipa.example.com'
+      zone_name: 2.168.192.in-addr.arpa
+      state: present
--- a/playbooks/dnsrecord/ensure-SRV-record-is-present.yml
+++ b/playbooks/dnsrecord/ensure-SRV-record-is-present.yml
+---
+- name: Test SRV Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure a SRV record is present
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      name: _kerberos._udp.example.com
+      record_type: 'SRV'
+      record_value: '10 50 88 ipa.example.com'
+      zone_name: example.com
+      state: present
--- a/playbooks/dnsrecord/ensure-SSHFP-record-is-present.yml
+++ b/playbooks/dnsrecord/ensure-SSHFP-record-is-present.yml
+---
+- name: Test SSHFP Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure a SSHFP record is present
+  # SSHFP fingerprint generated with `ssh-keygen -r host04.testzone.local`
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      zone_name: example.com
+      name: host04
+      sshfp_algorithm: 1
+      sshfp_fp_type: 1
+      sshfp_fingerprint: d21802c61733e055b8d16296cbce300efb8a167a
--- a/playbooks/dnsrecord/ensure-TLSA-record-is-present.yml
+++ b/playbooks/dnsrecord/ensure-TLSA-record-is-present.yml
+---
+- name: Test SSHFP Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure a SSHFP record is present
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      zone_name: example.com
+      name: host04
+      tlsa_cert_usage: 3
+      tlsa_selector: 1
+      tlsa_matching_type: 1
+      tlsa_cert_association_data: 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2
--- a/playbooks/dnsrecord/ensure-TXT-record-is-present.yml
+++ b/playbooks/dnsrecord/ensure-TXT-record-is-present.yml
+---
+- name: Test TXT Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure a TXT record is absent
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      name: _kerberos
+      record_type: 'TXT'
+      record_value: 'EXAMPLE.COM'
+      zone_name: example.com
+      state: present
--- a/playbooks/dnsrecord/ensure-URI-record-is-present.yml
+++ b/playbooks/dnsrecord/ensure-URI-record-is-present.yml
+---
+- name: Test URI Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure a URI record is absent
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      name: _ftp._tcp
+      record_type: 'URI'
+      uri_priority: 10
+      uri_weight: 1
+      uri_target: ftp://ftp.example.com/public
+      zone_name: example.com
+      state: present
--- a/playbooks/dnsrecord/ensure-dnsrecord-is-absent.yml
+++ b/playbooks/dnsrecord/ensure-dnsrecord-is-absent.yml
+---
+- name: Test DNS Record is absent.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure that dns record is absent
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      name: host01
+      zone_name: example.com
+      record_type: 'AAAA'
+      record_value: '::1'
+      state: absent
--- a/playbooks/dnsrecord/ensure-dnsrecord-is-present.yml
+++ b/playbooks/dnsrecord/ensure-dnsrecord-is-present.yml
+---
+- name: Test DNS Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure that dns record is present
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      name: host01
+      zone_name: example.com
+      record_type: 'AAAA'
+      record_value: '::1'
+      state: present
--- a/playbooks/dnsrecord/ensure-dnsrecord-with-reverse-is-present.yml
+++ b/playbooks/dnsrecord/ensure-dnsrecord-with-reverse-is-present.yml
+---
+- name: Test DNS Record is present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure that dns record is present
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      name: host01
+      zone_name: example.com
+      ip_address: 192.160.123.45
+      create_reverse: yes
+      state: present
--- a/playbooks/dnsrecord/ensure-multiple-A-records-are-present.yml
+++ b/playbooks/dnsrecord/ensure-multiple-A-records-are-present.yml
+---
+- name: Playbook to manage DNS records.
+  hosts: ipaserver
+  become: yes
+  gather_facts: no
+
+  tasks:
+  - name: Ensure that 'host04' has multiple A records.
+    ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      zone_name: ipatest.local
+      name: host01
+      a_rec:
+        - 192.168.122.221
+        - 192.168.122.222
+        - 192.168.122.223
+        - 192.168.122.224
--- a/playbooks/dnsrecord/ensure-presence-multiple-records.yml
+++ b/playbooks/dnsrecord/ensure-presence-multiple-records.yml
+---
+- name: Test multiple DNS Records are present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure that multiple dns records are present
+  - ipadnsrecord:
+      ipaadmin_password: SomeADMINpassword
+      records:
+        - name: host01
+          zone_name: example.com
+          record_type: A
+          record_value:
+            - 192.168.122.112
+            - 192.168.122.122
+        - name: host01
+          zone_name: testzone.local
+          record_type: AAAA
+          record_value: ::1
--- a/plugins/modules/ipadnsrecord.py
+++ b/plugins/modules/ipadnsrecord.py
--- a/tests/dnsrecord/env_cleanup.yml
+++ b/tests/dnsrecord/env_cleanup.yml
+---
+  # Cleanup tasks.
