From 7555cdd4e02fae2d732362b4802ae9a0d3cb9a95 Mon Sep 17 00:00:00 2001 From: Nate Riffe Date: Thu, 21 May 2015 14:24:35 -0500 Subject: [PATCH 1/3] Fix type handling Both the guts of the PuppetBind::Provider::Nsupdate module and the type method of the dns_rr(nsupdate) provider produce and expect the type expressed as a string, but the resource_record(nsupdate) provider's type method produces symbols. This accidentally worked for a while, then it didn't. Also, in quoted_type? that's supposed to be an array of strings, not a quoted string. --- lib/puppet/provider/resource_record/nsupdate.rb | 2 +- lib/puppet_bind/provider/nsupdate.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/puppet/provider/resource_record/nsupdate.rb b/lib/puppet/provider/resource_record/nsupdate.rb index 9c1465e..d53f8f1 100644 --- a/lib/puppet/provider/resource_record/nsupdate.rb +++ b/lib/puppet/provider/resource_record/nsupdate.rb @@ -34,7 +34,7 @@ private end def type - resource[:type] + resource[:type].to_s end def name diff --git a/lib/puppet_bind/provider/nsupdate.rb b/lib/puppet_bind/provider/nsupdate.rb index 8d3a7ef..a58c6ed 100644 --- a/lib/puppet_bind/provider/nsupdate.rb +++ b/lib/puppet_bind/provider/nsupdate.rb @@ -71,7 +71,7 @@ module PuppetBind end def quoted_type?(type) - %(TXT SPF).include?(type) + %w(TXT SPF).include?(type) end def maybe_quote(type, datum) From a0f5ebde8acee178afa111e2c3df4a159bc66a98 Mon Sep 17 00:00:00 2001 From: Nate Riffe Date: Fri, 22 May 2015 07:49:36 -0500 Subject: [PATCH 2/3] Make `ensure => absent` work again The incremental update change made NS record updates work for non-glue NS records, but broke `ensure => absent` because there is no semantic guarantee that the contents of the `data` member match what's in DNS. Set math ensures that hilarity ensues. --- lib/puppet_bind/provider/nsupdate.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/puppet_bind/provider/nsupdate.rb b/lib/puppet_bind/provider/nsupdate.rb index a58c6ed..1a1b3ef 100644 --- a/lib/puppet_bind/provider/nsupdate.rb +++ b/lib/puppet_bind/provider/nsupdate.rb @@ -83,11 +83,11 @@ module PuppetBind end def rrdata_adds - newdata - rrdata + resource[:ensure] === :absent ? [] : newdata - rrdata end def rrdata_deletes - type === 'SOA' ? [] : rrdata - newdata + resource[:ensure] === :absent ? rrdata : (type === 'SOA' ? [] : rrdata - newdata) end def server From eb58ab9afc47f0fe6a8d558ad04dc7201ddfed79 Mon Sep 17 00:00:00 2001 From: Nate Riffe Date: Fri, 22 May 2015 12:13:19 -0500 Subject: [PATCH 3/3] Document the need for qualfied names Several record types do not function correctly with the `resource_record` type unless their values are specified as fully-qualified names with a trailing dot. This adds clarifying information to the documentation and fixes a couple of examples which are actually broken. --- README.md | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index b1627fe..aa90996 100644 --- a/README.md +++ b/README.md @@ -253,7 +253,13 @@ values are `IN`, `CH`, and `HS`. `data` is required, and may be a scalar value or an array of scalar values whose format conform to the type of DNS resource record being created. `data` -is an ensurable property and changes will be reflected in DNS. +is an ensurable property and changes will be reflected in DNS. **Note**: for +record types that have a DNS name as either the whole value or a component of +the value (e.g. `NS`, 'MX', `CNAME`, `PTR`, `NAPTR`, or `SRV`) you must specify +the name as a fully-qualified name with a trailing dot in order to satisfy +both BIND, which will otherwise consider it a name relative, and Puppet, which +will not consider the dot-qualified output of dig equal to a non-dot-qualified +value in the manifest. `ttl` defaults to 43200 and need not be specified. `ttl` is an ensurable property and changes will be reflected in DNS. @@ -285,22 +291,35 @@ specified, then the update will not use TSIG authentication. ####resource_record examples Mail exchangers for a domain. Declares three mail exchangers for the domain -`example.com`, which are `mx.example.com`, `mx2.example.com`, and `mx.mail-host.ex` -with priorities `10`, `20`, and `30`, respectively: +`example.com`, which are `mx.example.com`, `mx2.example.com`, and +`mx.mail-host.ex` with priorities `10`, `20`, and `30`, respectively (note the +trailing dots in the values to denote fully-qualified names): resource_record { 'example.com mail exchangers': record => 'example.com', type => 'MX', - data => [ '10 mx', '20 mx2', '20 mx.mail-host.ex.', ], + data => [ '10 mx.example.com.', '20 mx2.example.com.', '20 mx.mail-host.ex.', ], } Nameserver records for a zone. Declares three nameserver records for the zone -`example.com`, which are `ns1.example.com`, `ns2.example.com`, and `ns.dns-host.ex`: +`example.com`, which are `ns1.example.com`, `ns2.example.com`, and +`ns.dns-host.ex`: resource_record { 'example.com name servers': record => 'example.com', type => 'NS', - data => [ 'ns1', 'ns2', 'ns.dns-host.ex.' ], + data => [ 'ns1.example.com.', 'ns2.example.com.', 'ns.dns-host.ex.' ], + } + +Delegating nameserver records in a parent zone. Declares a nameserver record in +the parent zone in order to delegate authority for a subdomain: + + resource_record { 'sub.example.com delegation': + record => 'sub.example.com' + type => 'NS', + zone => 'example.com', + query_section => 'authority', + data => 'sub-ns.example.com.', } Service locators records for a domain. Declares a service locator for SIP over