From d54f0266aa755c4af25b934380531bbe8628c529 Mon Sep 17 00:00:00 2001 From: Leonidas Tsaousis Date: Fri, 4 Nov 2016 14:48:31 +0200 Subject: [PATCH 01/16] Leave conf options undef for the applier to fill if needed --- manifests/server/.conf.pp.swp | Bin 0 -> 16384 bytes manifests/server/conf.pp | 9 ++++++--- 2 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 manifests/server/.conf.pp.swp diff --git a/manifests/server/.conf.pp.swp b/manifests/server/.conf.pp.swp new file mode 100644 index 0000000000000000000000000000000000000000..8291e91487f95b786c19f5180102658ef8a4edd4 GIT binary patch literal 16384 zcmeHNUx*|}8LvBIG@cj5JP0A+=iN$QaCc^B@84!+WA642ZqeLb*t-ze$WYT=v)gP> z_t;glcjIOi1rcIiqdtgH2)>9fz9{+-6%trt7P(zWUWyRbPKKy~U^3pQMYea{||Ug&2SCk!ODTgX3Z|7Gl&JrDnthhhK@x zj9wUyhLO^TNq*WXY(sLW%t9|tqxL|iabIbp+gjzjDsP8b+HVbqhw1TUo&nFmTV!Bl z`U}e^#o49KBG){9>Vx#q`)&d?mZ~PFM;QQUEnP62=F^7`!Vo& zU<5n?bb!CVTZq2^F9JKjv%tf^N#Ktsg!mQk1t14b11Er2-zCJifv*DBfsX;NAF=7E#I>qw&91AY(u z2KY7bUEs^W9pE-_2Dl&i6B077051YLa08eJ9sqc(epn=4h~}cvVAvHzr_0a%I8oHN zRw-!j%DkP*fr{FZG_oDaa9ee`ZY$~q^Qb?EpI_)WOB*%uWtB#0r21CG{Yax5M@^x+ z$aba;x6_npXu*#@`O{-OutnGLK;Ul;q|otjS5N zjY_*&+TFd-l~I&Cu~pinU}dEf&u%P?v7s5FSnF&=TMh<`$}vf>71Wrcq_LubTk0Z-WHf0G+=C+!1% z7-$vd%Frn(Wv|x@!!U}XQ|M$RA(O2vkInXgwg)m?7)0l*;y~S%gJGgtS-!Pkbi5VN z>f^NOYV(kC8;uLadvusVB^P@%7#E*ELi<&du-Q8GDV@k&rQ0~g?D%b6; zn>s~`YoOE|W`h};oozEzL%go~Q(3Asv$9w8dctim>7bLRp!3)g9A^oxGtXa^Tjx8i z&SL3Gc1TKkW-844Vdt^V@|4PKdb452o^ET*V8R32!Ap5A$CUL+_H>qvjH015+nP*9cFD2TDNe&=6e(h+ zb&Ia3z8ocHh16hZ#;j+qkkH%^kxU~p+lqE&GEx+4JRn)N#0JG%lwcan)J4~%-e!}E z#fI2Z$+~BuH_pi^8RgPo-D}Y;GzJN7ircMfa3`#R{OG@7oO76?8phI=SZkB5>x{Z` zePiS58YNk_BXta_c|O#b4&=yWfvpv#8p}X;BI*=eO=S<8N1+GA$Ji_^HXuSRR*S85r~5)mnBS&T>{YEt;Fz#udb3Gc7wrdozl26Pv@q%JQd+pw787WeDo?g zK!|5Fq8i>2*bcf@hLH^e%HXnPD>jYTKuCiPC*ZCG{3(hxuV!v!%bL!P%Tg?&dFaz9+)NxVZ% zynhnB+Ci&A(;~)oI;|=je>SxgO!Z{~7HULQ>N!e1sF_tAwD#PQtgT1LQ<`~6oEUtL z{!<25)>feahun7MowxfZNo_ZL-gu83S1r@SzsS{4tNUSJiz;bzoMPj zfIpXQqFH}=20R0v0ndPEz%$?(@ClH=5-VkK!jKytNwbra%IoDcB1TdeLJJT$?mn|jTeVgfY2;q(B88>3 z%xP6>kJwyKn_19_$b<=3K1oQH0+aFsB~GGlVlCm=wb`{&q#(OiUaIH2Jq4_1FD)ep o(}}hY+B-_}l2vdjY&uQEds;RP#ZeYrcU|G@KQ9Tg<0_SI?`v3p{ literal 0 HcmV?d00001 diff --git a/manifests/server/conf.pp b/manifests/server/conf.pp index 14fcbc1fc..936ea7edf 100644 --- a/manifests/server/conf.pp +++ b/manifests/server/conf.pp @@ -101,9 +101,12 @@ $hostname = undef, $server_id = undef, $version = undef, - $dump_file = '/var/named/data/cache_dump.db', - $statistics_file = '/var/named/data/named_stats.txt', - $memstatistics_file = '/var/named/data/named_mem_stats.txt', + # $dump_file = '/var/named/data/cache_dump.db', + $dump_file = undef, + # $statistics_file = '/var/named/data/named_stats.txt', + $statistics_file = undef, + # $memstatistics_file = '/var/named/data/named_mem_stats.txt', + $memstatistics_file = undef, $allow_query = [ 'localhost' ], $allow_query_cache = [], $recursion = 'yes', From 88af2eaf86b0f3bd84ffbb105a679eaf8e8909e9 Mon Sep 17 00:00:00 2001 From: Leonidas Tsaou Date: Fri, 11 Nov 2016 12:17:35 +0200 Subject: [PATCH 02/16] Write my fork's TODOs --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 9f7f9690e..5785861bb 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,11 @@ +# TODOs + +- [ ] Make it more generic, change directories for ubuntu (`/etc/bind/named...