diff --git a/manifests/server/conf.pp b/manifests/server/conf.pp index 14fcbc1fc..96fd3dc92 100644 --- a/manifests/server/conf.pp +++ b/manifests/server/conf.pp @@ -5,6 +5,9 @@ # Parameters: # $acls: # Hash of client ACLs, name as key and array of config lines. Default: empty +# $controls: +# Array of control channels to be used for remote administration +# (rndc). Default: empty # $masters: # Hash of master ACLs, name as key and array of config lines. Default: empty # $listen_on_port: @@ -37,15 +40,28 @@ # Array of IP addrs or ACLs to allow queries from. Default: [ 'localhost' ] # $recursion: # Allow recursive queries. Default: 'yes' +# $notify: +# Whether to send NOTIFYs when zones change. Default: undef +# $request_ixfr: +# Whether the server will request an incremental zone transfer or a +# full one. Default: undef +# $auth_nxdomain: +# Whether to respond authoritatively (AA flag) in NXDOMAIN answers. +# Default: undef # $allow_recursion: # Array of IP addrs or ACLs to allow recursion from. Default: empty # $allow_transfer: # Array of IP addrs or ACLs to allow transfer to. Default: empty +# $allow_notify: +# Array of IP addresses allowed to NOTIFY this server besides the ones +# defined in 'masters'. Default: empty # $check_names: # Array of check-names strings. Example: [ 'master ignore' ]. Default: empty # $extra_options: # Hash for any additional options that must go in the 'options' declaration. # Default: empty +# $allow_new_zones: +# Enable creation of new zones. Default: undef # $dnssec_enable: # Enable DNSSEC support. Default: 'yes' # $dnssec_validation: @@ -90,6 +106,7 @@ # define bind::server::conf ( $acls = {}, + $controls = {}, $masters = {}, $listen_on_port = '53', $listen_on_addr = [ '127.0.0.1' ], @@ -105,8 +122,13 @@ $statistics_file = '/var/named/data/named_stats.txt', $memstatistics_file = '/var/named/data/named_mem_stats.txt', $allow_query = [ 'localhost' ], + $allow_notify = [], $allow_query_cache = [], + $allow_new_zones = undef, + $auth_nxdomain = undef, + $request_ixfr = undef, $recursion = 'yes', + $notify = undef, $allow_recursion = [], $allow_transfer = [], $check_names = [], diff --git a/templates/named.conf.erb b/templates/named.conf.erb index 8d0c47155..bad99fa3d 100644 --- a/templates/named.conf.erb +++ b/templates/named.conf.erb @@ -3,6 +3,13 @@ // WARNING: Puppet managed, do not edit! // +<% if !@controls.empty? -%> +<% @controls.each do |channel| -%> + <%= channel %>; +<% end -%> +<% end -%> + + <% if !@acls.empty? -%> <% @acls.sort_by {|key, value| key}.each do |key,value| -%> acl <%= key %> { @@ -68,6 +75,9 @@ options { <% if !@allow_query.empty? -%> allow-query { <%= @allow_query.join("; ") %>; }; <% end -%> +<% if !@allow_notify.empty? -%> + allow-notify { <%= @allow_notify.join("; ") %>; }; +<% end -%> <% if !@allow_query_cache.empty? -%> allow-query-cache { <%= @allow_query_cache.join("; ") %>; }; <% end -%> @@ -75,6 +85,15 @@ options { <% if !@allow_recursion.empty? -%> allow-recursion { <%= @allow_recursion.join("; ") %>; }; <% end -%> +<% if @notify -%> + notify <%= @notify %>; +<% end -%> +<% if @auth_nxdomain -%> + auth-nxdomain <%= @auth_nxdomain %>; +<% end -%> +<% if @request_ixfr -%> + request-ixfr <%= @request_ixfr %>; +<% end -%> <% if !@allow_transfer.empty? -%> allow-transfer { <%= @allow_transfer.join("; ") %>; }; <% end -%> @@ -88,14 +107,24 @@ options { <% @extra_options.sort_by {|key, value| key}.each do |key,value| -%> <%= key %> <%= value %>; <% end -%> +<% end -%> +<% if @allow_new_zones -%> + allow-new-zones <%= @allow_new_zones %>; <% end -%> +<% if @dnssec_enable -%> dnssec-enable <%= @dnssec_enable %>; +<% end -%> +<% if @dnssec_validation -%> dnssec-validation <%= @dnssec_validation %>; +<% end -%> +<% if @dnssec_lookaside -%> dnssec-lookaside <%= @dnssec_lookaside %>; - +<% end -%> +<% if @bindkeys_file -%> /* Path to ISC DLV key */ - bindkeys-file "/etc/named.iscdlv.key"; + bindkeys-file <%= @bindkeys_file %>; +<% end -%> }; logging {