Commit Graph

380 Commits

Author SHA1 Message Date
Nate Riffe 05b679a93d Fix a scoping issue in the template 2015-12-19 09:14:18 -06:00
Nate Riffe 1658fd82c3 Set managed-keys-directory
This is needed on RedHat derivatives.
2015-12-19 09:14:18 -06:00
Nate Riffe e79f3cab6d Merge pull request #58 from nerdlich/fix_dmarc_ds_tlsa
remove escaped semicolons and additional spaces from dig query output
2015-12-19 09:13:15 -06:00
Thomas Sturm 3928c7de6a use modern dnssec key algorithm and provide option to use NSEC3 2015-10-25 15:32:44 +01:00
Thomas Sturm 4ac574742a remove escaped semicolons and additional spaces from dig query output for certain types 2015-10-25 12:10:29 +01:00
Nate Riffe 15d61bcefc Merge branch 'view-servers' 2015-10-24 09:18:46 -05:00
Nate Riffe 2f2e971efd Reduce template abstraction and add documentation
Modify the handling of the `servers` property in `bind::view` to respond to
specific keys in the config hash for each server, and document how this
property is handled.
2015-10-24 09:17:38 -05:00
Thomas Farvour 8005dfa7d9 Add the ability to specify server directives in a view (e.g. using TSIG keys) with a slave -> master. 2015-10-24 09:17:38 -05:00
Nate Riffe a403718c32 Merge pull request #57 from inkblot/module-data-version
Module data version
2015-10-24 09:16:41 -05:00
Nate Riffe 1101b2ebc8 Document that there are dependencies to meet ...
And also suggest a mode of installation.
2015-10-24 09:10:54 -05:00
Nate Riffe 472dc05a97 Set a version constraint on module_data 2015-09-19 11:12:54 -05:00
Nate Riffe 52e3838e4f Release version 4.3.0 2015-08-20 07:16:07 -05:00
Nate Riffe df95b958c0 Merge branch 'patch-1' 2015-08-20 07:12:03 -05:00
Nate Riffe 2946e51c87 Leave distro files alone
Distro packaging includes a lot of configuration files that this module tries
and fails to get rid of, but with exclusions. Those don't always work for
mysterious reasons. Leave the distributed files intact as much as possible,
with just the necessary files touched to effect the desired configuration.

