Tighten up the timing in db.empty

stub and slave zones need to be overwritten with data from their master server
in a reasonable timeframe. Drop all of the intervals in the db.empty SOA down
to sub-minute values to speed convergence.

files/db.empty

@@ -1,9 +1,9 @@
 $TTL	86400
 @	IN	SOA	localhost. root.localhost. (
 			      1		; Serial
-			 604800		; Refresh
+			     60		; Refresh
-			  86400		; Retry
+			     30		; Retry
-			2419200		; Expire
+			    300		; Expire
-			  86400 )	; Negative Cache TTL
+			     10 )	; Negative Cache TTL
 ;
 @	IN	NS	localhost.

manifests/zone.pp

@@ -38,6 +38,7 @@ define bind::zone (
         } else {
             $_source = 'puppet:///modules/bind/db.empty'
         }
+
         file { "${cachedir}/${name}":
             ensure  => directory,
             owner   => $bind::params::bind_user,
@@ -46,37 +47,35 @@ define bind::zone (
             require => Package['bind'],
         }
 
-        unless $zone_type == 'stub' {
+        file { "${cachedir}/${name}/${_domain}":
-            file { "${cachedir}/${name}/${_domain}":
+            ensure  => present,
-                ensure  => present,
+            owner   => $bind::params::bind_user,
-                owner   => $bind::params::bind_user,
+            group   => $bind::params::bind_group,
-                group   => $bind::params::bind_group,
+            mode    => '0644',
-                mode    => '0644',
+            replace => false,
-                replace => false,
+            source  => $_source,
-                source  => $_source,
+            audit   => [ content ],
-                audit   => [ content ],
+        }
+
+        if $dnssec {
+            exec { "dnssec-keygen-${name}":
+                command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
+                    '${_domain}' '${key_directory}'",
+                cwd     => $cachedir,
+                user    => $bind::params::bind_user,
+                creates => "${cachedir}/${name}/${_domain}.signed",
+                timeout => 0, # crypto is hard
+                require => [
+                    File['/usr/local/bin/dnssec-init'],
+                    File["${cachedir}/${name}/${_domain}"]
+                ],
             }
 
-            if $dnssec {
+            file { "${cachedir}/${name}/${_domain}.signed":
-                exec { "dnssec-keygen-${name}":
+                owner => $bind::params::bind_user,
-                    command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}'\
+                group => $bind::params::bind_group,
-                        '${_domain}' '${key_directory}'",
+                mode  => '0644',
-                    cwd     => $cachedir,
+                audit => [ content ],
-                    user    => $bind::params::bind_user,
-                    creates => "${cachedir}/${name}/${_domain}.signed",
-                    timeout => 0, # crypto is hard
-                    require => [
-                        File['/usr/local/bin/dnssec-init'],
-                        File["${cachedir}/${name}/${_domain}"]
-                    ],
-                }
-
-                file { "${cachedir}/${name}/${_domain}.signed":
-                    owner => $bind::params::bind_user,
-                    group => $bind::params::bind_group,
-                    mode  => '0644',
-                    audit => [ content ],
-                }
             }
         }
     }