From 812c3f4d6162cf7af8f8cbedb6abb6d72bd537e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Fri, 5 May 2023 01:46:46 +0200 Subject: "Working" product. --- data/os/Archlinux.yaml | 1 + data/os/Debian.yaml | 12 +++ data/os/debian.yaml | 7 -- hiera.yaml | 16 ++++ lib/facter/dns_zone_serial.rb | 11 ++- lib/puppet/provider/dns_record2/named.rb | 137 +++++++++++++++++++++++++++++++ lib/puppet/provider/dns_zone2/named.rb | 96 ++++++++++++++++++++++ lib/puppet/type/dns_record2.rb | 93 +++++++++++++++++++++ lib/puppet/type/dns_zone2.rb | 133 ++++++++++++++++++++++++++++++ manifests/init.pp | 72 ++++++++++------ manifests/key.pp | 1 + manifests/record.pp | 32 ++++++-- manifests/zone.pp | 96 +++++++++++----------- templates/named-rndc.conf.epp | 2 +- templates/named.conf.epp | 6 +- templates/zone-serial.epp | 3 + templates/zone.epp | 24 ------ templates/zone1.epp | 15 ++++ templates/zone2.epp | 14 ++++ templates/zoneconf.epp | 6 +- 20 files changed, 658 insertions(+), 119 deletions(-) create mode 100644 data/os/Debian.yaml delete mode 100644 data/os/debian.yaml create mode 100644 hiera.yaml create mode 100644 lib/puppet/provider/dns_record2/named.rb create mode 100644 lib/puppet/provider/dns_zone2/named.rb create mode 100644 lib/puppet/type/dns_record2.rb create mode 100644 lib/puppet/type/dns_zone2.rb create mode 100644 templates/zone-serial.epp delete mode 100644 templates/zone.epp create mode 100644 templates/zone1.epp create mode 100644 templates/zone2.epp diff --git a/data/os/Archlinux.yaml b/data/os/Archlinux.yaml index 9b3ac1e..9034ac2 100644 --- a/data/os/Archlinux.yaml +++ b/data/os/Archlinux.yaml @@ -1,3 +1,4 @@ --- dns::packagename: bind dns::servicename: named +dns::user: named diff --git a/data/os/Debian.yaml b/data/os/Debian.yaml new file mode 100644 index 0000000..b32301f --- /dev/null +++ b/data/os/Debian.yaml @@ -0,0 +1,12 @@ +--- +dns::checkconf: /usr/sbin/named-checkconf +dns::checkzone: /usr/sbin/named-checkzone +dns::config_dir: /etc/bind +dns::config_file: /etc/bind/named.conf +dns::manage_dir: true +dns::packagename: bind9 +dns::rndc: /usr/sbin/rndc +dns::rndc_confgen: /usr/sbin/rndc-confgen +dns::rndc_key_file: /etc/bind/rndc.key +dns::servicename: named +dns::user: bind diff --git a/data/os/debian.yaml b/data/os/debian.yaml deleted file mode 100644 index d10e5c2..0000000 --- a/data/os/debian.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -dns::checkzone: /usr/sbin/named-checkzone -dns::chcekconf: /usr/sbin/named-checkconf -dns::rndc: /usr/sbin/rndc -dns::packagename: bind9 -dns::servicename: named -dns::rndc_confgen: /usr/sbin/rndc diff --git a/hiera.yaml b/hiera.yaml new file mode 100644 index 0000000..42772e2 --- /dev/null +++ b/hiera.yaml @@ -0,0 +1,16 @@ +--- +version: 5 +defaults: + datadir: data + data_hash: yaml_data + +hierarchy: + - name: osfamily/release + paths: + - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" + - name: osfamily + paths: + - "os/%{facts.os.name}.yaml" + - "os/%{facts.os.family}.yaml" + - name: common + path: common.yaml diff --git a/lib/facter/dns_zone_serial.rb b/lib/facter/dns_zone_serial.rb index 6f25148..6575757 100644 --- a/lib/facter/dns_zone_serial.rb +++ b/lib/facter/dns_zone_serial.rb @@ -1,5 +1,13 @@ require 'resolv' +def ensure_period(s) + if s[-1] == '.' + s + else + "#{s}." + end +end + Facter.add(:dns_zone_serial) do confine do Facter::Util::Resolution.which('named-checkconf') @@ -13,7 +21,8 @@ Facter.add(:dns_zone_serial) do .filter { |zone| zone.last == 'master' } zone_map = {} zones.map do |zone| - zone_map["#{zone[0]}."] = dns.getresource(zone[0], Resolv::DNS::Resource::IN::SOA).serial + z = ensure_period(zone[0]) + zone_map[z] = dns.getresource(z, Resolv::DNS::Resource::IN::SOA).serial end zone_map end diff --git a/lib/puppet/provider/dns_record2/named.rb b/lib/puppet/provider/dns_record2/named.rb new file mode 100644 index 0000000..61f4a96 --- /dev/null +++ b/lib/puppet/provider/dns_record2/named.rb @@ -0,0 +1,137 @@ +# require 'resolv' + +Puppet::Type.type(:dns_record2).provide(:named) do + def self.instances + objects = [] + # `named-checkconf -l`.split("\n").each do |zone| + # zonename, cls, view, _ = zone.split(' ') + # path = `rndc zonestatus #{zonename} #{cls} #{view} 2>/dev/null | awk -F' ' '/^files:/ { print $2 }'`.strip; + # `named-checkzone -q -D #{zonename} /var/named/#{path} | sed 's/[[:space:]]\+/ /g'`.split("\n").each do |record| + # key, ttl, cls, type, *value = record.split(' ') + # value = value.join(' ') + + # name = "#{zonename} #{cls} #{view} #{key} #{type} #{value}" + + # objects << new(:name => name, + # :key => key, + # :ttl => ttl, + # :class => cls, + # :type => type, + # :value => value) + # end + # end + objects + end + + def create + # print("Create\n") + end + + def destroy + # print("Destroy\n") + end + + def exists? + # print("record = [#{record().inspect}]\n") + record() != nil + end + + def type + resource[:type] + end + + def value + # print("Get old value (#{resource[:value]}, #{get(:value)})\n") + t = record() + case t + when NilClass + :absent + when String + t + else + "INVALID VALUE (#{t.class}, #{t})" + end + end + + def value=(v) + # print("Set new value (#{v})\n") + # resource[:value] = v + end + + def key + resource[:key] + end + + # def key=(v) + # resource[:key] = v + # end + + def zone + resource[:zone] + end + + def full_key + if resource[:key] == '@' + resource[:zone] + elsif resource[:key][-1] == '.' + resource[:key] + else + "#{resource[:key]}.#{resource[:zone]}" + end + end + + # def zone=(v) + # # set(:zone, v) + # resource[:zone] = v + # end + + def record + # dns = Resolv::DNS.new(nameserver: ['localhost']) + # type = { + # A: Resolv::DNS::Resource::IN::A, + # AAAA: Resolv::DNS::Resource::IN::AAAA, + # CNAME: Resolv::DNS::Resource::IN::CNAME, + # HINFO: Resolv::DNS::Resource::IN::HINFO, + # MINFO: Resolv::DNS::Resource::IN::MINFO, + # MX: Resolv::DNS::Resource::IN::MX, + # NS: Resolv::DNS::Resource::IN::NS, + # PTR: Resolv::DNS::Resource::IN::PTR, + # SOA: Resolv::DNS::Resource::IN::SOA, + # TXT: Resolv::DNS::Resource::IN::TXT, + # WKS: Resolv::DNS::Resource::IN::WKS, + # }[resource[:type]] + + # if type == nil + # nil + # else + # rs = dns.getresources(full_key, type) + # if rs.length == 0 + # nil + # else + # rs[0] + # end + # end + lines = `named-checkzone -j -q -D #{zone} /var/named/zones/#{zone}db` + .split("\n") + .map {|line| line.gsub(/[[:space:]]+/, ' ').split(' ') } + + matches = lines + .filter {|line| + line[0] == full_key and line[3].to_sym == resource[:type] + } + .map {|line| line[(4..)].join(' ') } + + + if matches.length == 0 + nil + elsif matches.length == 1 + matches[0] + else + matches + end + end + + def cls + 'IN' + end +end diff --git a/lib/puppet/provider/dns_zone2/named.rb b/lib/puppet/provider/dns_zone2/named.rb new file mode 100644 index 0000000..e249be6 --- /dev/null +++ b/lib/puppet/provider/dns_zone2/named.rb @@ -0,0 +1,96 @@ +Puppet::Type.type(:dns_zone2).provide(:named) do + def self.instances + `named-checkconf -l`.split("\n").map do |record| + name, cls, view, type = record.split(' '); + new(:name => name, :cls => cls, :view => view, :type => type) + end + end + + def create(records) + print("Create #{resource[:name]}\n") + write_zone records + end + + def destroy + print("Remove #{resource[:name]}\n") + end + + def refresh(records) + print("Refresh #{resource[:name]}\n") + write_zone records + end + + def exists? + # instances.find { |r| r.name == resource[:name] } + # resource[:ensure] == :present + `named-checkconf -l` + .split("\n") + .grep(/#{resource[:origin]} /) + .length > 0 + end + + def filename + "/var/named/zones/#{resource[:name]}db" + end + + def zone_content(records) + content = <<~EOF + ; File managed by Puppet. + ; Local changes WILL be overwritten + ; File last generated #{Time.now} + + $ORIGIN #{resource[:origin]} + $TTL #{resource[:default_ttl]} + + @ #{resource[:soa_ttl]} IN SOA #{resource[:mname]} #{resource[:rname]} ( + #{serial+1} ; serial + #{resource[:refresh]} ; refresh + #{resource[:retry]} ; retry + #{resource[:expire]} ; expire + #{resource[:negative_ttl]} ; Negative TTL + ) + EOF + + records + .filter {|r| r[:zone] == resource[:name] } + .group_by {|r| r[:type]} + .sort_by {|(type, _)| + # Bit of a hack, but ensures that SOA is always first, + # NS is after + # And the rest have stable order + { + SOA: 0, + NS: 1, + A: 2, + AAAA: 3, + CNAME: 4, + HINFO: 5, + MINFO: 6, + MX: 7, + PTR: 8, + TXT: 9, + WKS: 10, + }[type] + }.each{|(type, values)| + content += <<~EOF + ; #{type} Records + EOF + values.each {|val| + content += <<~EOF + #{val[:key]} #{val[:ttl]} IN #{val[:type]} #{val[:value]} + EOF + } + } + content + end + + def write_zone(content) + File.open(filename, 'w') do |file| + file.write content + end + end + + def serial + `rndc zonestatus #{name} | awk -F' ' '/^serial:/ { print $2 }'`.to_i + end +end diff --git a/lib/puppet/type/dns_record2.rb b/lib/puppet/type/dns_record2.rb new file mode 100644 index 0000000..2074782 --- /dev/null +++ b/lib/puppet/type/dns_record2.rb @@ -0,0 +1,93 @@ +Puppet::Type.newtype(:dns_record2) do + @doc = %q{ + } + + #"named-checkconf -j -D -F raw $zonename $zonefile" + + newproperty(:ensure) do + newvalue(:present) do + provider.create + end + + newvalue(:absent) do + provider.destroy + end + + defaultto :present + + def retrieve + if provider.exists? + :present + else + :absent + end + end + end + + def exists? + provider.exists? + end + + newparam(:name) do + end + + newproperty(:type) do + desc %q{ + Resource Record type, such as A, AAAA, ... + + Only a few types are supported, due to the DNS library only supporting these. + } + newvalues(:A, + :AAAA, + :CNAME, + :HINFO, + :MINFO, + :MX, + :NS, + :PTR, + :SOA, + :TXT, + :WKS, + ) + end + + newproperty(:value) do + desc %q{ + DNS payload. For example an IP address. + } + end + + newproperty(:key) do + desc %q{ + DNS key. + Such as 'www' + } + end + + newproperty(:zone) do + desc %q{ + Zone this record belongs to + } + + munge do |value| + if value[-1] == '.' + value + else + "#{value}." + end + end + end + + newproperty(:cls) do + desc %q{ + } + end + + newproperty(:ttl) do + end + + # autobefore('dns::zone') { value(:zone) } + autonotify('dns_zone2') { [value(:zone)] } + # autobefore('dns_zone2') { [value(:zone)] } + # TODO view +end diff --git a/lib/puppet/type/dns_zone2.rb b/lib/puppet/type/dns_zone2.rb new file mode 100644 index 0000000..6cee6f2 --- /dev/null +++ b/lib/puppet/type/dns_zone2.rb @@ -0,0 +1,133 @@ +Puppet::Type.newtype(:dns_zone2, :self_refresh => true) do + @doc = %q{ + } + + newproperty(:ensure) do + newvalue(:present) do + provider.write_zone (resource.should_content) + end + + # This should ideally