sjat
078d1ad9d9
Gandi LiveDNS rejects the RFC-7505 null-MX value '0 .' ('invalid format for MX
record'), which failed the live apply. No MX + no apex A = no mail delivery, and
SPF -all + DMARC reject still prevent spoofing — so remove Gandi's seeded MX (add
@/MX to absent) rather than declare a null-MX present. Assert now requires an SPF
@/TXT record; tests + Molecule sample updated.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
14 lines
401 B
YAML
14 lines
401 B
YAML
---
|
|
- name: Converge
|
|
hosts: all
|
|
gather_facts: true
|
|
vars:
|
|
public_dns__apply: false # never call the Gandi API from a container
|
|
public_dns__domain: example.test
|
|
public_dns__records:
|
|
- {record: "@", type: TXT, values: ['"v=spf1 -all"'], ttl: 3600}
|
|
public_dns__absent:
|
|
- {record: www, type: CNAME}
|
|
- {record: "@", type: MX}
|
|
roles:
|
|
- role: public_dns
|