Skip to content

khaefeli/puppet-bind

This branch is 12 commits ahead of, 23 commits behind thias/puppet-bind:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

05f1b9a · Aug 20, 2018
Apr 23, 2012
Aug 20, 2018
Apr 28, 2013
Aug 20, 2018
Apr 15, 2013
Feb 2, 2017
Apr 27, 2013
Apr 27, 2013
Feb 2, 2016
Oct 17, 2013
Apr 27, 2013
Feb 2, 2017

Repository files navigation

puppet-bind

Overview

Install and enable a BIND DNS server, manage its main configuration and install and manage its DNS zone files.

  • bind : Main class to install and enable the server.
  • bind::server::conf : Main definition to configure the server.
  • bind::server::file : Definition to manage zone files.
  • bind::package : Class to install the server package (included from bind)
  • bind::service : Class to manage the server service (included from bind)

The split between bind and bind::server::conf allows to use a static file or a different template-based file for the main named.conf file if needed, while still using this module for the main package, service and managing zone files. This is useful if you have a large and/or complex named.conf file. Note that you may also use the bind::package and bind::service classes on their own, though you won't need to if you use the main class, which includes them both.

Examples

Here is a typical LAN recursive caching DNS server configuration :

include bind
bind::server::conf { '/etc/named.conf':
  listen_on_addr    => [ 'any' ],
  listen_on_v6_addr => [ 'any' ],
  forwarders        => [ '8.8.8.8', '8.8.4.4' ],
  allow_query       => [ 'localnets' ],
  zones             => {
    'myzone.lan' => [
      'type master',
      'file "myzone.lan"',
    ],
    '1.168.192.in-addr.arpa' => [
      'type master',
      'file "1.168.192.in-addr.arpa"',
    ],
  },
}

The zone files for the above could then be managed like this :

bind::server::file { 'myzone.lan':
  source => 'puppet:///modules/mymodule/dns/myzone.lan',
}
bind::server::file { '1.168.192.in-addr.arpa':
  source => 'puppet:///modules/mymodule/dns/1.168.192.in-addr.arpa',
}

Then if all source files are in the same location and named after the zone :

bind::server::file { [ 'myzone.lan', '1.168.192.in-addr.arpa' ]:
  source_base => 'puppet:///modules/mymodule/dns/',
}

For RHEL5, you might want to use the newest possible bind packages (otherwise if you're using bind-chroot, you'll need to check whether the zone files need to be placed inside the chroot, e.g. /var/named/chroot/var/named. Doing this unconditionally will break the newest versions of BIND if zone files are deployed before named is started for the first time, so be careful):

class { '::bind': packagenameprefix => 'bind97' }

Since SELinux offers a very high level of protection, chrooting is quite redundant, so it's disabled by default. You can nevertheless enable it if you want :

class { '::bind': chroot => true }
bind::server::conf { '/etc/named.conf':
  # [... same as before ...]
}
bind::server::file { 'myzone.lan':
  zonedir => '/var/named',
  source  => 'puppet:///files/dns/myzone.lan',
}

To avoid repeating the zonedir parameter each time, you can also use :

Bind::Server::File { zonedir => '/nfs/zones' }

The module also supports views, where the main zones will be included in all views, and view-specific zones may be declared :

bind::server::conf {
  zones => {
    'example.com' => [
      'type master',
      'file "example.com"',
    ],
  },
  views => {
    'trusted' => {
      'match-clients' => [ '192.168.23.0/24' ],
      'zones' => {
        'myzone.lan' => [
          'type master',
          'file "myzone.lan"',
        ],
      },
    },
    'default' => {
      'match-clients' => [ 'any' ],
    },
  },
}

About

Puppet BIND DNS server module

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Puppet 57.1%
  • HTML 25.5%
  • Ruby 17.3%
  • Pascal 0.1%