Commit Graph

40 Commits

Author SHA1 Message Date
Nate Riffe 01cb48191e Generate an rndc key, let BIND rest on defaults
In the absence of any 'controls' configuration, BIND uses the rndc.key file
containing a key named rndc-key for rndc by default. In this mode, there is
also no need for any explicit settings in rndc.conf.
2015-01-18 10:31:12 -06:00
Nate Riffe 9b1cbacee0 Give bind::key the ability to generate keys
Also, allow them to be placed elsewhere in the filesystem and make it possible
to exclude a key from the named configuration.
2015-01-18 10:11:24 -06:00
Tilo Klausing 0ebec14102 added support for view directive "match-recursive-only"
allows for dedicated views separating resolver and authorative functions
within the same server
2015-01-12 15:44:33 +01:00
Nate Riffe 8c250445f0 Terminate the line 2015-01-08 09:08:21 -06:00
Nate Riffe 61adcc07c4 Add support for transfer-source 2015-01-08 08:17:01 -06:00
Nate Riffe e365f5e49a Distinguish view access from recursion access
Make recursion_match_clients and recursion_match_destinations mirroring the
existing match_clients and match_destinations in order to distinguish recursion
access as a proper subset of view access.
2014-11-28 19:02:23 -06:00
Brian Muita 658a2cdb9b Added the allow-recursion statement for when recursion enabled in a view.
Unless specified, this defaults to "localnets, localhost only" yet the
intention of specifying a match-clients and recursion is to allow recursive
queries from the given address not just localnets. This change adds the
specified match-clients under allow-recursion.

If match-destination is specified instead, then allow-recusion-on is
set for those interfaces.
2014-11-27 18:39:02 +03:00
Nate Riffe a66b985adb Fix up bind::updater and support rndc
I thought I fixed rndc a while ago... not quite. Do it now. Make bind::updater
actually work (incomplete last time)
2014-06-27 14:43:46 -05:00
Nate Riffe 97a8bf0196 key_directory condition got flipped, semantically 2013-08-08 08:19:53 -05:00
Nate Riffe a930f53a4a Handle array values idiomatically 2013-08-08 07:40:00 -05:00
Nate Riffe d044268f07 A bit overzealous on that last fix 2013-07-07 20:16:02 -05:00
Nate Riffe 05097dcd05 Access class variables the new way
Recent puppets demand that puppet class variables be qualified as instance
members when accessed from within a template.
2013-06-30 09:04:37 -05:00
Nate Riffe 9d0f03b5f6 Support alternate key directories 2012-10-06 22:29:54 -05:00
Nate Riffe 42a5e99f87 Make manual configuration possible 2012-10-06 16:40:59 -05:00
Nate Riffe 474b6f6967 Put notification stuff are zonefile related and interfere with forward zones 2012-10-06 15:51:05 -05:00
Nate Riffe 26b43b3169 Support forward zones 2012-10-06 15:10:46 -05:00
Nate Riffe fe1ceca8fd Allow override of BIND's version string 2012-10-06 10:50:02 -05:00
Nate Riffe 28225f59e9 Add support for zone notification options 2012-10-04 19:04:21 -05:00
Nate Riffe f30747d10b Add support for DNSSEC signed zones (breaking)
This adds a 'dnssec' parameter to the bind::zone define which causes the module
to generate keys and sign the zone.  Some caveats and breaking changes:

1) Existing non-signed zones will have to be manually moved and signed
2) Signed zones are treated as dynamic
2012-10-04 14:20:15 -05:00
Nate Riffe 64f10b4774 Get file and concat dependencies in order 2012-09-25 23:01:23 -05:00
Nate Riffe 699af3527a Enable DNSSEC validation in the resolver by default 2012-09-14 07:33:45 -05:00
Nate Riffe db236c58a6 Don't quote keystuff, it breaks it 2012-09-05 00:32:36 -05:00
Nate Riffe a62f9dd107 named.conf is not a concat, make one for keys 2012-09-04 23:53:04 -05:00
Nate Riffe 4e74ffe8a9 Fix typo and rename template 2012-09-04 23:48:56 -05:00
Nate Riffe 107fe10194 Add keys 2012-09-04 23:45:28 -05:00
Nate Riffe 6ac1a1cefa Avoid naming collision 2012-09-04 12:39:35 -05:00
Nate Riffe e5cac24358 Fix syntax in named.conf 2012-09-04 12:36:40 -05:00
Nate Riffe d8b9fe2e8e Fix syntax 2012-09-04 12:32:11 -05:00
Nate Riffe d189c62002 Enable configuration of some options 2012-09-04 12:12:30 -05:00
Nate Riffe 63b3c4037b Add a zone definition 2012-09-04 07:24:31 -05:00
Nate Riffe 6800ca9ebc Include default zones regardless of recursion 2012-09-03 23:18:31 -05:00
Nate Riffe 0a383a49fe Adjust indentation 2012-09-03 23:12:55 -05:00
Nate Riffe 2ea577f97b Move default zones into the view when recursion is enabled 2012-09-03 23:10:29 -05:00
Nate Riffe 2d1d6d826d Get debian's default zones accounted for 2012-09-03 23:05:12 -05:00
Nate Riffe f23bf1e1b4 Put semicolons where needed in view.erb 2012-09-03 22:09:29 -05:00
Nate Riffe ec56b2e376 Adjust spacing 2012-09-03 22:01:35 -05:00
Nate Riffe 594d850cb2 Add templates for named.conf and for view fragments 2012-09-03 21:52:38 -05:00
Nate Riffe f09ca602b0 Hide the blank lines 2012-09-03 19:37:02 -05:00
Nate Riffe 2a567bc09a Fix template syntax 2012-09-03 18:45:06 -05:00
Nate Riffe 259e37c795 Add acls 2012-09-03 18:24:06 -05:00