Add support for DNSSEC signed zones (breaking)

This adds a 'dnssec' parameter to the bind::zone define which causes the module
to generate keys and sign the zone.  Some caveats and breaking changes:

1) Existing non-signed zones will have to be manually moved and signed
2) Signed zones are treated as dynamic
This commit is contained in:
Nate Riffe
2012-10-04 14:20:15 -05:00
parent 64f10b4774
commit f30747d10b
4 changed files with 71 additions and 15 deletions
+8 -2
View File
@@ -2,8 +2,14 @@
# This file managed by puppet - changes will be lost
zone "<%= _domain %>" {
type <%= zone_type %>;
<%- if file != '' -%>
file "<%= file %>";
<%- if has_zone_file -%>
<%- if dnssec -%>
auto-dnssec maintain;
key-directory "<%= cachedir %>/<%= name %>";
file "<%= cachedir %>/<%= name %>/<%= _domain %>.signed";
<%- else -%>
file "<%= cachedir %>/<%= name %>/<%= _domain %>";
<%- end -%>
<%- end -%>
<%- if not masters.empty? -%>
masters {