puppet-bind
Disclaimer
This module has been created when Puppet classes did not support parameters. It shows. Tests and Debian/Ubuntu support are external contributions and are not as actively maintained as they should be.
The primary focus of this module has always been Enterprise Linux (RHEL, CentOS and other clones), and it works fine on releases as far back as RHEL5, although the latest RHEL release is always recommended.
Overview
Install and enable a BIND DNS server, manage its main configuration and install and manage its DNS zone files.
bind
: Main class to install and enable the server.bind::server::conf
: Main definition to configure the server.bind::server::file
: Definition to manage zone files.bind::package
: Class to install the server package (included frombind
)bind::service
: Class to manage the server service (included frombind
)
The split between bind
and bind::server::conf
allows to use a static file
or a different template-based file for the main named.conf
file if needed,
while still using this module for the main package, service and managing zone
files. This is useful if you have a large and/or complex named.conf file.
Note that you may also use the bind::package
and bind::service
classes on
their own, though you won't need to if you use the main class, which includes
them both.
Examples
Here is a typical LAN recursive caching DNS server configuration :
include bind
bind::server::conf { '/etc/named.conf':
listen_on_addr => [ 'any' ],
listen_on_v6_addr => [ 'any' ],
forwarders => [ '8.8.8.8', '8.8.4.4' ],
allow_query => [ 'localnets' ],
zones => {
'myzone.lan' => [
'type master',
'file "myzone.lan"',
],
'1.168.192.in-addr.arpa' => [
'type master',
'file "1.168.192.in-addr.arpa"',
],
},
}
The zone files for the above could then be managed like this :
bind::server::file { 'myzone.lan':
source => 'puppet:///modules/mymodule/dns/myzone.lan',
}
bind::server::file { '1.168.192.in-addr.arpa':
source => 'puppet:///modules/mymodule/dns/1.168.192.in-addr.arpa',
}
Then if all source files are in the same location and named after the zone :
bind::server::file { [ 'myzone.lan', '1.168.192.in-addr.arpa' ]:
source_base => 'puppet:///modules/mymodule/dns/',
}
For RHEL5, you might want to use the newest possible bind packages
(otherwise if you're using bind-chroot
, you'll need to check
whether the zone files need to be placed inside the chroot, e.g.
/var/named/chroot/var/named
. Doing this unconditionally will break
the newest versions of BIND if zone files are deployed before named
is started for the first time, so be careful):
class { '::bind': packagenameprefix => 'bind97' }
Since SELinux offers a very high level of protection, chrooting is quite redundant, so it's disabled by default. You can nevertheless enable it if you want :
class { '::bind': chroot => true }
bind::server::conf { '/etc/named.conf':
# [... same as before ...]
}
bind::server::file { 'myzone.lan':
zonedir => '/var/named',
source => 'puppet:///files/dns/myzone.lan',
}
To avoid repeating the zonedir
parameter each time, you can also use :
Bind::Server::File { zonedir => '/nfs/zones' }
The module also supports views, where the main zones
will be included in all
views, and view-specific zones
may be declared :
bind::server::conf {
zones => {
'example.com' => [
'type master',
'file "example.com"',
],
},
views => {
'trusted' => {
'match-clients' => [ '192.168.23.0/24' ],
'zones' => {
'myzone.lan' => [
'type master',
'file "myzone.lan"',
],
},
},
'default' => {
'match-clients' => [ 'any' ],
},
},
}