The template code that processes also_notify is of a kind with the checks and
processing of other optional smart-array values. Make its default an empty
string so that the clause may be properly omitted from a config that doesn't
use it.
By setting bind::include_default_zones to false, a user can suppress the
inclusion of the default definitions for the root hints zone and RFC 1912
zones. These are supplied with the BIND package's default configuration on both
Debian and RedHat derived systems. These zones are necessary for a resolver,
but may be omitted if the server acts strictly as an authoritative server.
RedHat's default zones are baked into the stock named.conf, which the module's
template completely rewrites. Since the module is extremely view-based, and the
Debian default-zones are repositioned into the zones, let's take those defaults
out of the stock named.conf, build a configuration file out of them and include
it in the view just the same.
The changes in the `redhat-default-zones` branch, when released, may cause
upgrade difficulties for Red Hat system administrators. Try to ease the
transition.
`bind::defaults::supported` should always have a boolean value. If it does not,
then this means either 1) user error (e.g. the user defined some other value
for the key) or 2) module_data is not functioning correctly.
The `params` vs. `bind` class distinction has been blurry for a long time. I'm
formalizing it.
`params` is now `defaults` and its purpose is to gather platform-specific
variation into a single scope. These variables are related to situating a BIND
server on a particular platform and it should not ever be necessary or perhaps
even possible to change them as a matter of preference. Rather, correct values
are function of e.g. `$osfamily` or `$operatingsystem`.
The parameters of the `bind` class are limited to those that control the
server's feature set. These parameters *are* matters of preference and/or
purpose, rather than platform.
Also, I have taken some care to develop a convention for direct references to
qualified parameters where they are re-scoped into the local scope centrally at
the top first, and subsequent references are to the local value. This should
minimize future code churn and also aid readability.
Fix a bunch of warnings whne using the bind::updater class by moving confdir to
the params class. In order for this to work, the bind and bind::updater classes
both now inherit from params. Also, fix the default value for
managed_key_directory to something that's actually falsey.
Distro packaging includes a lot of configuration files that this module tries
and fails to get rid of, but with exclusions. Those don't always work for
mysterious reasons. Leave the distributed files intact as much as possible,
with just the necessary files touched to effect the desired configuration.
Also, make inclusion of named.conf.local optional (default false) and stop
ensuring that there's at least an empty one.
`dnssec-keygen` uses `/dev/random` by default, but this is slow in some
scenarios where `/dev/urandom` is both faster and provides sufficient utility.
Allow override via the `bind::random_device` hiera key.
`validate_bool` validates that the passed value(s) are boolean, not that they
are true. Reformulate the calls to `unless` blocks, and remove the check for
"dynamic implies master" since setting `dynamic` to true is 1) the default and
2) does not cause any change to configuration text or manifest behavior when
the zone is not master.
Add a parameter to `bind::zone` which indicates whether a zone is dynamic or
not. This has the effect of allowing puppet to manage the zone file rather than
simply initialize it. This change also introduces more appropriate handling of
slave and stub zones, so that puppet will not populate a stock zone file,
forcing the nameserver to do a zone transfer when a zone is created.
Also, there is now a substancial amount of validation in the `bind::zone` class
in order to prevent invalid parameter combinations, so that validity may be
assumed elsewhere in the manifest and in the configuration template.
* Line up the parameter defaults in init.pp
* Put the leading whitespace ahead of the statistics-channel conditional block
inside the condition to avoid superfluous blank lines in the generated file
In the absence of any 'controls' configuration, BIND uses the rndc.key file
containing a key named rndc-key for rndc by default. In this mode, there is
also no need for any explicit settings in rndc.conf.