` instead of CentOS `/etc/named...`) +- [ ] Disable hard defaults, they cannot be overwritten by the user (some work done in my fork's first commit) +- [ ] Augment config template with more options (and their supporting resources in the related manifests) that are very important (e.g `allow_new_zones`), instead of having to manually write them in the provided `extra_options` resource. + + + # puppet-bind ## Overview From 3d9703b4d125de0b6de65054c5605a7996d438a8 Mon Sep 17 00:00:00 2001 From: Leonidas Tsaou Date: Fri, 11 Nov 2016 17:32:28 +0200 Subject: [PATCH 03/16] Add TODO regarding `controls` option --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5785861bb..20bde6297 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ - [ ] Make it more generic, change directories for ubuntu (`/etc/bind/named...` instead of CentOS `/etc/named...`) - [ ] Disable hard defaults, they cannot be overwritten by the user (some work done in my fork's first commit) - [ ] Augment config template with more options (and their supporting resources in the related manifests) that are very important (e.g `allow_new_zones`), instead of having to manually write them in the provided `extra_options` resource. +- [ ] Add `controls {...}` option, user-customizable, to enable dynamic operation using the `rndc` tool from remote hosts. From 6e59270a43c410a1e0c96081c2e5c62af09170be Mon Sep 17 00:00:00 2001 From: Leonidas Tsaousis Date: Fri, 11 Nov 2016 17:41:35 +0200 Subject: [PATCH 04/16] Ignore vim leftovers --- .gitignore | 2 ++ manifests/server/.conf.pp.swp | Bin 16384 -> 0 bytes 2 files changed, 2 insertions(+) create mode 100644 .gitignore delete mode 100644 manifests/server/.conf.pp.swp diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..381931381 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.swp +*.swo diff --git a/manifests/server/.conf.pp.swp b/manifests/server/.conf.pp.swp deleted file mode 100644 index 8291e91487f95b786c19f5180102658ef8a4edd4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16384 zcmeHNUx*|}8LvBIG@cj5JP0A+=iN$QaCc^B@84!+WA642ZqeLb*t-ze$WYT=v)gP> z_t;glcjIOi1rcIiqdtgH2)>9fz9{+-6%trt7P(zWUWyRbPKKy~U^3pQMYea{||Ug&2SCk!ODTgX3Z|7Gl&JrDnthhhK@x zj9wUyhLO^TNq*WXY(sLW%t9|tqxL|iabIbp+gjzjDsP8b+HVbqhw1TUo&nFmTV!Bl z`U}e^#o49KBG){9>Vx#q`)&d?mZ~PFM;QQUEnP62=F^7`!Vo& zU<5n?bb!CVTZq2^F9JKjv%tf^N#Ktsg!mQk1t14b11Er2-zCJifv*DBfsX;NAF=7E#I>qw&91AY(u z2KY7bUEs^W9pE-_2Dl&i6B077051YLa08eJ9sqc(epn=4h~}cvVAvHzr_0a%I8oHN zRw-!j%DkP*fr{FZG_oDaa9ee`ZY$~q^Qb?EpI_)WOB*%uWtB#0r21CG{Yax5M@^x+ z$aba;x6_npXu*#@`O{-OutnGLK;Ul;q|otjS5N zjY_*&+TFd-l~I&Cu~pinU}dEf&u%P?v7s5FSnF&=TMh<`$}vf>71Wrcq_LubTk0Z-WHf0G+=C+!1% z7-$vd%Frn(Wv|x@!!U}XQ|M$RA(O2vkInXgwg)m?7)0l*;y~S%gJGgtS-!Pkbi5VN z>f^NOYV(kC8;uLadvusVB^P@%7#E*ELi<&du-Q8GDV@k&rQ0~g?D%b6; zn>s~`YoOE|W`h};oozEzL%go~Q(3Asv$9w8dctim>7bLRp!3)g9A^oxGtXa^Tjx8i z&SL3Gc1TKkW-844Vdt^V@|4PKdb452o^ET*V8R32!Ap5A$CUL+_H>qvjH015+nP*9cFD2TDNe&=6e(h+ zb&Ia3z8ocHh16hZ#;j+qkkH%^kxU~p+lqE&GEx+4JRn)N#0JG%lwcan)J4~%-e!}E z#fI2Z$+~BuH_pi^8RgPo-D}Y;GzJN7ircMfa3`#R{OG@7oO76?8phI=SZkB5>x{Z` zePiS58YNk_BXta_c|O#b4&=yWfvpv#8p}X;BI*=eO=S<8N1+GA$Ji_^HXuSRR*S85r~5)mnBS&T>{YEt;Fz#udb3Gc7wrdozl26Pv@q%JQd+pw787WeDo?g zK!