Commit Graph

130 Commits

Author SHA1 Message Date
Nate Riffe 91ccb29eca Remove the deprecated audit metaparameter 2017-07-11 19:05:05 -05:00
Cedric DEFORTIS 81135efa23 tkey-* additional parameters
- tkey-gssapi-credential
- tkey-domain
2017-05-31 15:41:52 +02:00
Cedric DEFORTIS d0dc06d4ca Fix global variable error & update concat version 2017-05-04 21:17:58 +02:00
Cedric DEFORTIS 3ad9e7d8d3 Make rake lint happy by fixing WARNINGS 2017-05-04 21:17:39 +02:00
Nate Riffe d580291c69 Explicitly reference the bind keys file
Debian supplies the bind keys at /etc/bind/bind.keys and RedHat supplies it at
/etc/named.iscdlv.key. Add the directive that references this file. I think it
may have "just worked" on Debian, baesd on the information at
https://www.isc.org/downloads/bind/bind-keys/
2017-04-16 09:05:56 -05:00
Nate Riffe f0ba56e35d Fix a typo and release 7.2.1 2017-03-02 06:32:17 -06:00
Nate Riffe 8504b27498 Implement support for logging configuration
Adds `bind::logging::channel` and `bind::logging::category` defines in order to
support logging configuration.
2017-02-25 12:42:54 -06:00
Nate Riffe 987470f22a Merge pull request #111 from makeacode/server_clause
support creating server clauses
2017-02-09 07:19:15 -06:00
makeacode ca3cdb064e Hardcode fragment order 2017-02-08 12:54:44 -05:00
makeacode 67cb532f94 Update to use at least the 2.0.0 version of puppetlabs-concat 2017-02-02 00:42:04 -05:00
makeacode ebfa2455a1 support creating server clauses 2017-02-02 00:14:07 -05:00
Nate Riffe 7b6565a49c Add query controls to views
Add configurators for `allow-query`, `allow-query-on`, `allow-query-cache`, and
`allow-query-cache-on` directives in a view context.
2017-01-29 15:57:19 -06:00
Nate Riffe c72da6157f Push the class defaults into hiera
The bind class parameter defaults values are meant to be supplied via module
data. Really, these ought to come through the bind::defaults class from hiera,
but that class is currently the home of platform defaults which are not meant
to be overridden by the user. This is a first step, maybe? A normalization for
sure.
2016-11-07 20:01:17 -06:00
Hossy 89751eea38 Support for "forward" statement
Add "forward" statement in options { } block in named.conf.
2016-10-18 21:02:17 -05:00
Nate Riffe d6188b8f4e Merge pull request #100 from inkblot/rndc-helper
Implement a helper script for zone reloads
2016-07-09 09:09:44 -05:00
Tom Ford bb4f210c44 Allow forwarders to be set for master/slave zones 2016-07-08 15:04:04 +01:00
Tom Ford 84782740dd Need unique name for the rndc reload exec 2016-07-08 14:32:00 +01:00
Nate Riffe 40531e21eb Implement a helper script for zone reloads
It turns out the `rndc` command that was intended to reload a managed zone
wasn't working (see PR #91 for reference) if more than one view included the
zone. The helper script is really just a wrapper around the `rndc` command
itself, it translates its final parameter into a domain/class/view tuple and
pass the leading parameters and the tuple to `rndc`.
2016-07-07 21:15:41 -05:00
Nate Riffe de1a021911 Add allow-transfers to views
Views support an `allow-transfer` directive essentially identical to the one in
zones. Copy the code from `manifests/zone.pp` and `templates/zone.conf.erb` to
support it.
2016-07-04 10:18:38 -05:00
Nate Riffe da2a88ec86 Merge branch '6.0-prerelease'
Conflicts:
	metadata.json
2016-07-04 09:48:23 -05:00
Nate Riffe 88481f94fd Finalize the 6.0-prerelease branch 2016-07-04 09:39:51 -05:00
Nate Riffe dcbba5a0cb Harmonize default value for also_notify
The template code that processes also_notify is of a kind with the checks and
processing of other optional smart-array values. Make its default an empty
string so that the clause may be properly omitted from a config that doesn't
use it.
2016-05-06 15:18:53 -05:00
Nate Riffe 0532e1cd57 Merge remote-tracking branch 'ocado/empty-zones' into 6.0-prerelease
Conflicts:
	manifests/view.pp
2016-04-20 08:17:51 -05:00
Nate Riffe dd03f5a559 Merge remote-tracking branch 'ocado/empty-zones'
Conflicts:
	manifests/view.pp
2016-04-20 08:17:27 -05:00
Nate Riffe 1ec9823c0f Merge remote-tracking branch 'ocado/minimal-responses' into 6.0-prerelease
Conflicts:
	templates/view.erb
2016-04-20 08:07:56 -05:00
Nate Riffe db935f8b86 Merge remote-tracking branch 'ocado/minimal-responses' 2016-04-20 08:05:49 -05:00
Nate Riffe d50406d0df Merge remote-tracking branch 'ocado/notify-source' into 6.0-prerelease 2016-04-20 08:02:26 -05:00
Nate Riffe 31ef46feb8 Merge remote-tracking branch 'ocado/notify-source' 2016-04-20 08:02:17 -05:00
Nate Riffe 8348f42a17 Merge remote-tracking branch 'hdeadman/forwarderport' into 6.0-prerelease 2016-04-20 07:39:32 -05:00
Nate Riffe 202526e425 Merge remote-tracking branch 'hdeadman/forwarderport' 2016-04-20 07:38:25 -05:00
Ahmad Jagot 2b8b7ccc41 Add allow-empty-zones support.
Conflicts:
	manifests/view.pp
	templates/view.erb
2016-04-20 13:37:20 +01:00
Nate Riffe 4d2d2f63a8 Merge branch 'filter-aaaa-on-v4-option' into 6.0-prerelease 2016-04-20 07:33:18 -05:00
Jean-Francois Roche badd25b0e6 Add option to filter ipv6 address on ipv4
refs https://kb.isc.org/article/AA-00576/0/Filter-AAAA-option-in-BIND-9-.html
2016-04-20 07:30:54 -05:00
Alex Frolkin e579b5479b Support minimal-responses setting on views 2016-04-15 15:32:09 +01:00
Alex Frolkin 0f5d3e6019 Add support for notify-source and also-notify
Conflicts:
	templates/view.erb
2016-04-15 15:29:31 +01:00
Hal Deadman aadc1f2f89 support forwarding a zone to a dns server on port other than 53
e.g. Consul runs on 8600
https://www.consul.io/docs/guides/forwarding.html
zone "consul" IN {
  type forward;
  forward only;
  forwarders { 127.0.0.1 port 8600; };
};
2016-02-10 10:47:12 -05:00
Nate Riffe 31cc2ada68 Merge branch 'root-zone-naming' into 6.0-prerelease 2016-01-29 07:52:45 -06:00
Nate Riffe 44b4b45761 Add option to disable default zone inclusion
By setting bind::include_default_zones to false, a user can suppress the
inclusion of the default definitions for the root hints zone and RFC 1912
zones. These are supplied with the BIND package's default configuration on both
Debian and RedHat derived systems. These zones are necessary for a resolver,
but may be omitted if the server acts strictly as an authoritative server.
2016-01-29 07:32:54 -06:00
Nate Riffe 57002c31a4 Include the default zones on RedHat
RedHat's default zones are baked into the stock named.conf, which the module's
template completely rewrites. Since the module is extremely view-based, and the
Debian default-zones are repositioned into the zones, let's take those defaults
out of the stock named.conf, build a configuration file out of them and include
it in the view just the same.
2016-01-29 07:32:54 -06:00
Nate Riffe 0b674de1ed Just one conditional 2016-01-29 07:30:57 -06:00
Nate Riffe 34478d25da Use an alternate name for the '.' zone
The root zone's domain is `.` but this means something special in the
filesystem which causes an error when creating the zone file.
2016-01-29 07:30:57 -06:00
Stefan - Zipkid - Goethals 12bda76ab9 - fix conflicts when using bind::updater on all nodes. 2016-01-27 09:49:31 +01:00
Nate Riffe ae3bfa7f1b Add warnings and safety checks and documentation
The changes in the `redhat-default-zones` branch, when released, may cause
upgrade difficulties for Red Hat system administrators. Try to ease the
transition.
2016-01-19 07:44:30 -06:00
Nate Riffe 0388e91dc6 Try to validate that module-data is working
`bind::defaults::supported` should always have a boolean value. If it does not,
then this means either 1) user error (e.g. the user defined some other value
for the key) or 2) module_data is not functioning correctly.
2016-01-12 20:03:14 -06:00
Nate Riffe 3bfcc19a3e Turn params into defaults and formalize it
The `params` vs. `bind` class distinction has been blurry for a long time. I'm
formalizing it.

