Generate an rndc key, let BIND rest on defaults

In the absence of any 'controls' configuration, BIND uses the rndc.key file
containing a key named rndc-key for rndc by default. In this mode, there is
also no need for any explicit settings in rndc.conf.

manifests/init.pp

@@ -40,6 +40,17 @@ class bind (
         }
     }
 
+    if $rndc {
+        # rndc only supports HMAC-MD5
+        bind::key { 'rndc-key':
+            algorithm   => 'hmac-md5',
+            secret_bits => '512',
+            keydir      => $confdir,
+            keyfile     => 'rndc.key',
+            include     => false,
+        }
+    }
+
     file { [ $confdir, "${confdir}/zones" ]:
         ensure  => directory,
         mode    => '2755',
@@ -83,12 +94,6 @@ class bind (
         content => "# This file is managed by puppet - changes will be lost\n",
     }
 
-    concat::fragment { 'named-keys-rndc':
-        order   => '99',
-        target  => "${confdir}/keys.conf",
-        content => "#include \"${confdir}/rndc.key\"\n",
-    }
-
     concat::fragment { 'named-views-header':
         order   => '00',
         target  => "${confdir}/views.conf",

manifests/params.pp

@@ -22,7 +22,6 @@ class bind::params (
             "${::bind::confdir}/db.127",
             "${::bind::confdir}/db.255",
             "${::bind::confdir}/named.conf.default-zones",
-            "${::bind::confdir}/rndc.key",
             "${::bind::confdir}/zones.rfc1918",
         ]
     }

templates/named.conf.erb

@@ -2,13 +2,6 @@
 include "<%= @confdir %>/acls.conf";
 include "<%= @confdir %>/keys.conf";
 include "<%= @confdir %>/views.conf";
-<%- if @rndc -%>
-
-include "<%= @confdir %>/rndc.key";
-controls {
-	inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
-};
-<%- end -%>
 
 options {
 	directory "<%= @cachedir %>";