|5Fq8i>2*bcf@hLH^e%HXnPD>jYTKuCiPC*ZCG{3(hxuV!v!%bL!P%Tg?&dFaz9+)NxVZ% zynhnB+Ci&A(;~)oI;|=je>SxgO!Z{~7HULQ>N!e1sF_tAwD#PQtgT1LQ<`~6oEUtL z{!<25)>feahun7MowxfZNo_ZL-gu83S1r@SzsS{4tNUSJiz;bzoMPj zfIpXQqFH}=20R0v0ndPEz%$?(@ClH=5-VkK!jKytNwbra%IoDcB1TdeLJJT$?mn|jTeVgfY2;q(B88>3 z%xP6>kJwyKn_19_$b<=3K1oQH0+aFsB~GGlVlCm=wb`{&q#(OiUaIH2Jq4_1FD)ep o(}}hY+B-_}l2vdjY&uQEds;RP#ZeYrcU|G@KQ9Tg<0_SI?`v3p{ From 4701ba583e27ceb76c5f2aa06b82be269d014ccd Mon Sep 17 00:00:00 2001 From: Leonidas Tsaousis Date: Fri, 11 Nov 2016 17:42:01 +0200 Subject: [PATCH 05/16] Dynamic configuration of dnssec related options The template now includes clauses for these values, instead of forcing the edit of their values. --- templates/named.conf.erb | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/templates/named.conf.erb b/templates/named.conf.erb index 8d0c47155..673cd615a 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -40,6 +40,10 @@ options { <% if @listen_on_v6_port -%> listen-on-v6 port <%= @listen_on_v6_port %> { <%= @listen_on_v6_addr.join("; ") %>; }; <% end -%> +<% if !@listen_on_v6.empty? -%> + listen-on-v6 { <%= @listen_on_v6.join("; ") %>; }; +<% end -%> + <% if !@forwarders.empty? -%> forwarders { <%= @forwarders.join("; ") %>; }; <% end -%> @@ -90,12 +94,24 @@ options { <% end -%> <% end -%> - dnssec-enable <%= @dnssec_enable %>; + +<% if @dnssec_enable -%> + dnssec-enable "<%= @dnssec_enable %>"; +<% end -%> + +<% if @dnssec_validation -%> dnssec-validation <%= @dnssec_validation %>; +<% end -%> + +<% if @dnssec_lookaside -%> dnssec-lookaside <%= @dnssec_lookaside %>; +<% end -%> +<% if @bindkeys_file -%> /* Path to ISC DLV key */ - bindkeys-file "/etc/named.iscdlv.key"; + bindkeys-file <%= @bindkeys_file %>; +<% end -%> + }; logging { From 4052167b20c1b9f9ef41f72cda7d2fbe21d89696 Mon Sep 17 00:00:00 2001 From: Leonidas Tsaousis Date: Fri, 11 Nov 2016 17:45:01 +0200 Subject: [PATCH 06/16] Add `controls` in the configuration Currently it's a hardcoded option, not overwriteable used only to help us with our implementation. In a future commit this must be more dynamic enabling the addition of multiple (or none) inets, ability to skip completely the `controls ` clause and so on --- templates/named.conf.erb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/templates/named.conf.erb b/templates/named.conf.erb index 673cd615a..2c0654d4e 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -3,6 +3,12 @@ // WARNING: Puppet managed, do not edit! // +controls { + inet 127.0.0.1 port 953 allow { any; }; + inet 192.168.2.87 port 953 allow { any; }; +}; + + <% if !@acls.empty? -%> <% @acls.sort_by {|key, value| key}.each do |key,value| -%> acl <%= key %> { From f7a265e35a6efb44e3846b0f1d39f14a7117e095 Mon Sep 17 00:00:00 2001 From: Leonidas Tsaousis Date: Fri, 11 Nov 2016 18:19:09 +0200 Subject: [PATCH 07/16] listen_on_v6 option not needed, compiled from previous ones --- templates/named.conf.erb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/templates/named.conf.erb b/templates/named.conf.erb index 2c0654d4e..cda41f4a8 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -46,10 +46,6 @@ options { <% if @listen_on_v6_port -%> listen-on-v6 port <%= @listen_on_v6_port %> { <%= @listen_on_v6_addr.join("; ") %>; }; <% end -%> -<% if !