From d68f088e7c1dc5c465a44a73901cf91ee8563e3f Mon Sep 17 00:00:00 2001 From: John Bond Date: Fri, 21 Feb 2014 14:47:21 +0100 Subject: [PATCH] * we dont want rfc1918 zone or root hints unless we are recursive * ensure that the named dir exists * add bind group * change some defaults and only add dnssec resolver functions if we * recurse bla --- manifests/server/conf.pp | 24 +++++++++++++++++++----- manifests/server/file.pp | 2 +- templates/named.conf.erb | 10 +++++++--- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/manifests/server/conf.pp b/manifests/server/conf.pp index 1f11132fc..e945435b9 100644 --- a/manifests/server/conf.pp +++ b/manifests/server/conf.pp @@ -48,9 +48,18 @@ # $dnssec_enable: # Enable DNSSEC support. Default: 'yes' # $dnssec_validation: -# Enable DNSSEC validation. Default: 'yes' +# Enable DNSSEC validation. Default: 'auto' # $dnssec_lookaside: -# DNSSEC lookaside type. Default: 'auto' +# DNSSEC lookaside type. Default: empty +# $bindkeys_file: +# The pathname of a file to override the built-in trusted keys provided by named +# $hostname +# The host-name (a quotes string) the server should report via a query of the +# name hostname.bind with type TXT, class CHAOS. Specifying none disables. +# Defaut: None +# $server_id +# The ID the server will return via a query for ID.SERVER with type TXT, +# under class CH (CHAOS). Default: empty # $zones: # Hash of managed zones and their configuration. The key is the zone name # and the value is an array of config lines. Default: empty @@ -102,18 +111,23 @@ $check_names = [], $extra_options = {}, $dnssec_enable = 'yes', - $dnssec_validation = 'yes', - $dnssec_lookaside = 'auto', + $dnssec_validation = 'auto', + $dnssec_lookaside = undef, + $bindkeys_file = undef, + $hostname = 'none', + $server_id = undef, $zones = {}, $includes = [], $views = {}, ) { # Everything is inside a single template + file { $directory: + ensure => directory, + } file { $title: notify => Class['bind::service'], content => template('bind/named.conf.erb'), } - } diff --git a/manifests/server/file.pp b/manifests/server/file.pp index e84cb922d..226ed625f 100644 --- a/manifests/server/file.pp +++ b/manifests/server/file.pp @@ -31,7 +31,7 @@ define bind::server::file ( $zonedir = '/var/named', $owner = 'root', - $group = undef, + $group = $::bind::params::bindgroup, $mode = '0640', $dirmode = '0750', $source = undef, diff --git a/templates/named.conf.erb b/templates/named.conf.erb index bce153ce2..60d049e53 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -81,11 +81,16 @@ options { <% end -%> dnssec-enable <%= @dnssec_enable %>; +<%- if @recursion == 'yes' -%> dnssec-validation <%= @dnssec_validation %>; + <%- if @dnssec_lookaside -%> dnssec-lookaside <%= @dnssec_lookaside %>; + <% end -%> - /* Path to ISC DLV key */ - bindkeys-file "/etc/named.iscdlv.key"; + <%- if @bindkeys_file -%> + bindkeys-file "<%= @bindkeys_file %>"; + <% end -%> +<% end -%> }; logging { @@ -143,7 +148,6 @@ view "<%= key %>" { }; <% end -%> <% else -%><%# end views, start no views -%> - <% if @recursion == 'yes' -%> zone "." IN { type hint;