Name: puppet-bind
Owner: Inuits
Description: Puppet BIND DNS server module
Created: 2015-07-23 20:02:56.0
Updated: 2015-07-23 20:02:56.0
Pushed: 2015-09-22 13:43:56.0
Homepage: null
Size: 152
Language: Puppet
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
Install and enable a BIND DNS server, manage its main configuration and install and manage its DNS zone files.
bind : Main class to install and enable the server.bind::server::conf : Main definition to configure the server.bind::server::file : Definition to manage zone files.bind::package : Class to install the server package (included from bind)bind::service : Class to manage the server service (included from bind)The split between bind and bind::server::conf allows to use a static file
or a different template-based file for the main named.conf file if needed,
while still using this module for the main package, service and managing zone
files. This is useful if you have a large and/or complex named.conf file.
Note that you may also use the bind::package and bind::service classes on
their own, though you won't need to if you use the main class, which includes
them both.
Here is a typical LAN recursive caching DNS server configuration :
ude bind
::server::conf { '/etc/named.conf':
sten_on_addr => [ 'any' ],
sten_on_v6_addr => [ 'any' ],
rwarders => [ '8.8.8.8', '8.8.4.4' ],
low_query => [ 'localnets' ],
nes => {
'myzone.lan' => [
'type master',
'file "myzone.lan"',
],
'1.168.192.in-addr.arpa' => [
'type master',
'file "1.168.192.in-addr.arpa"',
],
The zone files for the above could then be managed like this :
::server::file { 'myzone.lan':
urce => 'puppet:///modules/mymodule/dns/myzone.lan',
::server::file { '1.168.192.in-addr.arpa':
urce => 'puppet:///modules/mymodule/dns/1.168.192.in-addr.arpa',
Then if all source files are in the same location and named after the zone :
::server::file { [ 'myzone.lan', '1.168.192.in-addr.arpa' ]:
urce_base => 'puppet:///modules/mymodule/dns/',
For RHEL5, you might want to use the newest possible bind packages
(otherwise if you're using bind-chroot, you'll need to check
whether the zone files need to be placed inside the chroot, e.g.
/var/named/chroot/var/named. Doing this unconditionally will break
the newest versions of BIND if zone files are deployed before named
is started for the first time, so be careful):
s { '::bind': packagenameprefix => 'bind97' }
Since SELinux offers a very high level of protection, chrooting is quite redundant, so it's disabled by default. You can nevertheless enable it if you want :
s { '::bind': chroot => true }
::server::conf { '/etc/named.conf':
[... same as before ...]
::server::file { 'myzone.lan':
nedir => '/var/named',
urce => 'puppet:///files/dns/myzone.lan',
To avoid repeating the zonedir parameter each time, you can also use :
::Server::File { zonedir => '/nfs/zones' }
The module also supports views, where the main zones will be included in all
views, and view-specific zones may be declared :
::server::conf {
nes => {
'example.com' => [
'type master',
'file "example.com"',
],
ews => {
'trusted' => {
'match-clients' => [ '192.168.23.0/24' ],
'zones' => {
'myzone.lan' => [
'type master',
'file "myzone.lan"',
],
},
},
'default' => {
'match-clients' => [ 'any' ],
},