From f7864200146b953d40330a7bd4fc262f8367e38b Mon Sep 17 00:00:00 2001
From: Nate Riffe <inkblot@movealong.org>
Date: Sun, 22 Mar 2015 17:42:44 -0500
Subject: [PATCH] Tighten up the timing in db.empty

stub and slave zones need to be overwritten with data from their master server
in a reasonable timeframe. Drop all of the intervals in the db.empty SOA down
to sub-minute values to speed convergence.
---
 files/db.empty    |  8 +++----
 manifests/zone.pp | 59 +++++++++++++++++++++++------------------------
 2 files changed, 33 insertions(+), 34 deletions(-)

diff --git a/files/db.empty b/files/db.empty
index ae446f5..e0c5f90 100644
--- a/files/db.empty
+++ b/files/db.empty
@@ -1,9 +1,9 @@
 $TTL	86400
 @	IN	SOA	localhost. root.localhost. (
 			      1		; Serial
-			 604800		; Refresh
-			  86400		; Retry
-			2419200		; Expire
-			  86400 )	; Negative Cache TTL
+			     60		; Refresh
+			     30		; Retry
+			    300		; Expire
+			     10 )	; Negative Cache TTL
 ;
 @	IN	NS	localhost.
diff --git a/manifests/zone.pp b/manifests/zone.pp
index 83e852c..6522960 100644
--- a/manifests/zone.pp
+++ b/manifests/zone.pp
@@ -38,6 +38,7 @@ define bind::zone (
         } else {
             $_source = 'puppet:///modules/bind/db.empty'
         }
+
         file { "${cachedir}/${name}":
             ensure  => directory,
             owner   => $bind::params::bind_user,
@@ -46,41 +47,39 @@ define bind::zone (
             require => Package['bind'],
         }
 
-        unless $zone_type == 'stub' {
-            file { "${cachedir}/${name}/${_domain}":
-                ensure  => present,
-                owner   => $bind::params::bind_user,
-                group   => $bind::params::bind_group,
-                mode    => '0644',
-                replace => false,
-                source  => $_source,
-                audit   => [ content ],
+        file { "${cachedir}/${name}/${_domain}":
+            ensure  => present,
+            owner   => $bind::params::bind_user,
+            group   => $bind::params::bind_group,
+            mode    => '0644',
+            replace => false,
+            source  => $_source,
+            audit   => [ content ],
+        }
+
+        if $dnssec {
+            exec { "dnssec-keygen-${name}":
+                command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
+                    '${_domain}' '${key_directory}'",
+                cwd     => $cachedir,
+                user    => $bind::params::bind_user,
+                creates => "${cachedir}/${name}/${_domain}.signed",
+                timeout => 0, # crypto is hard
+                require => [
+                    File['/usr/local/bin/dnssec-init'],
+                    File["${cachedir}/${name}/${_domain}"]
+                ],
             }
 
-            if $dnssec {
-                exec { "dnssec-keygen-${name}":
-                    command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
-                        '${_domain}' '${key_directory}'",
-                    cwd     => $cachedir,
-                    user    => $bind::params::bind_user,
-                    creates => "${cachedir}/${name}/${_domain}.signed",
-                    timeout => 0, # crypto is hard
-                    require => [
-                        File['/usr/local/bin/dnssec-init'],
-                        File["${cachedir}/${name}/${_domain}"]
-                    ],
-                }
-
-                file { "${cachedir}/${name}/${_domain}.signed":
-                    owner => $bind::params::bind_user,
-                    group => $bind::params::bind_group,
-                    mode  => '0644',
-                    audit => [ content ],
-                }
+            file { "${cachedir}/${name}/${_domain}.signed":
+                owner => $bind::params::bind_user,
+                group => $bind::params::bind_group,
+                mode  => '0644',
+                audit => [ content ],
             }
         }
     }
-    
+
     file { "${bind::confdir}/zones/${name}.conf":
         ensure  => present,
         owner   => 'root',