94 Commits

Author SHA1 Message Date
Matthew 239ed01b8b remove deprecated options from dnssec 2023-09-14 09:25:29 -05:00
Matthew 15c920ba99 add listen 2023-09-13 12:26:13 -05:00
Matthew bc4a31d5a7 fix template maybe 2023-09-13 12:24:29 -05:00
Matthew f8faf4fe90 moved dns sec as it is no longer used in bind9 2023-09-12 13:18:25 -05:00
Vivien Lacourba 424163e277 don't add print-* logging options if destination is null 2017-07-20 13:51:14 +02:00
Cedric DEFORTIS 81135efa23 tkey-* additional parameters
- tkey-gssapi-credential
- tkey-domain
2017-05-31 15:41:52 +02:00
Nate Riffe d580291c69 Explicitly reference the bind keys file
Debian supplies the bind keys at /etc/bind/bind.keys and RedHat supplies it at
/etc/named.iscdlv.key. Add the directive that references this file. I think it
may have "just worked" on Debian, baesd on the information at
https://www.isc.org/downloads/bind/bind-keys/
2017-04-16 09:05:56 -05:00
Nate Riffe 8504b27498 Implement support for logging configuration
Adds `bind::logging::channel` and `bind::logging::category` defines in order to
support logging configuration.
2017-02-25 12:42:54 -06:00
Nate Riffe 987470f22a Merge pull request #111 from makeacode/server_clause
support creating server clauses
2017-02-09 07:19:15 -06:00
davisowb 80fd746430 Correct parameter reference so views.erb compiles 2017-02-07 17:30:47 +00:00
makeacode ebfa2455a1 support creating server clauses 2017-02-02 00:14:07 -05:00
Nate Riffe 7b6565a49c Add query controls to views
Add configurators for `allow-query`, `allow-query-on`, `allow-query-cache`, and
`allow-query-cache-on` directives in a view context.
2017-01-29 15:57:19 -06:00
Nate Riffe c72da6157f Push the class defaults into hiera
The bind class parameter defaults values are meant to be supplied via module
data. Really, these ought to come through the bind::defaults class from hiera,
but that class is currently the home of platform defaults which are not meant
to be overridden by the user. This is a first step, maybe? A normalization for
sure.
2016-11-07 20:01:17 -06:00
Hossy923 a19df9cd9e Fixed handling of undef @forward
Changed @forward check syntax to use "<%- if @variable and @variable !=
'' -%>" to address undef.
2016-11-05 10:09:53 -05:00
Hossy 89751eea38 Support for "forward" statement
Add "forward" statement in options { } block in named.conf.
2016-10-18 21:02:17 -05:00
Nate Riffe d6188b8f4e Merge pull request #100 from inkblot/rndc-helper
Implement a helper script for zone reloads
2016-07-09 09:09:44 -05:00
Tom Ford 9cd83cc317 Allow an empty forwarders {} statement 2016-07-08 15:07:15 +01:00
Tom Ford 34ff2b9491 Don't use sudo (runs as root via puppet anyway) 2016-07-08 14:47:25 +01:00
Nate Riffe 40531e21eb Implement a helper script for zone reloads
It turns out the `rndc` command that was intended to reload a managed zone
wasn't working (see PR #91 for reference) if more than one view included the
zone. The helper script is really just a wrapper around the `rndc` command
itself, it translates its final parameter into a domain/class/view tuple and
pass the leading parameters and the tuple to `rndc`.
2016-07-07 21:15:41 -05:00
Nate Riffe de1a021911 Add allow-transfers to views
Views support an `allow-transfer` directive essentially identical to the one in
zones. Copy the code from `manifests/zone.pp` and `templates/zone.conf.erb` to
support it.
2016-07-04 10:18:38 -05:00
Nate Riffe cd6e0f8b9c Fix the indentation 2016-07-04 09:53:42 -05:00
Nate Riffe b26915de54 Merge pull request #93 from exptom/allow-explicit-notify
Allow 'explicit' zone notification
2016-07-04 09:51:49 -05:00
Tom Ford 6236ad7167 Allow 'explicit' zone notification
Allow the 'explicit' value of a zones notify config to be set as well as yes/no.
2016-06-29 16:31:32 +01:00
Nate Riffe 50e9764ea4 Merge branch 'fix-view-syntax' into 6.0-prerelease 2016-04-20 14:13:02 -05:00
Nate Riffe bc34a9881d Add missing end on @servers iteration
Also normalize the indentation. Ruby code is 2-space indented, templated
configuration is tab indented.
2016-04-20 14:11:50 -05:00
Nate Riffe 0532e1cd57 Merge remote-tracking branch 'ocado/empty-zones' into 6.0-prerelease
Conflicts:
	manifests/view.pp
2016-04-20 08:17:51 -05:00
Nate Riffe dd03f5a559 Merge remote-tracking branch 'ocado/empty-zones'
Conflicts:
	manifests/view.pp
2016-04-20 08:17:27 -05:00
Nate Riffe 1ec9823c0f Merge remote-tracking branch 'ocado/minimal-responses' into 6.0-prerelease
Conflicts:
	templates/view.erb
2016-04-20 08:07:56 -05:00
Nate Riffe db935f8b86 Merge remote-tracking branch 'ocado/minimal-responses' 2016-04-20 08:05:49 -05:00
