Skip to content

copyleft/puppet-bind

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

puppet-bind

Overview

Install and enable a BIND DNS server, manage its main configuration and install and manage its DNS zone files.

  • bind : Main class to install and enable the server.
  • bind::server::conf : Main definition to configure the server.
  • bind::server::file : Definition to manage zone files.
  • bind::package : Class to install the server package (included from bind)
  • bind::service : Class to manage the server service (included from bind)

The split between bind and bind::server::conf allows to use a static file or a different template-based file for the main named.conf file if needed, while still using this module for the main package, service and managing zone files. This is useful if you have a large and/or complex named.conf file. Note that you may also use the bind::package and bind::service classes on their own, though you won't need to if you use the main class, which includes them both.

Examples

Here is a typical LAN recursive caching DNS server configuration :

include bind
bind::server::conf { '/etc/named.conf':
  listen_on_addr    => [ 'any' ],
  listen_on_v6_addr => [ 'any' ],
  forwarders        => [ '8.8.8.8', '8.8.4.4' ],
  allow_query       => [ 'localnets' ],
  zones             => {
    'myzone.lan' => [
      'type master',
      'file "myzone.lan"',
    ],
    '1.168.192.in-addr.arpa' => [
      'type master',
      'file "1.168.192.in-addr.arpa"',
    ],
  },
}

The zone files for the above could then be managed like this :

bind::server::file { 'myzone.lan':
  source => 'puppet:///modules/mymodule/dns/myzone.lan',
}
bind::server::file { '1.168.192.in-addr.arpa':
  source => 'puppet:///modules/mymodule/dns/1.168.192.in-addr.arpa',
}

Then if all source files are in the same location and named after the zone :

bind::server::file { [ 'myzone.lan', '1.168.192.in-addr.arpa' ]:
  source_base => 'puppet:///modules/mymodule/dns/',
}

For RHEL5, you might want to use the newest possible bind packages (otherwise if you're using bind-chroot, you'll need to check whether the zone files need to be placed inside the chroot, e.g. /var/named/chroot/var/named. Doing this unconditionally will break the newest versions of BIND if zone files are deployed before named is started for the first time, so be careful):

class { '::bind': packagenameprefix => 'bind97' }

Since SELinux offers a very high level of protection, chrooting is quite redundant, so it's disabled by default. You can nevertheless enable it if you want :

class { '::bind': chroot => true }
bind::server::conf { '/etc/named.conf':
  # [... same as before ...]
}
bind::server::file { 'myzone.lan':
  zonedir => '/var/named',
  source  => 'puppet:///files/dns/myzone.lan',
}

To avoid repeating the zonedir parameter each time, you can also use :

Bind::Server::File { zonedir => '/nfs/zones' }

The module also supports views, where the main zones will be included in all views, and view-specific zones may be declared :

bind::server::conf {
  zones => {
    'example.com' => [
      'type master',
      'file "example.com"',
    ],
  },
  views => {
    'trusted' => {
      'match-clients' => [ '192.168.23.0/24' ],
      'zones' => {
        'myzone.lan' => [
          'type master',
          'file "myzone.lan"',
        ],
      },
    },
    'default' => {
      'match-clients' => [ 'any' ],
    },
  },
}

You can use the statistics_channels parameter to set up one or more statistics channels.

statistics_channels is a hash of hashes. Each nested hash sets up a statistics channel and contains the listening IP address and port for the channel and the IP addresses/address blocks or ACLs that are allowed to access the channel:

bind::server::conf { '/etc/named.conf':
...
  statistics_channels    => {
    'channel-1' => {
      listen_address => '*',
      listen_port    => '8053',
      allow          => ['127.0.0.1', '10.0.0.0/8'],
    },
    'channel-2' => {
      listen_address => '*',
      listen_port    => '8054',
      allow          => ['127.0.0.1', '10.0.0.0/8'],
    },
  },
...
}

About

Puppet BIND DNS server module

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Puppet 56.8%
  • HTML 24.0%
  • Ruby 19.1%
  • Pascal 0.1%