diff options
author | Michael Scherer <misc@mageia.org> | 2010-10-26 23:54:17 +0000 |
---|---|---|
committer | Michael Scherer <misc@mageia.org> | 2010-10-26 23:54:17 +0000 |
commit | 534bd4a17766186f23f577668da7639f3dad4ffd (patch) | |
tree | 4a6220f044d01e6145bfef19e3cc61b6bac3a2cf | |
parent | 7c39256faf11eb5a8a57915a0409b0c759ca70d2 (diff) | |
download | puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar.gz puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar.bz2 puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar.xz puppet-534bd4a17766186f23f577668da7639f3dad4ffd.zip |
- add bind module
-rw-r--r-- | modules/bind/manifests/init.pp | 45 | ||||
-rw-r--r-- | modules/bind/templates/named_base.conf | 134 | ||||
-rw-r--r-- | modules/bind/templates/named_master.conf | 14 | ||||
-rw-r--r-- | modules/bind/templates/named_slave.conf | 14 | ||||
-rw-r--r-- | modules/bind/templates/zones/mageia.fr.zone | 27 | ||||
-rw-r--r-- | modules/bind/templates/zones/mageia.org.zone | 62 |
6 files changed, 296 insertions, 0 deletions
diff --git a/modules/bind/manifests/init.pp b/modules/bind/manifests/init.pp new file mode 100644 index 00000000..38716b9d --- /dev/null +++ b/modules/bind/manifests/init.pp @@ -0,0 +1,45 @@ +package { bind: + ensure => installed +} + +service { named: + ensure => running, + path => "/etc/init.d/named", + subscribe => [ Package["bind"]] +} + +file { '/etc/named.conf': + ensure => present, + owner => root, + group => root, + mode => 644, + require => Package["bind"], + content => "", + notify => [Service['named']] +} + +define zone_master { + file { "/var/lib/named/var/named/master/$name.zone": + ensure => present, + owner => root, + group => root, + mode => 644, + content => template("bind/zones/$name.zone"), + require => Package[bind], + notify => Service[named] + } +} + +class bind_master inherits bind_base { + file { '/etc/named.conf': + content => template("bind/named_base.conf", "bind/named_master.conf"), + } +} + +class bind_slave inherits bind_base { + file { '/etc/named.conf': + content => template("bind/named_base.conf", "bind/named_slave.conf"), + } +} + + diff --git a/modules/bind/templates/named_base.conf b/modules/bind/templates/named_base.conf new file mode 100644 index 00000000..b14a9bc9 --- /dev/null +++ b/modules/bind/templates/named_base.conf @@ -0,0 +1,134 @@ +include "/etc/rndc.key"; + +controls { + inet 127.0.0.1 port 953 + allow { 127.0.0.1; } keys { key; }; +}; + + + +logging { + channel "default" { + syslog local1; + severity info; + }; + category "default" { "default"; }; +}; + +acl "trusted_networks" { + 127.0.0.1; + 212.85.158.144/28; +}; +// Enable statistics at http://127.0.0.1:5380/ +statistics-channels { + inet 127.0.0.1 port 5380 allow { 127.0.0.1; }; +}; + +options { + version ""; + directory "/var/named"; + dump-file "/var/tmp/named_dump.db"; + pid-file "/var/run/named.pid"; + statistics-file "/var/tmp/named.stats"; + zone-statistics yes; +// datasize 256M; + coresize 100M; +// fetch-glue no; +// recursion no; +// recursive-clients 10000; + auth-nxdomain yes; + query-source address * port *; + listen-on port 53 { any; }; + cleaning-interval 120; + transfers-in 20; + transfers-per-ns 2; + lame-ttl 0; + max-ncache-ttl 10800; + +// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; }; + +// allow-update { none; }; +// allow-transfer { any; }; + +// Prevent DoS attacks by generating bogus zone transfer +// requests. This will result in slower updates to the +// slave servers (e.g. they will await the poll interval +// before checking for updates). + notify no; +// notify explicit; +// also-notify { secondary_name_server }; + +// Generate more efficient zone transfers. This will place +// multiple DNS records in a DNS message, instead of one per +// DNS message. + transfer-format many-answers; + +// Set the maximum zone transfer time to something more +// reasonable. In this case, we state that any zone transfer +// that takes longer than 60 minutes is unlikely to ever +// complete. WARNING: If you have very large zone files, +// adjust this to fit your requirements. + max-transfer-time-in 60; + +// We have no dynamic interfaces, so BIND shouldn't need