Initial commit for bind, templates for named.conf.* and zones and zone creation.

dns/manifests/init.pp

@@ -74,9 +74,10 @@ class dns::server {
 
     case $operatingsystem {
         "ubuntu": {
+            $ipaddr = $dns_listener_ipaddr
             file { "${confdir}/named.conf.local":
                 ensure  => present,
-                source  => "puppet:///files/dns/named.conf.${fqdn}",
+                content  => template("dns/named.conf.local.erb"),
                 mode    => 0640,
                 owner   => "root",
                 group   => "bind",
@@ -85,13 +86,46 @@ class dns::server {
             }
             file { "${confdir}/named.conf.options":
                 ensure  => present,
-                source  => "puppet:///files/dns/named.conf.options.${fqdn}",
+               content  => template("dns/named.conf.options.erb"),
                 mode    => 0640,
                 owner   => "root",
                 group   => "bind",
                 require => Package["bind"],
                 notify  => Service["named"],
             }
+           define populate_zones {
+             $zone = $name
+             file { "${confdir}/db.${zone}":
+               ensure => present,
+               content => template("dns/db.erb"),
+               mode    => 0640,
+                owner   => "root",
+                group   => "bind",
+                require => Package["bind"],
+                notify  => Service["named"],
+             }
+              file { "${confdir}/db.${zone}-dynamic":
+                ensure => present,
+                source => [ "puppet:///files/dns/db.${zone}-dynamic.${homename}",
+                            "puppet:///files/dns/empty", ],
+                mode    => 0640,
+                owner   => "root",
+                group   => "bind",
+                require => Package["bind"],
+                notify  => Service["named"],
+             }
+              file { "${confdir}/db.${zone}-static":
+                ensure => present,
+                source => [ "puppet:///files/dns/db.${zone}-static.${homename}",
+                           "puppet:///files/dns/empty", ],
+                mode    => 0640,
+                owner   => "root",
+                group   => "bind",
+                require => Package["bind"],
+                notify  => Service["named"],
+             }
+          }
+          populate_zones { $dns_zones: }
         }
         default: {
             file { "${confdir}/named.conf":

dns/templates/db.erb

@@ -0,0 +1,18 @@
+;
+; BIND data file for <%= zone %>
+;
+;
+
+$TTL    86400
+@       IN      SOA     ns1.<%= zone %>. root.<%= zone %>. (
+                         <%= Time.now.to_i %> ; Serial
+                         604800         ; Refresh
+                          86400         ; Retry
+                        2419200         ; Expire
+                          86400 )       ; Negative Cache TTL
+;
+@       IN      NS      ns1.<%= zone %>.
+ns1    IN      A       <%= ipaddr %>
+
+$INCLUDE /etc/bind/db.<%= zone %>-dynamic
+$INCLUDE /etc/bind/db.<%= zone %>-static

dns/templates/named.conf.local.erb

@@ -0,0 +1,32 @@
+//
+// Do any local configuration here
+//
+
+acl "xfer" {
+    none;   // Allow no transfers.  If we have other
+            // name servers, place them here.
+};
+
+acl "trusted" {
+    // Place our internal and DMZ subnets in here so that
+    // intranet and DMZ clients may send DNS queries.  This
+    // also prevents outside hosts from using our name server
+    // as a resolver for other domains.
+<% dns_client_networks.each do |network| -%>
+    <%= network %>;
+<% end -%>
+    localhost;
+};
+
+<% dns_zones.each do |zone| -%>
+zone "<%= zone %>" {
+       type master;
+       file "/etc/bind/db.<%= zone %>";
+};
+<% end -%>
+
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+

dns/templates/named.conf.options.erb

@@ -0,0 +1,33 @@
+options {
+        listen-on {
+       <%= ipaddr %>;
+       };
+        allow-transfer {
+               xfer;
+       };
+        allow-recursion {
+               trusted;
+       };
+        # recursion yes;
+        directory "/var/cache/bind";
+        // If there is a firewall between you and nameservers you want
+        // to talk to, you might need to uncomment the query-source
+        // directive below.  Previous versions of BIND always asked
+        // questions using port 53, but BIND 8.1 and later use an unprivileged
+        // port by default.
+
+        // query-source address * port 53;
+
+        // If your ISP provided one or more IP addresses for stable
+        // nameservers, you probably want to use them as forwarders.
+        // Uncomment the following block, and insert the addresses replacing
+        // the all-0's placeholder.
+
+        // forwarders {
+        //      0.0.0.0;
+        // };
+
+        auth-nxdomain no;    # conform to RFC1035
+
+};
+