@listen_on_v6.empty? -%> - listen-on-v6 { <%= @listen_on_v6.join("; ") %>; }; -<% end -%> - <% if !@forwarders.empty? -%> forwarders { <%= @forwarders.join("; ") %>; }; <% end -%> From 386455f40e220addbf28720f2f785853c1c02cdc Mon Sep 17 00:00:00 2001 From: Leonidas Tsaousis Date: Fri, 11 Nov 2016 18:24:26 +0200 Subject: [PATCH 08/16] Quotes cause synatx errors in conf parsing --- templates/named.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/named.conf.erb b/templates/named.conf.erb index cda41f4a8..cc00a4e73 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -98,7 +98,7 @@ options { <% end -%> <% if @dnssec_enable -%> - dnssec-enable "<%= @dnssec_enable %>"; + dnssec-enable <%= @dnssec_enable %>; <% end -%> <% if @dnssec_validation -%> From 0a359518a94e3d25f46bac257783656c2eb691ab Mon Sep 17 00:00:00 2001 From: Leonidas Tsaousis Date: Mon, 14 Nov 2016 12:55:42 +0200 Subject: [PATCH 09/16] Command channel to be enabled in a parameterized IP, besides loopback --- templates/named.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/named.conf.erb b/templates/named.conf.erb index cc00a4e73..aa3a16d94 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -5,7 +5,7 @@ controls { inet 127.0.0.1 port 953 allow { any; }; - inet 192.168.2.87 port 953 allow { any; }; + inet <%= @mgt_ip %> port 953 allow { any; }; }; From 72daebbc4f0d47c632638c8416a155f7412ce6fa Mon Sep 17 00:00:00 2001 From: Leonidas Tsaousis Date: Mon, 14 Nov 2016 13:10:08 +0200 Subject: [PATCH 10/16] Parameterization of `mgt_ip` enabled in `conf` class --- manifests/server/conf.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/server/conf.pp b/manifests/server/conf.pp index 936ea7edf..d3649a7e6 100644 --- a/manifests/server/conf.pp +++ b/manifests/server/conf.pp @@ -60,6 +60,9 @@ # and the value is an array of config lines. Default: empty # $includes: # Array of absolute paths to named.conf include files. Default: empty +# $mgt_ip: +# The management network's IP address assigned, to enable command +# channel (rndc) listener, aside from the loopback IP address # # Sample Usage : # bind::server::conf { '/etc/named.conf': @@ -121,6 +124,7 @@ $keys = {}, $includes = [], $views = {}, + $mgt_ip = undef, ) { # Everything is inside a single template From 43be63250ce646a34686c8e057dba0e8535fe50f Mon Sep 17 00:00:00 2001 From: Leonidas Tsaousis Date: Mon, 14 Nov 2016 14:55:57 +0200 Subject: [PATCH 11/16] Formatting cleanup of conf template --- templates/named.conf.erb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/templates/named.conf.erb b/templates/named.conf.erb index aa3a16d94..5dabaf310 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -94,26 +94,21 @@ options { <% @extra_options.sort_by {|key, value| key}.each do |key,value| -%> <%= key %> <%= value %>; <% end -%> - <% end -%> <% if @dnssec_enable -%> dnssec-enable <%= @dnssec_enable %>; <% end -%> - <% if @dnssec_validation -%> dnssec-validation <%= @dnssec_validation %>; <% end -%> - <% if @dnssec_lookaside -%> dnssec-lookaside <%= @dnssec_lookaside %>; <% end -%> - <% if @bindkeys_file -%> /* Path to ISC DLV key */ bindkeys-file <%= @bindkeys_file %>; <% end -%> - }; logging { From b51c20cff21e984617a8eaedc71d4ac9105ffe00 Mon Sep 17 00:00:00 2001 From: leots Date: Wed, 14 Dec 2016 14:10:22 +0200 Subject: [PATCH 12/16] First commit on pull-req candidate branch. Sum: Currently, the changes to be proposed for merging upstream in the base project (thias's module), relate to the configuration applied and they are: 1. DNSsec options are not mandatory, so their values are not printed in the conf file (via the template) if not modified 2. Location of the key-file is now parametric. Again, template adds it in the conf only if specific value is given. 3. Support for `controls` clause. Providing options regarding the rndc channel the user might use. --- .gitignore | 2 -- README.md | 9 --------- manifests/server/conf.pp | 13 +++++-------- 3 files changed, 5 insertions(+), 19 deletions(-) delete mode 100644 .gitignore diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 381931381..000000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -*.swp -*.swo diff --git a/README.md b/README.md index 20bde6297..9f7f9690e 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,3 @@ -# TODOs - -- [ ] Make it more generic, change directories for ubuntu (`/etc/bind/named...` instead of CentOS `/etc/named...`) -- [ ] Disable hard defaults, they cannot be overwritten by the user (some work done in my fork's first commit) -- [ ] Augment config template with more options (and their supporting resources in the related manifests) that are very important (e.g `allow_new_zones`), instead of having to manually write them in the provided `extra_options` resource. -- [ ] Add `controls {...}` option, user-customizable, to enable dynamic operation using the `rndc` tool from remote hosts. - - - # puppet-bind ## Overview diff --git a/manifests/server/conf.pp b/manifests/server/conf.pp index d3649a7e6..fe22366df 100644 --- a/manifests/server/conf.pp +++ b/manifests/server/conf.pp @@ -61,8 +61,8 @@ # $includes: # Array of absolute paths to named.conf include files. Default: empty # $mgt_ip: -# The management network's IP address assigned, to enable command -# channel (rndc) listener, aside from the loopback IP address +# The IP address on the 'management network' assigned to the host, to enable +# command channel (rndc) listener upon, aside from the loopback IP address # # Sample Usage : # bind::server::conf { '/etc/named.conf': @@ -104,12 +104,9 @@ $hostname = undef, $server_id = undef, $version = undef, - # $dump_file = '/var/named/data/cache_dump.db', - $dump_file = undef, - # $statistics_file = '/var/named/data/named_stats.txt', - $statistics_file = undef, - # $memstatistics_file = '/var/named/data/named_mem_stats.txt', - $memstatistics_file = undef, + $dump_file = '/var/named/data/cache_dump.db', + $statistics_file = '/var/named/data/named_stats.txt', + $memstatistics_file = '/var/named/data/named_mem_stats.txt', $allow_query = [ 'localhost' ], $allow_query_cache = [], $recursion = 'yes', From b041e915f431506c35464a2bce2b89cd35b4ddb1 Mon Sep 17 00:00:00 2001 From: leots Date: Wed, 14 Dec 2016 14:35:52 +0200 Subject: [PATCH 13/16] Fully