Also, make inclusion of named.conf.local optional (default false) and stop
ensuring that there's at least an empty one.
2015-08-20 07:09:09 -05:00
Ner'zhul 4efa1b956b Don't remove confdir files this remove standard files 2015-07-17 14:47:16 +02:00
Nate Riffe 6fdd47c736 Release version 4.2.2 2015-07-11 11:37:44 -05:00
Nate Riffe facf69d87c Merge branch 'master' of github.com:inkblot/puppet-bind 2015-07-11 11:36:56 -05:00
Nate Riffe c178d734af Merge pull request #51 from NexusIS/master
Add missing bind tools package and improve rspec tests
2015-07-11 11:36:25 -05:00
Aimon Bustardo 0479c58b7c Add missing bind tools package and improve rspec tests
Change-Id: I0b4680ce11fe604917fce654d68c2bec17c05438
2015-07-07 15:33:16 -07:00
Nate Riffe d620a7d182 Release version 4.2.1 2015-07-03 15:28:01 -05:00
Nate Riffe aeffbe2650 Merge pull request #49 from inkblot/parameterize-random-device
Parameterize the random device for dnssec-keygen
2015-07-03 15:19:57 -05:00
Nate Riffe e25dbfc529 Parameterize the random device for dnssec-keygen
`dnssec-keygen` uses `/dev/random` by default, but this is slow in some
scenarios where `/dev/urandom` is both faster and provides sufficient utility.
Allow override via the `bind::random_device` hiera key.
2015-07-03 08:59:59 -05:00
Nate Riffe 2cafc226f0 Release version 4.2.0 2015-06-12 20:19:54 -05:00
Nate Riffe 9ed007bdd2 Document the new keyfile property 2015-06-12 19:30:05 -05:00
Nate Riffe b532680b3b Merge pull request #31 from norcams/keyfile_resource_record
Support custom keyfile paths
2015-06-12 19:16:45 -05:00
Nate Riffe 4241f29c50 Merge pull request #44 from ocadotechnology/wip-update-policy
Add support for the update-policy statement
2015-06-12 19:14:14 -05:00
Mike Bryant 1e8d0b3d0d Add support for the update-policy statement 2015-06-11 15:56:01 +01:00
Nate Riffe b44b6ad0ce Release version 4.1.2 2015-05-22 12:51:03 -05:00
Nate Riffe c5f463bfac Merge pull request #42 from inkblot/provider-fixes-41
Provider fixes #41
2015-05-22 12:50:29 -05:00
Nate Riffe eb58ab9afc Document the need for qualfied names
Several record types do not function correctly with the `resource_record` type
unless their values are specified as fully-qualified names with a trailing dot.
This adds clarifying information to the documentation and fixes a couple of
examples which are actually broken.
2015-05-22 12:13:19 -05:00
Nate Riffe a0f5ebde8a Make ensure => absent work again
The incremental update change made NS record updates work for non-glue NS
records, but broke `ensure => absent` because there is no semantic guarantee
that the contents of the `data` member match what's in DNS. Set math ensures
that hilarity ensues.
2015-05-22 07:49:36 -05:00
Nate Riffe 7555cdd4e0 Fix type handling
Both the guts of the PuppetBind::Provider::Nsupdate module and the type method
of the dns_rr(nsupdate) provider produce and expect the type expressed as a
string, but the resource_record(nsupdate) provider's type method produces
symbols. This accidentally worked for a while, then it didn't. Also, in
quoted_type? that's supposed to be an array of strings, not a quoted string.
2015-05-21 14:24:35 -05:00
Nate Riffe 7edd25aac2 Release version 4.1.1 2015-05-19 14:49:04 -05:00
Nate Riffe 9038011ed7 Merge pull request #39 from inkblot/quote-txt-rrdata
Automatic quote and unquote TXT and SPF
2015-05-19 14:44:53 -05:00
Nate Riffe f2593601e8 Automatic quote and unquote TXT and SPF
TXT and SPF record values have to be quoted in the nsupdate script in order to
preserve the integrity of the string.
2015-05-19 14:29:33 -05:00
Nate Riffe beaf69c2e5 Merge pull request #38 from dougneal/misc_fixes
Misc fixes
2015-05-18 19:07:25 -05:00
Doug Neal 5b4d9f772e Fix bad variable name in bind::zone parameter validation code 2015-05-18 17:22:32 +01:00
Doug Neal bd7f25c6ce Leave out dnssec-validation and dnssec-lookaside from named.conf when dnssec is disabled 2015-05-18 17:20:18 +01:00
Nate Riffe 96d4d70c1a This description always was an outlier 2015-05-15 08:07:53 -05:00
Nate Riffe c6d101b7c3 Release version 4.1.0 2015-05-15 08:05:24 -05:00
Nate Riffe 993692aa85 Merge pull request #36 from inkblot/managed-zone-file
Add `dynamic` parameter to `bind::zone`
2015-05-15 07:56:26 -05:00
Nate Riffe 9f489dcb6f validate_bool means something else
`validate_bool` validates that the passed value(s) are boolean, not that they
are true. Reformulate the calls to `unless` blocks, and remove the check for
"dynamic implies master" since setting `dynamic` to true is 1) the default and
2) does not cause any change to configuration text or manifest behavior when
the zone is not master.
2015-05-15 07:42:52 -05:00
Nate Riffe 20e50bf43a That needs to be a reload 2015-05-14 16:05:44 -05:00
Nate Riffe 54eea45d7d Refresh managed zones after a zone file change. 2015-05-14 15:36:41 -05:00
Nate Riffe 5ca584ff13 Merge pull request #35 from dougneal/error_reporting
Improve error reporting
2015-05-14 11:29:19 -05:00
Nate Riffe aa7b743dd6 Document new functionality 2015-05-14 11:27:44 -05:00
Nate Riffe 9f5c4bacb0 Add dynamic parameter to bind::zone
Add a parameter to `bind::zone` which indicates whether a zone is dynamic or
not. This has the effect of allowing puppet to manage the zone file rather than
simply initialize it. This change also introduces more appropriate handling of
slave and stub zones, so that puppet will not populate a stock zone file,
forcing the nameserver to do a zone transfer when a zone is created.

Also, there is now a substancial amount of validation in the `bind::zone` class
in order to prevent invalid parameter combinations, so that validity may be
assumed elsewhere in the manifest and in the configuration template.
2015-05-14 11:14:48 -05:00
Doug Neal 882214a2a9 On resource_record validation failure, raise an ArgumentError instead of calling Util::Errors.fail 2015-05-14 14:50:01 +01:00
Nate Riffe ebe75830c6 Release version 4.0.4 2015-05-05 14:06:50 -05:00
Nate Riffe 52d4224961 Merge pull request #34 from backstop/query-sections
Allow response records from other sections
2015-05-05 13:54:44 -05:00