+   - name: Ensure that dns records are absent
+     ipadnsrecord:
+       ipaadmin_password: SomeADMINpassword
+       zone_name: "{{ testzone }}"
+       del_all: yes
+       name:
+       - host01
+       - host02
+       - host03
+       - host04
+       - _ftp._tcp
+       - _sip._udp
+       state: absent
+
+   - name: Ensure that dns reverse ipv6 records are absent
+     ipadnsrecord:
+       ipaadmin_password: SomeADMINpassword
+       zone_name: ip6.arpa.
+       del_all: yes
+       name:
+       - 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f
+       - 1.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f
+       - 1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f
+       - 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f
+       - 4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f
+       - 4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f
+       state: absent
+
+   - name: Ensure that dns reverse ipv6 records are absent (workaround)
+     ipadnsrecord:
+       ipaadmin_password: SomeADMINpassword
+       zone_name: "{{ zone_ipv6_reverse_workaround }}"
+       del_all: yes
+       name:
+       - 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
+       - 1.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
+       - 1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
+       - 4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
+       - 4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
+       - 4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
+       state: absent
+
+   - name: Ensure that dns reverse records are absent
+     ipadnsrecord:
+       ipaadmin_password: SomeADMINpassword
+       zone_name: "{{ zone_prefix_reverse_24 }}"
+       name:
+       - "101"
+       - "102"
+       - "103"
+       - "104"
+       - "111"
+       - "112"
+       - "113"
+       - "114"
+       - "121"
+       - "122"
+       - "123"
+       - "124"
+       del_all: yes
+       state: absent
+
+   - name: Ensure that dns reverse records are absent (workaround 1)
+     ipadnsrecord:
+       ipaadmin_password: SomeADMINpassword
+       zone_name: "{{ zone_prefix_reverse_16 }}"
+       name:
+       - "101.122"
+       - "102.122"
+       - "103.122"
+       - "104.122"
+       - "111.122"
+       - "112.122"
+       - "113.122"
+       - "114.122"
+       - "121.122"
+       - "122.122"
+       - "123.122"
+       - "124.122"
+       del_all: yes
+       state: absent
+
+   - name: Ensure that dns reverse records are absent (workaround 2)
+     ipadnsrecord:
+       ipaadmin_password: SomeADMINpassword
+       zone_name: "{{ zone_prefix_reverse_8 }}"
+       name:
+       - "168.101.122"
+       - "168.102.122"
+       - "168.103.122"
+       - "168.104.122"
+       - "168.111.122"
+       - "168.112.122"
+       - "168.113.122"
+       - "168.114.122"
+       - "168.121.122"
+       - "168.122.122"
+       - "168.123.122"
+       - "168.124.122"
+       del_all: yes
+       state: absent
+
+   - name: Ensure that "{{ safezone }}" dns records are absent
+     ipadnsrecord:
+       ipaadmin_password: SomeADMINpassword
+       zone_name: "{{ safezone }}"
+       records:
+       - name: iron01
+         del_all: yes
+       state: absent
+
+   - name: Ensure that NS record for "{{ safezone }}" is absent
+     ipadnsrecord:
+       ipaadmin_password: SomeADMINpassword
+       name: iron01
+       zone_name: "{{ safezone }}"
+       ns_rec: iron01
+       state: absent
+
+   - name: Ensure DNS testing zones are absent.
+     ipadnszone:
+       ipaadmin_password: SomeADMINpassword
+       name: "{{ item }}"
+       state: absent
+     with_items:
+       - "{{ zone_prefix_reverse }}"
+       - "{{ zone_prefix_reverse_24 }}"
+       - "{{ zone_prefix_reverse_16 }}"
+       - "{{ zone_prefix_reverse_8 }}"
+       - "{{ testzone }}"
+       - ip6.arpa.
+       - d.f.ip6.arpa.
+       - "{{ safezone }}"