From 954955bd39fdca13cbb6be7f580b78d2078af895 Mon Sep 17 00:00:00 2001
From: Ossi Herrala <ossi.herrala@codenomicon.com>
Date: Thu, 29 Nov 2012 14:13:28 +0000
Subject: [PATCH] Perform named-checkconf before reloading named.

This tries to minimize the risk of reloading broken config or invalid
zone files, and kill our DNS infrastructure while doing so.
---
 dns/manifests/init.pp | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/dns/manifests/init.pp b/dns/manifests/init.pp
index ba4051e..7a6a87e 100644
--- a/dns/manifests/init.pp
+++ b/dns/manifests/init.pp
@@ -107,6 +107,16 @@ class dns::server {
         }
     }
 
+    exec { "named-checkconf":
+        command => $chroot ? {
+            ""      => "/usr/sbin/named-checkconf -z",
+            default => "/usr/sbin/named-checkconf -z -t ${chroot}"
+        },
+        refreshonly => true,
+        subscribe   => File["named.conf"],
+        notify      => Service["named"],
+    }
+
     service { "named":
         name    => $::operatingsystem ? {
             "ubuntu" => "bind9",
@@ -155,7 +165,7 @@ class dns::server {
         user        => "root",
         refreshonly => true,
         require     => File["/usr/local/sbin/generate-named-conf.sh"],
-        notify      => Service["named"],
+        notify      => Exec["named-checkconf"],
     }
 
     file { "${chroot}${confdir}/named.conf.options":
@@ -170,7 +180,7 @@ class dns::server {
             "openbsd" => undef,
             default   => Package["bind"],
         },
-        notify  => Service["named"],
+        notify  => Exec["named-checkconf"]
     }
 
     file { "${chroot}${confdir}/named.conf.local":
@@ -185,7 +195,7 @@ class dns::server {
             "openbsd" => undef,
             default   => Package["bind"],
         },
-        notify  => Service["named"],
+        notify  => Exec["named-checkconf"]
     }
 }
 
@@ -225,7 +235,7 @@ class dns::server::ldap inherits dns::server {
         command   => "dnsdump.py --notest /var/named/master.in /var/named/master",
         require   => File["/usr/local/sbin/dnsdump.py"],
         unless    => "dnsdump.py --test /var/named/master.in /var/named/master",
-        notify    => Service["named"]
+        notify    => Exec["named-checkconf"],
     }
 }
 
@@ -389,7 +399,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
                     "openbsd" => undef,
                     default   => Package["bind"],
                 },
-                notify  => Service["named"],
+                notify  => Exec["named-checkconf"],
             }
             file { "${dns::server::chroot}${zonedir}/db.${zone}-dynamic":
                 ensure  => present,
@@ -405,7 +415,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
                     "openbsd" => undef,
                     default   => Package["bind"],
                 },
-                notify  => Service["named"],
+                notify  => Exec["named-checkconf"],
             }
             file { "${dns::server::chroot}${zonedir}/db.${zone}-static":
                 ensure  => present,
@@ -421,7 +431,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
                     "openbsd" => undef,
                     default   => Package["bind"],
                 },
-                notify  => Service["named"],
+                notify  => Exec["named-checkconf"],
             }
         }
     }
@@ -468,5 +478,4 @@ class dns::nsupdate {
         minute  => "*/5",
         require => File["/usr/local/sbin/nsupdate.sh"],
     }
-
 }