Tighten up the timing in db.empty

stub and slave zones need to be overwritten with data from their master server in a reasonable timeframe. Drop all of the intervals in the db.empty SOA down to sub-minute values to speed convergence.
2015-03-22 17:42:44 -05:00 · 2015-03-22 17:42:44 -05:00 · f786420014
commit f786420014
parent 22caf612ba
2 changed files with 33 additions and 34 deletions
--- a/files/db.empty
+++ b/files/db.empty
@ -1,9 +1,9 @@
 $TTL	86400
@	IN	SOA	localhost. root.localhost. (
 			      1		; Serial
-			 604800		; Refresh
-			  86400		; Retry
-			2419200		; Expire
-			  86400 )	; Negative Cache TTL
+			     60		; Refresh
+			     30		; Retry
+			    300		; Expire
+			     10 )	; Negative Cache TTL
 ;
@	IN	NS	localhost.
--- a/manifests/zone.pp
+++ b/manifests/zone.pp
@ -38,6 +38,7 @@ define bind::zone (
        } else {
            $_source = 'puppet:///modules/bind/db.empty'
        }
+
        file { "${cachedir}/${name}":
            ensure  => directory,
            owner   => $bind::params::bind_user,
@ -46,41 +47,39 @@ define bind::zone (
            require => Package['bind'],
        }

-        unless $zone_type == 'stub' {
-            file { "${cachedir}/${name}/${_domain}":
-                ensure  => present,
-                owner   => $bind::params::bind_user,
-                group   => $bind::params::bind_group,
-                mode    => '0644',
-                replace => false,
-                source  => $_source,
-                audit   => [ content ],
+        file { "${cachedir}/${name}/${_domain}":
+            ensure  => present,
+            owner   => $bind::params::bind_user,
+            group   => $bind::params::bind_group,
+            mode    => '0644',
+            replace => false,
+            source  => $_source,
+            audit   => [ content ],
+        }
+
+        if $dnssec {
+            exec { "dnssec-keygen-${name}":
+                command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
+                    '${_domain}' '${key_directory}'",
+                cwd     => $cachedir,
+                user    => $bind::params::bind_user,
+                creates => "${cachedir}/${name}/${_domain}.signed",
+                timeout => 0, # crypto is hard
+                require => [
+                    File['/usr/local/bin/dnssec-init'],
+                    File["${cachedir}/${name}/${_domain}"]
+                ],
            }

-            if $dnssec {
-                exec { "dnssec-keygen-${name}":
-                    command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
-                        '${_domain}' '${key_directory}'",
-                    cwd     => $cachedir,
-                    user    => $bind::params::bind_user,
-                    creates => "${cachedir}/${name}/${_domain}.signed",
-                    timeout => 0, # crypto is hard
-                    require => [
-                        File['/usr/local/bin/dnssec-init'],
-                        File["${cachedir}/${name}/${_domain}"]
-                    ],
-                }
-
-                file { "${cachedir}/${name}/${_domain}.signed":
-                    owner => $bind::params::bind_user,
-                    group => $bind::params::bind_group,
-                    mode  => '0644',
-                    audit => [ content ],
-                }
+            file { "${cachedir}/${name}/${_domain}.signed":
+                owner => $bind::params::bind_user,
+                group => $bind::params::bind_group,
+                mode  => '0644',
+                audit => [ content ],
            }
        }
    }
-    
+
    file { "${bind::confdir}/zones/${name}.conf":
        ensure  => present,
        owner   => 'root',