RedHat's default zones are baked into the stock named.conf, which the module's
template completely rewrites. Since the module is extremely view-based, and the
Debian default-zones are repositioned into the zones, let's take those defaults
out of the stock named.conf, build a configuration file out of them and include
it in the view just the same.
`dnssec-keygen` uses `/dev/random` by default, but this is slow in some
scenarios where `/dev/urandom` is both faster and provides sufficient utility.
Allow override via the `bind::random_device` hiera key.
stub and slave zones need to be overwritten with data from their master server
in a reasonable timeframe. Drop all of the intervals in the db.empty SOA down
to sub-minute values to speed convergence.
This adds a 'dnssec' parameter to the bind::zone define which causes the module
to generate keys and sign the zone. Some caveats and breaking changes:
1) Existing non-signed zones will have to be manually moved and signed
2) Signed zones are treated as dynamic