parameterized `controls` clause --- manifests/server/conf.pp | 8 ++++---- templates/named.conf.erb | 5 +++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/manifests/server/conf.pp b/manifests/server/conf.pp index fe22366df..4a453b19c 100644 --- a/manifests/server/conf.pp +++ b/manifests/server/conf.pp @@ -5,6 +5,9 @@ # Parameters: # $acls: # Hash of client ACLs, name as key and array of config lines. Default: empty +# $controls: +# Array of control channels to be used for remote administration +# (rndc). Default: empty # $masters: # Hash of master ACLs, name as key and array of config lines. Default: empty # $listen_on_port: @@ -60,9 +63,6 @@ # and the value is an array of config lines. Default: empty # $includes: # Array of absolute paths to named.conf include files. Default: empty -# $mgt_ip: -# The IP address on the 'management network' assigned to the host, to enable -# command channel (rndc) listener upon, aside from the loopback IP address # # Sample Usage : # bind::server::conf { '/etc/named.conf': @@ -93,6 +93,7 @@ # define bind::server::conf ( $acls = {}, + $controls = {}, $masters = {}, $listen_on_port = '53', $listen_on_addr = [ '127.0.0.1' ], @@ -121,7 +122,6 @@ $keys = {}, $includes = [], $views = {}, - $mgt_ip = undef, ) { # Everything is inside a single template diff --git a/templates/named.conf.erb b/templates/named.conf.erb index 5dabaf310..66cb0366a 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -7,6 +7,11 @@ controls { inet 127.0.0.1 port 953 allow { any; }; inet <%= @mgt_ip %> port 953 allow { any; }; }; +<% if !@controls.empty? -%> +<% @controls.each do |channel| -%> + <%= channel %>; +<% end -%> +<% end -%> <% if !@acls.empty? -%> From 69f53393dda77b3a9274aa2049f20c595f68efe4 Mon Sep 17 00:00:00 2001 From: leots Date: Wed, 14 Dec 2016 14:37:30 +0200 Subject: [PATCH 14/16] Delete forgotten hardcoded clauses --- templates/named.conf.erb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/templates/named.conf.erb b/templates/named.conf.erb index 66cb0366a..e4bbb815c 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -3,10 +3,6 @@ // WARNING: Puppet managed, do not edit! // -controls { - inet 127.0.0.1 port 953 allow { any; }; - inet <%= @mgt_ip %> port 953 allow { any; }; -}; <% if !@controls.empty? -%> <% @controls.each do |channel| -%> <%= channel %>; From 7a0d9a1200b4d3ef1f5c1cb75ffea21eda1309bc Mon Sep 17 00:00:00 2001 From: leots Date: Wed, 14 Dec 2016 14:51:50 +0200 Subject: [PATCH 15/16] Add support for `allow-new-zones` directive in conf --- manifests/server/conf.pp | 3 +++ templates/named.conf.erb | 3 +++ 2 files changed, 6 insertions(+) diff --git a/manifests/server/conf.pp b/manifests/server/conf.pp index 4a453b19c..8659c1287 100644 --- a/manifests/server/conf.pp +++ b/manifests/server/conf.pp @@ -49,6 +49,8 @@ # $extra_options: # Hash for any additional options that must go in the 'options' declaration. # Default: empty +# $allow_new_zones: +# Enable creation of new zones. Default: undef # $dnssec_enable: # Enable DNSSEC support. Default: 'yes' # $dnssec_validation: @@ -110,6 +112,7 @@ $memstatistics_file = '/var/named/data/named_mem_stats.txt', $allow_query = [ 'localhost' ], $allow_query_cache = [], + $allow_new_zones = undef, $recursion = 'yes', $allow_recursion = [], $allow_transfer = [], diff --git a/templates/named.conf.erb b/templates/named.conf.erb index e4bbb815c..9767a761d 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -97,6 +97,9 @@ options { <% end -%> <% end -%> +<% if @allow_new_zones -%> + allow-new-zones <%= @allow_new_zones %>; +<% end -%> <% if @dnssec_enable -%> dnssec-enable <%= @dnssec_enable %>; <% end -%> From 1df0f88d8a3e400c0c1a899a47402d4437e4e7ea Mon Sep 17 00:00:00 2001 From: leots Date: Wed, 14 Dec 2016 15:13:47 +0200 Subject: [PATCH 16/16] Add support for 4 new options: 1. auth-nxdomain {yes | no} 2. notify {yes | no | explicit} 3. allow-notify { ;-separated list of IP addrs } 4. request-ixfr {yes | no} --- manifests/server/conf.pp | 15 +++++++++++++++ templates/named.conf.erb | 12 ++++++++++++ 2 files changed, 27 insertions(+) diff --git a/manifests/server/conf.pp b/manifests/server/conf.pp index 8659c1287..96fd3dc92 100644 --- a/manifests/server/conf.pp +++ b/manifests/server/conf.pp @@ -40,10 +40,21 @@ # Array of IP addrs or ACLs to allow queries from. Default: [ 'localhost' ] # $recursion: # Allow recursive queries. Default: 'yes' +# $notify: +# Whether to send NOTIFYs when zones change. Default: undef +# $request_ixfr: +# Whether the server will request an incremental zone transfer or a +# full one. Default: undef +# $auth_nxdomain: +# Whether to respond authoritatively (AA flag) in NXDOMAIN answers. +# Default: undef # $allow_recursion: # Array of IP addrs or ACLs to allow recursion from. Default: empty # $allow_transfer: # Array of IP addrs or ACLs to allow transfer to. Default: empty +# $allow_notify: +# Array of IP addresses allowed to NOTIFY this server besides the ones +# defined in 'masters'. Default: empty # $check_names: # Array of check-names strings. Example: [ 'master ignore' ]. Default: empty # $extra_options: @@ -111,9 +122,13 @@ $statistics_file = '/var/named/data/named_stats.txt', $memstatistics_file = '/var/named/data/named_mem_stats.txt', $allow_query = [ 'localhost' ], + $allow_notify = [], $allow_query_cache = [], $allow_new_zones = undef, + $auth_nxdomain = undef, + $request_ixfr = undef, $recursion = 'yes', + $notify = undef, $allow_recursion = [], $allow_transfer = [], $check_names = [], diff --git a/templates/named.conf.erb b/templates/named.conf.erb index 9767a761d..bad99fa3d 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -75,6 +75,9 @@ options { <% if !@allow_query.empty? -%> allow-query { <%= @allow_query.join("; ") %>; }; <% end -%> +<% if !@allow_notify.empty? -%> + allow-notify { <%= @allow_notify.join("; ") %>; }; +<% end -%> <% if !@allow_query_cache.empty? -%> allow-query-cache { <%= @allow_query_cache.join("; ") %>; }; <% end -%> @@ -82,6 +85,15 @@ options { <% if !@allow_recursion.empty? -%> allow-recursion { <%= @allow_recursion.join("; ") %>; }; <% end -%> +<% if @notify -%> + notify <%= @notify %>; +<% end -%> +<% if @auth_nxdomain -%> + auth-nxdomain <%= @auth_nxdomain %>; +<% end -%> +<% if @request_ixfr -%> + request-ixfr <%= @request_ixfr %>; +<% end -%> <% if !@allow_transfer.empty? -%> allow-transfer { <%= @allow_transfer.join("; ") %>; }; <% end -%>