diff --git a/DEFAULT_ZONES.md b/DEFAULT_ZONES.md index 5559353..62b2b8a 100644 --- a/DEFAULT_ZONES.md +++ b/DEFAULT_ZONES.md @@ -13,7 +13,7 @@ compliance with [RFC 1912](https://www.ietf.org/rfc/rfc1912.txt). The content of these zones is standardized, and the zone files for them are maintained by the package distributor. -## Change Is Coming +## Version 5.x vs. version 6.x of `puppet-bind` ### The Warning @@ -30,10 +30,10 @@ If you are seeing this warning, it is because starting in version 6.0.0 certain catalog application failures. There are [steps](#configuration-changes) to take prior to version 6.0.0 to prepare for it. -### The Present: Debian and Red Hat Divergence +### Older versions: Debian and Red Hat Divergence -The treatment of default zones in this module has been different between Debian -and Red Hat systems until now. +The treatment of default zones in versions 5.x and earlier of this module has +differed between Debian and Red Hat systems. On Debian systems, the `bind9` package installs a separate configuration file at `/etc/bind/named.conf.default-zones` which defines these zones and also @@ -49,7 +49,7 @@ rewrites this file, these definitions are lost. In both cases, the current behavior is not configurable and always happens. -### The Future: Consistency with Flexibility +### Version 6.x and later: Consistency with Flexibility Starting in version 6.0.0 of this module, default zones will be preserved on both Debian and Red Hat, with the option of disabling them. This will not diff --git a/README.md b/README.md index 82c4fe3..519efc5 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ [![Build Status](https://secure.travis-ci.org/inkblot/puppet-bind.png)](http://travis-ci.org/inkblot/puppet-bind) -**IMPORTANT UPGRADE INFORMATION:** In a future version of this module there -will be significant changes to the handling of default zones that may require +**IMPORTANT UPGRADE INFORMATION:** In version 6.0.0 of this module there are +significant changes to the handling of default zones that may require preparations prior to upgrading. See [DEFAULT_ZONES.md](DEFAULT_ZONES.md) for details. diff --git a/data/common.yaml b/data/common.yaml index 0984f00..14f23a3 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -2,7 +2,6 @@ bind::defaults::supported: false bind::defaults::random_device: '/dev/random' bind::defaults::rndc: true -bind::defaults::default_zones_warning: false bind::forwarders: '' bind::dnssec: true diff --git a/data/osfamily/Debian.yaml b/data/osfamily/Debian.yaml index 4660f6b..8d30019 100644 --- a/data/osfamily/Debian.yaml +++ b/data/osfamily/Debian.yaml @@ -8,5 +8,6 @@ bind::defaults::nsupdate_package: 'dnsutils' bind::defaults::confdir: '/etc/bind' bind::defaults::namedconf: '/etc/bind/named.conf' bind::defaults::cachedir: '/var/cache/bind' +bind::defaults::default_zones_include: '/etc/bind/named.conf.default-zones' bind::updater::keydir: '/etc/bind/keys' diff --git a/data/osfamily/RedHat.yaml b/data/osfamily/RedHat.yaml index e405356..a7fc8bd 100644 --- a/data/osfamily/RedHat.yaml +++ b/data/osfamily/RedHat.yaml @@ -9,6 +9,7 @@ bind::defaults::managed_keys_directory: '/var/named/dynamic' bind::defaults::confdir: '/etc/named' bind::defaults::namedconf: '/etc/named.conf' bind::defaults::cachedir: '/var/named' -bind::defaults::default_zones_warning: true +bind::defaults::default_zones_include: '/etc/named.default-zones.conf' +bind::defaults::default_zones_source: 'puppet:///modules/bind/RedHat/named.default-zones.conf' bind::updater::keydir: '/etc/named/keys' diff --git a/files/RedHat/named.default-zones.conf b/files/RedHat/named.default-zones.conf new file mode 100644 index 0000000..3d49630 --- /dev/null +++ b/files/RedHat/named.default-zones.conf @@ -0,0 +1,6 @@ +zone "." IN { + type hint; + file "named.ca"; +}; + +include "/etc/named.rfc1912.zones"; diff --git a/manifests/defaults.pp b/manifests/defaults.pp index 7b0b1a1..5b5e06c 