Modify the handling of the `servers` property in `bind::view` to respond to
specific keys in the config hash for each server, and document how this
property is handled.
Distro packaging includes a lot of configuration files that this module tries
and fails to get rid of, but with exclusions. Those don't always work for
mysterious reasons. Leave the distributed files intact as much as possible,
with just the necessary files touched to effect the desired configuration.
Also, make inclusion of named.conf.local optional (default false) and stop
ensuring that there's at least an empty one.
Add a parameter to `bind::zone` which indicates whether a zone is dynamic or
not. This has the effect of allowing puppet to manage the zone file rather than
simply initialize it. This change also introduces more appropriate handling of
slave and stub zones, so that puppet will not populate a stock zone file,
forcing the nameserver to do a zone transfer when a zone is created.
Also, there is now a substancial amount of validation in the `bind::zone` class
in order to prevent invalid parameter combinations, so that validity may be
assumed elsewhere in the manifest and in the configuration template.
* Line up the parameter defaults in init.pp
* Put the leading whitespace ahead of the statistics-channel conditional block
inside the condition to avoid superfluous blank lines in the generated file
In the absence of any 'controls' configuration, BIND uses the rndc.key file
containing a key named rndc-key for rndc by default. In this mode, there is
also no need for any explicit settings in rndc.conf.
Make recursion_match_clients and recursion_match_destinations mirroring the
existing match_clients and match_destinations in order to distinguish recursion
access as a proper subset of view access.
Unless specified, this defaults to "localnets, localhost only" yet the
intention of specifying a match-clients and recursion is to allow recursive
queries from the given address not just localnets. This change adds the
specified match-clients under allow-recursion.
If match-destination is specified instead, then allow-recusion-on is
set for those interfaces.
This adds a 'dnssec' parameter to the bind::zone define which causes the module
to generate keys and sign the zone. Some caveats and breaking changes:
1) Existing non-signed zones will have to be manually moved and signed
2) Signed zones are treated as dynamic
