Enable DNSSEC validation in the resolver by default

2012-09-14 07:33:45 -05:00 · 2012-09-14 07:33:45 -05:00 · 699af3527a
commit 699af3527a
parent db236c58a6
2 changed files with 4 additions and 0 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -2,6 +2,7 @@ class bind (
 	$confdir    = $bind::params::confdir,
 	$cachedir   = $bind::params::cachedir,
 	$forwarders = [],
+	$dnssec     = true,
 ) inherits bind::params {

 	$auth_nxdomain = false
--- a/templates/named.conf.erb
+++ b/templates/named.conf.erb
@ -14,4 +14,7 @@ options {
 <%- end -%>
 	auth-nxdomain <%= auth_nxdomain ? 'yes' : 'no' %>;
 	listen-on-v6 { any; };
+	dnssec-enable <%= dnssec ? 'yes' : 'no' %>;
+	dnssec-validation <%= dnssec ? 'yes' : 'no' %>;
+	dnssec-lookaside <%= dnssec ? 'auto' : 'no' %>;
 };