tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit for bind, templates for named.conf.* and zones and zone creation.

Browse source
This commit is contained in:
Jussi 2012-01-13 17:21:24 +02:00 committed by Timo Mkinen
parent 37e39c5c19
commit 0f21d12012
4 changed files with 119 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
dns/manifests/init.pp
View file

@ -74,9 +74,10 @@ class dns::server {
case $operatingsystem {
"ubuntu": {
$ipaddr = $dns_listener_ipaddr
file { "${confdir}/named.conf.local":
ensure => present,
source => "puppet:///files/dns/named.conf.${fqdn}",
content => template("dns/named.conf.local.erb"),
mode => 0640,
owner => "root",
group => "bind",
@ -85,13 +86,46 @@ class dns::server {
}
file { "${confdir}/named.conf.options":
ensure => present,
source => "puppet:///files/dns/named.conf.options.${fqdn}",
content => template("dns/named.conf.options.erb"),
mode => 0640,
owner => "root",
group => "bind",
require => Package["bind"],
notify => Service["named"],
}
define populate_zones {
$zone = $name
file { "${confdir}/db.${zone}":
ensure => present,
content => template("dns/db.erb"),
mode => 0640,
owner => "root",
group => "bind",
require => Package["bind"],
notify => Service["named"],
}
file { "${confdir}/db.${zone}-dynamic":
ensure => present,
source => [ "puppet:///files/dns/db.${zone}-dynamic.${homename}",
"puppet:///files/dns/empty", ],
mode => 0640,
owner => "root",
group => "bind",
require => Package["bind"],
notify => Service["named"],
}
file { "${confdir}/db.${zone}-static":
ensure => present,
source => [ "puppet:///files/dns/db.${zone}-static.${homename}",
"puppet:///files/dns/empty", ],
mode => 0640,
owner => "root",
group => "bind",
require => Package["bind"],
notify => Service["named"],
}
}
populate_zones { $dns_zones: }
}
default: {
file { "${confdir}/named.conf":

18
dns/templates/db.erb Normal file
View file

@ -0,0 +1,18 @@
;
; BIND data file for <%= zone %>
;
;
$TTL 86400
@ IN SOA ns1.<%= zone %>. root.<%= zone %>. (
<%= Time.now.to_i %> ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS ns1.<%= zone %>.
ns1 IN A <%= ipaddr %>
$INCLUDE /etc/bind/db.<%= zone %>-dynamic
$INCLUDE /etc/bind/db.<%= zone %>-static

32
dns/templates/named.conf.local.erb Normal file
View file

@ -0,0 +1,32 @@
//
// Do any local configuration here
//
acl "xfer" {
none; // Allow no transfers. If we have other
// name servers, place them here.
};
acl "trusted" {
// Place our internal and DMZ subnets in here so that
// intranet and DMZ clients may send DNS queries. This
// also prevents outside hosts from using our name server
// as a resolver for other domains.
<% dns_client_networks.each do |network| -%>
<%= network %>;
<% end -%>
localhost;
};
<% dns_zones.each do |zone| -%>
zone "<%= zone %>" {
type master;
file "/etc/bind/db.<%= zone %>";
};
<% end -%>
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

33
dns/templates/named.conf.options.erb Normal file
View file

@ -0,0 +1,33 @@
options {
listen-on {
<%= ipaddr %>;
};
allow-transfer {
xfer;
};
allow-recursion {
trusted;
};
# recursion yes;
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
};