Generate an rndc key, let BIND rest on defaults

In the absence of any 'controls' configuration, BIND uses the rndc.key file
containing a key named rndc-key for rndc by default. In this mode, there is
also no need for any explicit settings in rndc.conf.
This commit is contained in:
Nate Riffe
2015-01-18 10:31:12 -06:00
parent 9b1cbacee0
commit 01cb48191e
3 changed files with 11 additions and 14 deletions
+11 -6
View File
@@ -40,6 +40,17 @@ class bind (
}
}
if $rndc {
# rndc only supports HMAC-MD5
bind::key { 'rndc-key':
algorithm => 'hmac-md5',
secret_bits => '512',
keydir => $confdir,
keyfile => 'rndc.key',
include => false,
}
}
file { [ $confdir, "${confdir}/zones" ]:
ensure => directory,
mode => '2755',
@@ -83,12 +94,6 @@ class bind (
content => "# This file is managed by puppet - changes will be lost\n",
}
concat::fragment { 'named-keys-rndc':
order => '99',
target => "${confdir}/keys.conf",
content => "#include \"${confdir}/rndc.key\"\n",
}
concat::fragment { 'named-views-header':
order => '00',
target => "${confdir}/views.conf",
-1
View File
@@ -22,7 +22,6 @@ class bind::params (
"${::bind::confdir}/db.127",
"${::bind::confdir}/db.255",
"${::bind::confdir}/named.conf.default-zones",
"${::bind::confdir}/rndc.key",
"${::bind::confdir}/zones.rfc1918",
]
}