Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >=2.7.20 <8.0.0
- , , ,
Start using this module
Add this module to your Puppetfile:
mod 'thias-bind', '0.5.5'
Learn more about managing modules with a PuppetfileDocumentation
puppet-bind
Disclaimer
This module has been created when Puppet classes did not support parameters. It shows. Tests and Debian/Ubuntu support are external contributions and are not as actively maintained as they should be.
The primary focus of this module has always been Enterprise Linux (RHEL, CentOS and other clones), and it works fine on releases as far back as RHEL5, although the latest RHEL release is always recommended.
Overview
Install and enable a BIND DNS server, manage its main configuration and install and manage its DNS zone files.
bind
: Main class to install and enable the server.bind::server::conf
: Main definition to configure the server.bind::server::file
: Definition to manage zone files.bind::package
: Class to install the server package (included frombind
)bind::service
: Class to manage the server service (included frombind
)
The split between bind
and bind::server::conf
allows to use a static file
or a different template-based file for the main named.conf
file if needed,
while still using this module for the main package, service and managing zone
files. This is useful if you have a large and/or complex named.conf file.
Note that you may also use the bind::package
and bind::service
classes on
their own, though you won't need to if you use the main class, which includes
them both.
Examples
Here is a typical LAN recursive caching DNS server configuration :
include bind
bind::server::conf { '/etc/named.conf':
listen_on_addr => [ 'any' ],
listen_on_v6_addr => [ 'any' ],
forwarders => [ '8.8.8.8', '8.8.4.4' ],
allow_query => [ 'localnets' ],
zones => {
'myzone.lan' => [
'type master',
'file "myzone.lan"',
],
'1.168.192.in-addr.arpa' => [
'type master',
'file "1.168.192.in-addr.arpa"',
],
},
}
The zone files for the above could then be managed like this :
bind::server::file { 'myzone.lan':
source => 'puppet:///modules/mymodule/dns/myzone.lan',
}
bind::server::file { '1.168.192.in-addr.arpa':
source => 'puppet:///modules/mymodule/dns/1.168.192.in-addr.arpa',
}
Then if all source files are in the same location and named after the zone :
bind::server::file { [ 'myzone.lan', '1.168.192.in-addr.arpa' ]:
source_base => 'puppet:///modules/mymodule/dns/',
}
For RHEL5, you might want to use the newest possible bind packages
(otherwise if you're using bind-chroot
, you'll need to check
whether the zone files need to be placed inside the chroot, e.g.
/var/named/chroot/var/named
. Doing this unconditionally will break
the newest versions of BIND if zone files are deployed before named
is started for the first time, so be careful):
class { '::bind': packagenameprefix => 'bind97' }
Since SELinux offers a very high level of protection, chrooting is quite redundant, so it's disabled by default. You can nevertheless enable it if you want :
class { '::bind': chroot => true }
bind::server::conf { '/etc/named.conf':
# [... same as before ...]
}
bind::server::file { 'myzone.lan':
zonedir => '/var/named',
source => 'puppet:///files/dns/myzone.lan',
}
To avoid repeating the zonedir
parameter each time, you can also use :
Bind::Server::File { zonedir => '/nfs/zones' }
The module also supports views, where the main zones
will be included in all
views, and view-specific zones
may be declared :
bind::server::conf {
zones => {
'example.com' => [
'type master',
'file "example.com"',
],
},
views => {
'trusted' => {
'match-clients' => [ '192.168.23.0/24' ],
'zones' => {
'myzone.lan' => [
'type master',
'file "myzone.lan"',
],
},
},
'default' => {
'match-clients' => [ 'any' ],
},
},
}
2021-06-30 - 0.5.5
- Improve zone validation (#110, @osgpcq).
- Support $replace on bind::server::file, useful for ddns base zones.
- Fix bindkeys-file on RHEL8.
2019-01-21 - 0.5.4
- Add zone file validation (#91, @forgodssake).
- Fix hint and rfc1912 zones on Debian (#61, #83).
- Add support for configuring forward mode (#73, @warrenpnz).
- Fix server::conf and package ordering (#71, @skrivy).
- Make sure zonedir gets created after bind::package (#55, @jamesbouressa).
2017-02-02 - 0.5.3
- Fix undefined variable warning.
2016-02-02 - 0.5.2
- Fix service name on RHEL7+ with chroot (#56, @arrjay).
- Fix named.conf template bug related to views (#59, @imerali).
- Add TSIG keys support (#54, @b4ldr).
- Replace Modulefile with metadata.json.
2014-05-12 - 0.5.1
- Add FreeBSD support (#26, @fessoga5).
2014-03-14 - 0.5.0
- Manage zonedir from server::file, for parent directory (#23, Dougal Scott).
- Add support for extra_options (#22, Joseph Swick).
- Add support for $hostname, $server_id (#21, @b4ldr).
- Disable root hint and rfc1912 zones when not recursive (#21, @b4ldr).
2013-11-26 - 0.4.2
- Add support for managed-keys-directory (#19, Sean Edge).
- Add support for full service restart instead of reload (#19, Sean Edge).
2013-10-15 - 0.4.1
- Add support for views (thanks to Sean Edge).
2013-07-17 - 0.4.0
- Merge changes by Sebastian Cole.
- Move parameters into a new bind::params class.
- Make the service and package classes possible to use separately.
- Cosmetic cleanups.
- Update README examples.
2013-04-19 - 0.3.2
- Use @varname syntax in templates to silence puppet 3.2 warnings.
2013-04-10 - 0.3.1
- Add support for $allow_transfer.
- Add support for $ensure on server::file, enabling clean zone file removal.
2013-03-08 - 0.3.0
- Change to 2 space indent.
- Major update to the README and use markdown.
- Minor cosmetic cleanups.
- Change default for $chroot to false, SELinux is sufficient on RHEL5+.
2012-12-18 - 0.2.5
- Change the SELinux type of the log directory back to the original.
2012-09-19 - 0.2.4
- Update README to make the main example more useful.
- Support $source_base for easy inclusion of multiple zone files as-is.
2012-07-17 - 0.2.3
- Add support for "include" lines in named.conf.
2012-06-22 - 0.2.2
- Add support for a few new configuration values in the main template.
- Require package for files, for the usual parent directory to exist.
- Minot updates to the README.
2012-04-23 - 0.2.1
- Clean up the module to match current puppetlabs guidelines.
- Force hash sorting in the template for puppet 2.7+ compatibility.
Copyright (C) 2011-2016 Matthias Saou Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.