`params` is now `defaults` and its purpose is to gather platform-specific
variation into a single scope. These variables are related to situating a BIND
server on a particular platform and it should not ever be necessary or perhaps
even possible to change them as a matter of preference. Rather, correct values
are function of e.g. `$osfamily` or `$operatingsystem`.

The parameters of the `bind` class are limited to those that control the
server's feature set. These parameters *are* matters of preference and/or
purpose, rather than platform.

Also, I have taken some care to develop a convention for direct references to
qualified parameters where they are re-scoped into the local scope centrally at
the top first, and subsequent references are to the local value. This should
minimize future code churn and also aid readability.
2015-12-26 10:06:24 -06:00
Nate Riffe 250cb4e4c6 Put confdir in the params class, and more..
Fix a bunch of warnings whne using the bind::updater class by moving confdir to
the params class. In order for this to work, the bind and bind::updater classes
both now inherit from params. Also, fix the default value for
managed_key_directory to something that's actually falsey.
2015-12-26 01:05:52 -06:00
Nate Riffe 40f7972dc8 Merge pull request #59 from nerdlich/dnssec_more_secure
use modern dnssec key algorithm and provide option to use NSEC3
2015-12-19 09:26:51 -06:00
Nate Riffe 05b679a93d Fix a scoping issue in the template 2015-12-19 09:14:18 -06:00
Nate Riffe 1658fd82c3 Set managed-keys-directory
This is needed on RedHat derivatives.
2015-12-19 09:14:18 -06:00
Thomas Sturm 3928c7de6a use modern dnssec key algorithm and provide option to use NSEC3 2015-10-25 15:32:44 +01:00