unkinben/puppet-bind
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable DNSSEC validation in the resolver by default

Browse Source
This commit is contained in:
Nate Riffe 2012-09-14 07:33:45 -05:00
parent db236c58a6
commit 699af3527a
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
manifests/init.pp
View File

@ -2,6 +2,7 @@ class bind (
$confdir = $bind::params::confdir, $confdir = $bind::params::confdir,
$cachedir = $bind::params::cachedir, $cachedir = $bind::params::cachedir,
$forwarders = [], $forwarders = [],
$dnssec = true,
) inherits bind::params { ) inherits bind::params {
$auth_nxdomain = false $auth_nxdomain = false

3
templates/named.conf.erb
View File

@ -14,4 +14,7 @@ options {
<%- end -%> <%- end -%>
auth-nxdomain <%= auth_nxdomain ? 'yes' : 'no' %>; auth-nxdomain <%= auth_nxdomain ? 'yes' : 'no' %>;
listen-on-v6 { any; }; listen-on-v6 { any; };
dnssec-enable <%= dnssec ? 'yes' : 'no' %>;
dnssec-validation <%= dnssec ? 'yes' : 'no' %>;
dnssec-lookaside <%= dnssec ? 'auto' : 'no' %>;
}; };