puppet-prod/site/profiles/manifests/dns/master.pp

# profiles::dns::master authoritative service
class profiles::dns::master (
  Stdlib::AbsolutePath $basedir,
  Hash    $acls  = {},
  Hash    $zones = {},
  Hash    $views = {},
  Hash    $keys  = {},
  Hash[
    String,
    String
  ]       $tags  = {},
  String  $owner = 'root',
  String  $group = 'named',
  Boolean $dnssec = false,
  Variant[String, Undef]            $ns_role = undef,
  Enum['all', 'region', 'country']  $use_ns  = 'all',
){

  # if ns_role is set, find all hosts matching that enc_role, otherwise use the current host
  $nameservers_array = $ns_role ? {
    undef   => [$facts['networking']['fqdn']],
    default => $use_ns ? {
      'all'     => query_nodes("enc_role='${ns_role}'", 'networking.fqdn'),
      'region'  => query_nodes("enc_role='${ns_role}' and region=${facts['region']}", 'networking.fqdn'),
      'country' => query_nodes("enc_role='${ns_role}' and country=${facts['country']}", 'networking.fqdn'),
    }
  }

  # if nameservers is empty, use the current host, otherwise use nameservers_array as nameservers
  $nameservers = empty($nameservers_array) ? {
    true  => [$facts['networking']['fqdn']],
    false => $nameservers_array,
    default => [$facts['networking']['fqdn']],
  }

  class {'profiles::dns::server':
    acls       => $acls,
    zones      => $zones,
    views      => $views,
    keys       => $keys,
    forwarders => [],
    dnssec     => $dnssec,
  }

  # ensure the target basedir exists
  file { $basedir:
    ensure => directory,
    owner  => $owner,
    group  => $group,
  }

  # create zones
  $zones.each | String $name, Hash $data | {
    if $data['zone_type'] == 'master' {
      profiles::dns::zone { $name:
        zone        => $data['domain'],
        basedir     => $basedir,
        nameservers => sort($nameservers),
        owner       => $owner,
        group       => $group,
        before      => Bind::Zone[$name]
      }
    }
  }
}