to +// poll for interface state {UP|DOWN}. + interface-interval 0; + +// Uncoment these to enable IPv6 connections support +// IPv4 will still work +// listen-on { none; }; +// listen-on-v6 { any; }; + + auth-nxdomain yes; +// allow-query { trusted_networks; }; + + allow-transfer {"none";}; + + allow-recursion { trusted_networks; }; + +// Deny anything from the bogon networks as +// detailed in the "bogon" ACL. +// blackhole { bogon; }; +}; + +zone "." IN { + type hint; + file "named.ca"; +}; + +zone "localdomain" IN { + type master; + file "master/localdomain.zone"; + allow-update { none; }; +}; + +zone "localhost" IN { + type master; + file "master/localhost.zone"; + allow-update { none; }; +}; + +zone "0.0.127.in-addr.arpa" IN { + type master; + file "reverse/named.local"; + allow-update { none; }; +}; + +zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { + type master; + file "reverse/named.ip6.local"; + allow-update { none; }; +}; + +zone "255.in-addr.arpa" IN { + type master; + file "reverse/named.broadcast"; + allow-update { none; }; +}; + +zone "0.in-addr.arpa" IN { + type master; + file "reverse/named.zero"; + allow-update { none; }; +}; + diff --git a/modules/bind/templates/named_master.conf b/modules/bind/templates/named_master.conf new file mode 100644 index 00000000..27808060 --- /dev/null +++ b/modules/bind/templates/named_master.conf @@ -0,0 +1,14 @@ +inclzone "mageia.org" IN { + type master; + file "master/mageia.org"; + allow-update { none; }; +}; + +zone "mageia.fr" IN { + type master; + file "master/mageia.fr"; + allow-update { none; }; +}; + + + diff --git a/modules/bind/templates/named_slave.conf b/modules/bind/templates/named_slave.conf new file mode 100644 index 00000000..2a3a2fad --- /dev/null +++ b/modules/bind/templates/named_slave.conf @@ -0,0 +1,14 @@ +zone "mageia.org" IN { + type slave; + file "slave/mageia.org"; + allow-update { 212.85.158.146; }; +}; + +zone "mageia.fr" IN { + type master; + file "master/mageia.fr"; + allow-update { 212.85.158.146; }; +}; + + + diff --git a/modules/bind/templates/zones/mageia.fr.zone b/modules/bind/templates/zones/mageia.fr.zone new file mode 100644 index 00000000..fc6d6f59 --- /dev/null +++ b/modules/bind/templates/zones/mageia.fr.zone @@ -0,0 +1,27 @@ +; cfengine-distributed file +; local modifications will be lost +; $Id$ +$TTL 3D +@ IN SOA ns0.zarb.org. mageia.fr. ( + 2008111801 ; Serial + 21600 ; Refresh + 3600 ; Retry + 2419200 ; Expire + 86400 ; Minmun TTL + ) + +; nameservers +@ IN NS ns0.zarb.org. +@ IN NS ns1.zarb.org. + +@ IN MX 10 mx0.zarb.org. +@ IN MX 20 mx1.zarb.org. + +; MX +;@ IN MX 10 mx0.zarb.org. + +; machines +mageia.fr. IN A 212.85.158.22 + +; aliases +www IN CNAME mageia.fr. diff --git a/modules/bind/templates/zones/mageia.org.zone b/modules/bind/templates/zones/mageia.org.zone new file mode 100644 index 00000000..10ce0b22 --- /dev/null +++ b/modules/bind/templates/zones/mageia.org.zone @@ -0,0 +1,62 @@ +; cfengine-distributed file +; local modifications will be lost +; $Id$ +$TTL 3D +@ IN SOA ns0.zarb.org. mageia.org. ( + 2010100507 ; Serial + 21600 ; Refresh + 3600 ; Retry + 2419200 ; Expire + 86400 ; Minmun TTL + ) + +; nameservers +@ IN NS ns0.zarb.org. +@ IN NS ns1.zarb.org. + +@ IN MX 10 mx0.zarb.org. +@ IN MX 20 mx1.zarb.org. + +; MX +;@ IN MX 10 mx0.zarb.org. + +; machines +mageia.org. IN A 212.85.158.22 +www-zarb IN A 212.85.158.22 +; gandi vm 1 +vm-gandi IN A 95.142.164.207 +kouign-amann IN A 95.142.164.207 +krampouezh IN A 95.142.164.207 + +www-aufml IN A 91.121.11.63 +forum IN A 88.191.127.89 + +; lost oasis +alamut IN A 212.85.158.146 +alamut IN AAAA 2a02:2178:2:7::2 +valstar IN A 212.85.158.147 +valstar IN AAAA 2a02:2178:2:7::3 +ecosse IN A 212.85.158.148 +ecosse IN AAAA 2a02:2178:2:7::4 +jonund IN A 212.85.158.149 +jonund IN AAAA 2a02:2178:2:7::5 +fiona IN A 212.85.158.150 +fiona IN AAAA 2a02:2178:2:7::6 + + +; aliases +www IN CNAME www-zarb +blog IN CNAME www-zarb +rsync IN CNAME www-zarb + +svn IN CNAME krampouezh +meetbot IN CNAME krampouezh + +donate IN CNAME www-aufml +donation IN CNAME www-aufml + +puppetmaster IN CNAME valstar + +; temporary +;forum IN A 140.211.167.148 +;wiki IN A 88.191.83.84 |