- Force Package[bind] to be installed before moving /etc/bind into the
$chroot_dir
- Fix recursive permissions for /var/bind9/chroot/** directories (so
that user bind can cross those directories if they belong to root)
- RHEL chroot code has been moved into a bind::chroot::package class
- Debian family (and probably other families) can use the
`bind::chroot::manual` class to enable chroot for bind using the method
described here: https://wiki.debian.org/Bind9#Bind_Chroot
Debian supplies the bind keys at /etc/bind/bind.keys and RedHat supplies it at
/etc/named.iscdlv.key. Add the directive that references this file. I think it
may have "just worked" on Debian, baesd on the information at
https://www.isc.org/downloads/bind/bind-keys/
The bind class parameter defaults values are meant to be supplied via module
data. Really, these ought to come through the bind::defaults class from hiera,
but that class is currently the home of platform defaults which are not meant
to be overridden by the user. This is a first step, maybe? A normalization for
sure.
It turns out the `rndc` command that was intended to reload a managed zone
wasn't working (see PR #91 for reference) if more than one view included the
zone. The helper script is really just a wrapper around the `rndc` command
itself, it translates its final parameter into a domain/class/view tuple and
pass the leading parameters and the tuple to `rndc`.
Views support an `allow-transfer` directive essentially identical to the one in
zones. Copy the code from `manifests/zone.pp` and `templates/zone.conf.erb` to
support it.
The template code that processes also_notify is of a kind with the checks and
processing of other optional smart-array values. Make its default an empty
string so that the clause may be properly omitted from a config that doesn't
use it.
By setting bind::include_default_zones to false, a user can suppress the
inclusion of the default definitions for the root hints zone and RFC 1912
zones. These are supplied with the BIND package's default configuration on both
Debian and RedHat derived systems. These zones are necessary for a resolver,
but may be omitted if the server acts strictly as an authoritative server.
RedHat's default zones are baked into the stock named.conf, which the module's
template completely rewrites. Since the module is extremely view-based, and the
Debian default-zones are repositioned into the zones, let's take those defaults
out of the stock named.conf, build a configuration file out of them and include
it in the view just the same.
The changes in the `redhat-default-zones` branch, when released, may cause
upgrade difficulties for Red Hat system administrators. Try to ease the
transition.