Nate Riffe d50406d0df Merge remote-tracking branch 'ocado/notify-source' into 6.0-prerelease 2016-04-20 08:02:26 -05:00
Nate Riffe 31ef46feb8 Merge remote-tracking branch 'ocado/notify-source' 2016-04-20 08:02:17 -05:00
Nate Riffe 8348f42a17 Merge remote-tracking branch 'hdeadman/forwarderport' into 6.0-prerelease 2016-04-20 07:39:32 -05:00
Nate Riffe 202526e425 Merge remote-tracking branch 'hdeadman/forwarderport' 2016-04-20 07:38:25 -05:00
Ahmad Jagot 2b8b7ccc41 Add allow-empty-zones support.
Conflicts:
	manifests/view.pp
	templates/view.erb
2016-04-20 13:37:20 +01:00
Nate Riffe 4d2d2f63a8 Merge branch 'filter-aaaa-on-v4-option' into 6.0-prerelease 2016-04-20 07:33:18 -05:00
Jean-Francois Roche badd25b0e6 Add option to filter ipv6 address on ipv4
refs https://kb.isc.org/article/AA-00576/0/Filter-AAAA-option-in-BIND-9-.html
2016-04-20 07:30:54 -05:00
Alex Frolkin e579b5479b Support minimal-responses setting on views 2016-04-15 15:32:09 +01:00
Alex Frolkin 0f5d3e6019 Add support for notify-source and also-notify
Conflicts:
	templates/view.erb
2016-04-15 15:29:31 +01:00
Hal Deadman aadc1f2f89 support forwarding a zone to a dns server on port other than 53
e.g. Consul runs on 8600
https://www.consul.io/docs/guides/forwarding.html
zone "consul" IN {
  type forward;
  forward only;
  forwarders { 127.0.0.1 port 8600; };
};
2016-02-10 10:47:12 -05:00
Nate Riffe 31cc2ada68 Merge branch 'root-zone-naming' into 6.0-prerelease 2016-01-29 07:52:45 -06:00
Nate Riffe 44b4b45761 Add option to disable default zone inclusion
By setting bind::include_default_zones to false, a user can suppress the
inclusion of the default definitions for the root hints zone and RFC 1912
zones. These are supplied with the BIND package's default configuration on both
Debian and RedHat derived systems. These zones are necessary for a resolver,
but may be omitted if the server acts strictly as an authoritative server.
2016-01-29 07:32:54 -06:00
Nate Riffe 57002c31a4 Include the default zones on RedHat
RedHat's default zones are baked into the stock named.conf, which the module's
template completely rewrites. Since the module is extremely view-based, and the
Debian default-zones are repositioned into the zones, let's take those defaults
out of the stock named.conf, build a configuration file out of them and include
it in the view just the same.
2016-01-29 07:32:54 -06:00
Nate Riffe 34478d25da Use an alternate name for the '.' zone
The root zone's domain is `.` but this means something special in the
filesystem which causes an error when creating the zone file.
2016-01-29 07:30:57 -06:00
Nate Riffe 1658fd82c3 Set managed-keys-directory
This is needed on RedHat derivatives.
2015-12-19 09:14:18 -06:00
Nate Riffe 2f2e971efd Reduce template abstraction and add documentation
Modify the handling of the `servers` property in `bind::view` to respond to
specific keys in the config hash for each server, and document how this
property is handled.
2015-10-24 09:17:38 -05:00
Thomas Farvour 8005dfa7d9 Add the ability to specify server directives in a view (e.g. using TSIG keys) with a slave -> master. 2015-10-24 09:17:38 -05:00
Nate Riffe 2946e51c87 Leave distro files alone
Distro packaging includes a lot of configuration files that this module tries
and fails to get rid of, but with exclusions. Those don't always work for
mysterious reasons. Leave the distributed files intact as much as possible,
with just the necessary files touched to effect the desired configuration.

Also, make inclusion of named.conf.local optional (default false) and stop
ensuring that there's at least an empty one.
2015-08-20 07:09:09 -05:00
Mike Bryant 1e8d0b3d0d Add support for the update-policy statement 2015-06-11 15:56:01 +01:00
Doug Neal bd7f25c6ce Leave out dnssec-validation and dnssec-lookaside from named.conf when dnssec is disabled 2015-05-18 17:20:18 +01:00
Nate Riffe 9f5c4bacb0 Add dynamic parameter to bind::zone
Add a parameter to `bind::zone` which indicates whether a zone is dynamic or
not. This has the effect of allowing puppet to manage the zone file rather than
simply initialize it. This change also introduces more appropriate handling of
slave and stub zones, so that puppet will not populate a stock zone file,
forcing the nameserver to do a zone transfer when a zone is created.

Also, there is now a substancial amount of validation in the `bind::zone` class
in order to prevent invalid parameter combinations, so that validity may be
assumed elsewhere in the manifest and in the configuration template.
2015-05-14 11:14:48 -05:00