Add support for DNSSEC signed zones (breaking)
This adds a 'dnssec' parameter to the bind::zone define which causes the module to generate keys and sign the zone. Some caveats and breaking changes: 1) Existing non-signed zones will have to be manually moved and signed 2) Signed zones are treated as dynamic
This commit is contained in:
@@ -2,8 +2,14 @@
|
||||
# This file managed by puppet - changes will be lost
|
||||
zone "<%= _domain %>" {
|
||||
type <%= zone_type %>;
|
||||
<%- if file != '' -%>
|
||||
file "<%= file %>";
|
||||
<%- if has_zone_file -%>
|
||||
<%- if dnssec -%>
|
||||
auto-dnssec maintain;
|
||||
key-directory "<%= cachedir %>/<%= name %>";
|
||||
file "<%= cachedir %>/<%= name %>/<%= _domain %>.signed";
|
||||
<%- else -%>
|
||||
file "<%= cachedir %>/<%= name %>/<%= _domain %>";
|
||||
<%- end -%>
|
||||
<%- end -%>
|
||||
<%- if not masters.empty? -%>
|
||||
masters {
|
||||
|
||||
Reference in New Issue
Block a user