100644 --- a/manifests/defaults.pp +++ b/manifests/defaults.pp @@ -12,7 +12,8 @@ class bind::defaults ( $bind_service = undef, $nsupdate_package = undef, $managed_keys_directory = undef, - $default_zones_warning = undef, + $default_zones_include = undef, + $default_zones_source = undef, ) { unless is_bool($supported) { fail('Please ensure that the dependencies of the bind module are installed and working correctly') diff --git a/manifests/init.pp b/manifests/init.pp index 334ec14..601ef93 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -8,8 +8,8 @@ class bind ( $rndc = undef, $statistics_port = undef, $auth_nxdomain = false, - $include_local = false, $include_default_zones = true, + $include_local = false, ) inherits bind::defaults { File { @@ -63,6 +63,12 @@ class bind ( content => template('bind/named.conf.erb'), } + if $include_default_zones and $default_zones_source { + file { $default_zones_include: + source => $default_zones_source, + } + } + class { 'bind::keydir': keydir => "${confdir}/keys", } diff --git a/manifests/view.pp b/manifests/view.pp index 770480e..ff70e09 100644 --- a/manifests/view.pp +++ b/manifests/view.pp @@ -16,6 +16,8 @@ define bind::view ( $minimal_responses = false, ) { $confdir = $::bind::confdir + $default_zones_include = $::bind::default_zones_include + $include_default_zones = $::bind::include_default_zones concat::fragment { "bind-view-${name}": order => $order, diff --git a/manifests/zone.pp b/manifests/zone.pp index afcab2c..27d68ac 100644 --- a/manifests/zone.pp +++ b/manifests/zone.pp @@ -29,7 +29,6 @@ define bind::zone ( $random_device = $::bind::defaults::random_device $bind_user = $::bind::defaults::bind_user $bind_group = $::bind::defaults::bind_group - $default_zones_warning = $::bind::defaults::default_zones_warning $include_default_zones = $::bind::include_default_zones $_domain = pick($domain, $name) @@ -38,8 +37,8 @@ define bind::zone ( default => $_domain } - if $include_default_zones and $default_zones_warning and member(['.', 'localhost', '127.in-addr.arpa', '0.in-addr.arpa', '255.in-addr.arpa'], $_domain) { - warning("The bind module will include a default definition for zone \"${_domain}\" starting in version 6.0.0. Please see https://github.com/inkblot/puppet-bind/blob/master/DEFAULT_ZONES.md for more information about how this will affect your configuration.") + if $include_default_zones and member(['.', 'localhost', '127.in-addr.arpa', '0.in-addr.arpa', '255.in-addr.arpa'], $_domain) { + fail("The bind module includes a default definition for zone \"${_domain}\" starting in version 6.0.0. Please see https://github.com/inkblot/puppet-bind/blob/master/DEFAULT_ZONES.md for more information about how this affects your configuration.") } unless !($masters != '' and ! member(['slave', 'stub'], $zone_type)) { diff --git a/metadata.json b/metadata.json index b7f01be..71cd120 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "inkblot/bind", - "version": "5.2.2", + "version": "6.0.0", "author": "inkblot", "license": "Apache-2.0", "summary": "ISC BIND name server", diff --git a/templates/view.erb b/templates/view.erb index e816fd0..0a03b0f 100644 --- a/templates/view.erb +++ b/templates/view.erb @@ -47,6 +47,9 @@ view "<%= @name %>" { }; <%- end -%> <%- end -%> +<%- if @minimal_responses -%> + minimal-responses yes; +<%- end -%> <%- if @also_notify and @also_notify != '' -%> also-notify { <%- Array(@also_notify).each do |server| -%> @@ -57,11 +60,8 @@ view "<%= @name %>" { <%- if @notify_source and @notify_source != '' -%> notify-source <%= @notify_source %>; <%- end -%> -<%- if @minimal_responses -%> - minimal-responses yes; -<%- end -%> -<%- if scope.lookupvar('osfamily') == 'Debian' -%> - include "<%= @confdir %>/named.conf.default-zones"; +<%- if @include_default_zones and @default_zones_include -%> + include "<%= @default_zones_include %>"; <%- end -%> <%- Array(@zones).each do |zone| -%>