remove the zone. This is however managed + # "higher" up in the puppet code. + # dns::init has a purge on the directory, and the named + # configuration file is fully managed by us. + # This means that decomissioning is as simple as removing the zone + # from the puppet environment. + newvalue(:absent) do + # provider.destroy + end + + defaultto :present + + def retrieve + if provider.exists? + :present + else + :absent + end + end + end + + def refresh + provider.write_zone(should_content) + end + + newparam(:origin, :namevar => true) do + munge do |value| + if value[-1] == '.' + value + else + "#{value}." + end + end + end + + newparam(:cls) do + defaultto :IN + end + + newparam(:view) do + defaultto '_default' + end + + newparam(:type) do + newvalues(:master, :slave, + :mirror, :hint, :stub, :static_stub, :forward, :redirect) + aliasvalue :primary, :master + aliasvalue :secondary, :slave + defaultto :master + end + + + newparam(:default_ttl) do + defaultto '300' + end + + newparam(:mname) do + munge do |value| + if value[-1] == '.' + value + else + "#{value}." + end + end + end + + newparam(:rname) do + munge do |value| + if value[-1] == '.' + value + else + "#{value}." + end + end + end + + newparam(:soa_ttl) do + end + + newparam(:refresh) do + end + + newparam(:retry) do + end + + newparam(:expire) do + end + + newparam(:negative_ttl) do + end + + # List of all DNS records (at all) + # + # Should ideally be limited to records in this zone here instead of + # further down. + def records + catalog.resources.filter do |r| + r.is_a?(Puppet::Type.type(:dns_record2)) + end + end + + # Create the file resource for us. + + # This prevents the directory purge on /var/named/zones from deleting us. + def generate + [Puppet::Type.type(:file).new({ + ensure: :present, + path: provider.filename, + })] + end + + def should_content + provider.zone_content(records) + end + + # def eval_generate + # content = should_content + # catalog.resource("File[/var/named/zones/#{self[:name]}db]")[:content] = content + # # provider.refresh (resource.records) + # [catalog.resource("File[/var/named/zones/#{self[:name]}db]")] + # end + + # autorequire(:file) {["/var/named/zones/#{self[:name]}db"]} +end diff --git a/manifests/init.pp b/manifests/init.pp index a7d2b05..ffb102d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -23,38 +23,60 @@ # Name of the system service to manage # @param rndc_confgen # Path to rndc-confgen binary +# @param config_dir +# Directory for extra configuration files. Some systems places the +# default configuration file inside this directory. +# @param manage_dir +# Should the configuration dir be managed by this module. +# @param user +# System user which runs the server. +# Only used to set permissions for files, so MUST be set to what +# the system already expects. class dns ( String $config_file = '/etc/named.conf', - # String $config_dir = '/etc/named.d', + String $config_dir = '/etc/named.d', + Boolean $manage_dir = false, String $rndc_key_file = '/etc/rndc.key', String $directory = '/var/named', String $checkzone = '/usr/bin/named-checkzone', String $checkconf = '/usr/bin/named-checkconf', - Hash[String, Dns::Keyentry] $keys = [], - Hash[String, Dns::Zoneentry] $zones = [], + Hash[String, Dns::Keyentry] $keys = {}, + Hash[String, Dns::Zoneentry] $zones = {}, String $packagename = 'bind9', Boolean $manage_package = true, String $servicename = 'named', String $rndc = '/usr/bin/rndc', String $rndc_confgen = '/usr/bin/rndc-confgen', + String $user = 'bind', ) { $zone_directory = "${directory}/zones" $jnl_directory = "${directory}/journal" - file { $zone_directory: + if $dns::manage_package { + package { $dns::packagename: + ensure => installed, + } + # bind9-dnsutils + } + + file { $dns::directory: + ensure => directory, + owner => $dns::user, + mode => 'u+rwx', + } + + file { $dns::zone_directory: ensure => directory, recurse => true, purge => true, + owner => $dns::user, + mode => 'u+rwx', } - file { $jnl_directory: + file { $dns::jnl_directory: ensure => directory, - } - - if $manage_package { - package { $packagename: - ensure => installed, - } + owner => $dns::user, + mode => 'u+rwx', } service { $servicename: @@ -62,27 +84,27 @@ class dns ( enable => true, } - notify { - 'zones': message => "${zones}" ; - 'keys': message => "${keys}" ; - } + create_resources(dns::key, $keys) + create_resources(dns::zone, $zones) - # create_resources(dns::key, $keys) - # create_resources(dns::zone, $zones) - - # file { $config_dir: - # ensure => directory, - # recurse => true, - # } + if $manage_dir { + file { $config_dir: + ensure => directory, + recurse => true, + purge => true, + } + } exec { 'Setup rndc key': - cmd => [$rndc_confgen, '-a'], + command => [$rndc_confgen, '-a', '-u', $user], creates => $rndc_key_file, + } -> file { $rndc_key_file: + ensure => file, } concat { $config_file: ensure_newline => true, - warn => '; File managed by Puppet. Local changes WILL be overwritter', + warn => '# File managed by Puppet. Local changes WILL be overwritter', validate_cmd => "${checkconf} %", notify => Service[$servicename], } @@ -90,10 +112,12 @@ class dns ( concat::fragment { 'named.conf main configuration': target => $config_file, content => epp("${module_name}/named.conf.epp"), + order => '01', } concat::fragment { 'named.conf rndc configuration': target => $config_file, content => epp("${module_name}/named-rndc.conf.epp"), + order => '05', } } diff --git a/manifests/key.pp b/manifests/key.pp index 2a762ae..01856a3 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -14,6 +14,7 @@ define dns::key ( String $keyname = $name, ) { concat::fragment { "Dns::Key - ${keyname}": + target => $dns::config_file, content => epp("${module_name}/key.epp", { keyname => $keyname, algorithm => $algorithm, diff --git a/manifests/record.pp b/manifests/record.pp index 83476a0..2ecb52f 100644 --- a/manifests/record.pp +++ b/manifests/record.pp @@ -11,23 +11,29 @@ # Allow multiple records with the same name and class. # Most record types only allow one value, but some allow multiple. # Setting this to true allows for multiple. This value is -# automatically true for TXT & NS. +# automatically true for TXT, MX & NS. # @param zone # Name of the zone this record belongs to. # @param value # Record content. # Syntax depends on `type`. +# Some record types have extra processing. +# TXT splits data into chunks of 255 characters (TODO shouldn't +# this be bytes) and the surrounds each chunk with quotation marks. define dns::record ( String $zone, Dns::Rr $type, String $value, - Dns::Class $class = 'IN', - String $dns_name = $name, + Dns::Class $cls = 'IN', + String $key = $name, Optional[Dns::Ttl] $ttl = undef, Boolean $duplicate = false, ) { + $zone_ = dns::ensure_ending_period($zone) + $allow_duplicate = case $type { 'TXT', + 'MX', 'NS': { true } @@ -36,13 +42,21 @@ define dns::record ( } } - $frag_name = if $allow_duplicate { - "Dns::Record - ${zone} - ${class} ${type} ${dns_name} ${value}" - } else { - "Dns::Record - ${zone} - ${class} ${type} ${dns_name}" + $value_ = case $type { + 'TXT': { + $value.slice(255).map |$x| { "\"${x.join()}\"" }.join(' ') + } + default: { + $value + } } - concat::fragment { $frag_name: - target => "${dns::zone_directory}/${zone}.db", + dns_record2 { $name: + type => $type, + value => $value_, + cls => $cls, + zone => $zone, + ttl => $ttl, + key => $key, } } diff --git a/manifests/zone.pp b/manifests/zone.pp index 954ff48..33c2b0d 100644 --- a/manifests/zone.pp +++ b/manifests/zone.pp @@ -30,21 +30,25 @@ # reloaded afterwards. # # Defaults to true if an update_policy is set. +# @param soa_ttl +# TTL of SOA record. define dns::zone ( - String $mname, - String $rname, + Boolean $manage_soa = true, + String $rname = undef, + String $mname = $ns[0], Dns::Ttl $refresh = '24h', Dns::Ttl $retry = '2h', Dns::Ttl $expire = '1000h', Dns::Ttl $negative_ttl = '2d', Dns::Ttl $ttl = '24h', + Optional[Dns::Ttl] $soa_ttl = undef, String $zone = $name, Array[Dns::RecordEntry] $records = [], - Array[String] $ns = [], + Array[String] $ns = [$mname], String $type = 'master', @@ -53,30 +57,9 @@ define dns::zone ( ) { $zone_ = dns::ensure_ending_period($zone) - concat { "${dns::zone_directory}/${zone}.db": - validate_cmd => "${dns::checkzone} '${zone}' %", - ensure_newline => true, - require => if $dynamic { Exec["Dns::zone freeze ${zone}"] } else { undef }, - } - $zone_serial = $facts.get("dns_zone_serial.'${zone_}'", 0) - concat::fragment { "Dns::Record - ${zone} - SOA": - target => "${dns::zone_directory}/${zone}.db", - order => '01', - content => epp("${module_name}/zone.epp", { - zone => $zone_, - mname => dns::ensure_ending_period($mname), - rname => dns::convert_to_rname($rname), - serial => $zone_serial + 1, - refresh => $refresh, - expire => $expire, - negative_ttl => $negative_ttl, - default_ttl => $ttl, - }), - } - - concat::fragment { "Dns::Zone - ${zone}": + concat::fragment { "Dns::Zone - ${zone_}": target => $dns::config_file, content => epp("${module_name}/zoneconf.epp", { zone => $zone_, @@ -85,38 +68,59 @@ define dns::zone ( }), } - $ns.each |$ns| { - dns::record { "Dns::Zore - record - ${zone} NS ${ns}": - type => 'NS', - zone => $zone, - } - } + # $ns.each |$ns| { + # dns::record { "Dns::Zone - record - ${zone} NS ${ns}": + # key => '@', + # type => 'NS', + # zone => $zone_, + # value => $ns, + # } + # } - $fixed_records = $records.each |$record| { - { "Dns::Zone - record - ${zone} - ${record['class']} ${record['type']} ${record['key']} ${record['value']}" - => $record + { dns_name => $record['key'] } } - } + # $fixed_records = $records.map |$record| { + # ["Dns::Zone - record - ${zone_} - ${record['class']} ${record['type']} ${record['key']} ${record['value']}", + # $record + { key => $record['key'] } - ['key']] + # }.convert_to(Hash) + + # create_resources(dns::record, $fixed_records, { + # zone => $zone_, + # }) - create_resources(dns::record, $fixed_records, { - zone => $zone, - }) + $params = { + 'rname' => $rname, + 'mname' => $mname, + 'refresh' => $refresh, + 'expire' => $expire, + 'negative_ttl' => $negative_ttl, + 'soa_ttl' => $soa_ttl, + 'retry' => $retry, + } if $dynamic { - exec { "Dns::zone freeze ${zone}": - command => [$dns::rndc, 'freeze', $zone], + dns_zone2 { $zone: + require => Exec["Dns::zone freeze ${zone_}"], + * => $params, + } + + exec { "Dns::zone freeze ${zone_}": + command => [$dns::rndc, 'freeze', $zone_], refreshonly => true, } - exec { "Dns::zone thaw ${zone}": - command => [$dns::rndc, 'thaw', $zone], + exec { "Dns::zone thaw ${zone_}": + command => [$dns::rndc, 'thaw', $zone_], refreshonly => true, - subscribe => Concat["${dns::zone_directory}/${zone}.db"], + subscribe => Dns_zone2[$zone_], } } else { - exec { "Dns::zone reload ${zone}": - command => [$dns::rndc, 'reload', $zone], + dns_zone2 { $zone: + * => $params, + } + + exec { "Dns::zone reload ${zone_}": + command => [$dns::rndc, 'reload', $zone_], refreshonly => true, - subscribe => Concat["${dns::zone_directory}/${zone}.db"], + subscribe => Dns_zone2[$zone_], } } } diff --git a/templates/named-rndc.conf.epp b/templates/named-rndc.conf.epp index 5c56cce..fd069a5 100644 --- a/templates/named-rndc.conf.epp +++ b/templates/named-rndc.conf.epp @@ -2,4 +2,4 @@ include "<%= $dns::rndc_key_file %>"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; -} +}; diff --git a/templates/named.conf.epp b/templates/named.conf.epp index c8f7fda..9fe10b1 100644 --- a/templates/named.conf.epp +++ b/templates/named.conf.epp @@ -1,12 +1,10 @@ options { - directory "<%= $dns::zone_directory %>"; - forwarers { 8.8.8.8; 8.8.4.4; }; + directory "<%= $dns::directory %>"; + forwarders { 8.8.8.8; 8.8.4.4; }; recursion yes; allow-query { any; }; dnssec-validation yes; - empty-zone-enable yes; - listen-on-v6 { any; }; allow-recursion { localnets; localhost; }; diff --git a/templates/zone-serial.epp b/templates/zone-serial.epp new file mode 100644 index 0000000..ba8ded9 --- /dev/null +++ b/templates/zone-serial.epp @@ -0,0 +1,3 @@ +<%- | Integer[0,4294967295] $serial, + | -%> + <%= $serial %> ; Serial diff --git a/templates/zone.epp b/templates/zone.epp deleted file mode 100644 index 7f374d2..0000000 --- a/templates/zone.epp +++ /dev/null @@ -1,24 +0,0 @@ -<%- | String $zone, - String $mname, - String $rname, - Integer[0,4294967295] $serial, - Dns::Ttl $refresh, - Dns::Ttl $retry, - Dns::Ttl $expire, - Dns::Ttl $negative_ttl, - Dns::Ttl $default_ttl, - | -%> - -<%# The actual zonefile %> -; File managed by Puppet. -; Local changes WILL be overwritten! -$ORIGIN <%= $zone %> -$TTL <%= $default_ttl %> - -@ SOA <%= $mname %> <%= $rname %> ( - <%= $serial %> - <%= $refresh %> - <%= $retry %> - <%= $expire %> - <%= $negative_ttl %> - ) diff --git a/templates/zone1.epp b/templates/zone1.epp new file mode 100644 index 0000000..289fc2d --- /dev/null +++ b/templates/zone1.epp @@ -0,0 +1,15 @@ +<%- | String $zone, + String $mname, + String $rname, + Dns::Ttl $default_ttl, + Optional[Dns::Ttl] $soa_ttl, + | -%> +<%# +First half of the Zonefile's header, up until the serial field. +-%> +; File managed by Puppet. +; Local changes WILL be overwritten! +$ORIGIN <%= $zone %> +$TTL <%= $default_ttl %> + +@ <%= $soa_ttl %> IN SOA <%= $mname %> <%= $rname %> ( diff --git a/templates/zone2.epp b/templates/zone2.epp new file mode 100644 index 0000000..0663466 --- /dev/null +++ b/templates/zone2.epp @@ -0,0 +1,14 @@ +<%- | Dns::Ttl $refresh, + Dns::Ttl $retry, + Dns::Ttl $expire, + Dns::Ttl $negative_ttl, + | -%> +<%# +Second half of the Zonefile's header. Everything after the serial +fiel.d +-%> + <%= $refresh %> ; Refresh + <%= $retry %> ; Retry + <%= $expire %> ; Expire + <%= $negative_ttl %> ; Negative TTL + ) diff --git a/templates/zoneconf.epp b/templates/zoneconf.epp index cb702be..af0d6af 100644 --- a/templates/zoneconf.epp +++ b/templates/zoneconf.epp @@ -1,14 +1,14 @@ <%- | String $zone, String $type, - String $update_policy, + Optional[String] $update_policy, | -%> <%# one zone entry for the bind9 configuration file %> zone "<%= $zone %>" { type <%= $type %>; - file "zones/<%= $zone %>.db"; + file "zones/<%= $zone %>db"; <%- if $type == 'master' or $type == 'slave' { %> - journal "journal/<%= $zone %>.jnl"; + journal "journal/<%= $zone %>jnl"; <%- } %> -- cgit v1.2.3