Merge pull request #59 from nerdlich/dnssec_more_secure

use modern dnssec key algorithm and provide option to use NSEC3
This commit is contained in:
Nate Riffe
2015-12-19 09:26:51 -06:00
2 changed files with 12 additions and 4 deletions
+2 -1
View File
@@ -10,6 +10,7 @@ define bind::zone (
$update_policies = '',
$allow_transfers = '',
$dnssec = false,
$nsec3_salt = '',
$key_directory = '',
$ns_notify = true,
$also_notify = '',
@@ -110,7 +111,7 @@ define bind::zone (
if $dnssec {
exec { "dnssec-keygen-${name}":
command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
'${_domain}' '${key_directory}' '${random_device}'",
'${_domain}' '${key_directory}' '${random_device}' '${nsec3_salt}'",
cwd => $cachedir,
user => $::bind::params::bind_user,
creates => "${cachedir}/${name}/${_domain}.signed",