Parameterize the random device for dnssec-keygen
`dnssec-keygen` uses `/dev/random` by default, but this is slow in some scenarios where `/dev/urandom` is both faster and provides sufficient utility. Allow override via the `bind::random_device` hiera key.
This commit is contained in:
+2
-1
@@ -2,13 +2,14 @@
|
||||
|
||||
class bind (
|
||||
$confdir = undef,
|
||||
$namedconf = undef,
|
||||
$namedconf = undef,
|
||||
$cachedir = undef,
|
||||
$forwarders = undef,
|
||||
$dnssec = undef,
|
||||
$version = undef,
|
||||
$rndc = undef,
|
||||
$statistics_port = undef,
|
||||
$random_device = undef,
|
||||
) {
|
||||
include ::bind::params
|
||||
|
||||
|
||||
+2
-1
@@ -21,6 +21,7 @@ define bind::zone (
|
||||
# where there is a zone, there is a server
|
||||
include bind
|
||||
$cachedir = $::bind::cachedir
|
||||
$random_device = $::bind::random_device
|
||||
$_domain = pick($domain, $name)
|
||||
|
||||
unless !($masters != '' and ! member(['slave', 'stub'], $zone_type)) {
|
||||
@@ -109,7 +110,7 @@ define bind::zone (
|
||||
if $dnssec {
|
||||
exec { "dnssec-keygen-${name}":
|
||||
command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
|
||||
'${_domain}' '${key_directory}'",
|
||||
'${_domain}' '${key_directory}' '${random_device}'",
|
||||
cwd => $cachedir,
|
||||
user => $::bind::params::bind_user,
|
||||
creates => "${cachedir}/${name}/${_domain}.signed",
|
||||
|
||||
Reference in New Issue
Block a user