aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Scherer <misc@mageia.org>2010-10-26 23:54:17 +0000
committerMichael Scherer <misc@mageia.org>2010-10-26 23:54:17 +0000
commit534bd4a17766186f23f577668da7639f3dad4ffd (patch)
tree4a6220f044d01e6145bfef19e3cc61b6bac3a2cf
parent7c39256faf11eb5a8a57915a0409b0c759ca70d2 (diff)
downloadpuppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar
puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar.gz
puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar.bz2
puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar.xz
puppet-534bd4a17766186f23f577668da7639f3dad4ffd.zip
- add bind module
-rw-r--r--modules/bind/manifests/init.pp45
-rw-r--r--modules/bind/templates/named_base.conf134
-rw-r--r--modules/bind/templates/named_master.conf14
-rw-r--r--modules/bind/templates/named_slave.conf14
-rw-r--r--modules/bind/templates/zones/mageia.fr.zone27
-rw-r--r--modules/bind/templates/zones/mageia.org.zone62
6 files changed, 296 insertions, 0 deletions
diff --git a/modules/bind/manifests/init.pp b/modules/bind/manifests/init.pp
new file mode 100644
index 00000000..38716b9d
--- /dev/null
+++ b/modules/bind/manifests/init.pp
@@ -0,0 +1,45 @@
+package { bind:
+ ensure => installed
+}
+
+service { named:
+ ensure => running,
+ path => "/etc/init.d/named",
+ subscribe => [ Package["bind"]]
+}
+
+file { '/etc/named.conf':
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 644,
+ require => Package["bind"],
+ content => "",
+ notify => [Service['named']]
+}
+
+define zone_master {
+ file { "/var/lib/named/var/named/master/$name.zone":
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 644,
+ content => template("bind/zones/$name.zone"),
+ require => Package[bind],
+ notify => Service[named]
+ }
+}
+
+class bind_master inherits bind_base {
+ file { '/etc/named.conf':
+ content => template("bind/named_base.conf", "bind/named_master.conf"),
+ }
+}
+
+class bind_slave inherits bind_base {
+ file { '/etc/named.conf':
+ content => template("bind/named_base.conf", "bind/named_slave.conf"),
+ }
+}
+
+
diff --git a/modules/bind/templates/named_base.conf b/modules/bind/templates/named_base.conf
new file mode 100644
index 00000000..b14a9bc9
--- /dev/null
+++ b/modules/bind/templates/named_base.conf
@@ -0,0 +1,134 @@
+include "/etc/rndc.key";
+
+controls {
+ inet 127.0.0.1 port 953
+ allow { 127.0.0.1; } keys { key; };
+};
+
+
+
+logging {
+ channel "default" {
+ syslog local1;
+ severity info;
+ };
+ category "default" { "default"; };
+};
+
+acl "trusted_networks" {
+ 127.0.0.1;
+ 212.85.158.144/28;
+};
+// Enable statistics at http://127.0.0.1:5380/
+statistics-channels {
+ inet 127.0.0.1 port 5380 allow { 127.0.0.1; };
+};
+
+options {
+ version "";
+ directory "/var/named";
+ dump-file "/var/tmp/named_dump.db";
+ pid-file "/var/run/named.pid";
+ statistics-file "/var/tmp/named.stats";
+ zone-statistics yes;
+// datasize 256M;
+ coresize 100M;
+// fetch-glue no;
+// recursion no;
+// recursive-clients 10000;
+ auth-nxdomain yes;
+ query-source address * port *;
+ listen-on port 53 { any; };
+ cleaning-interval 120;
+ transfers-in 20;
+ transfers-per-ns 2;
+ lame-ttl 0;
+ max-ncache-ttl 10800;
+
+// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };
+
+// allow-update { none; };
+// allow-transfer { any; };
+
+// Prevent DoS attacks by generating bogus zone transfer
+// requests. This will result in slower updates to the
+// slave servers (e.g. they will await the poll interval
+// before checking for updates).
+ notify no;
+// notify explicit;
+// also-notify { secondary_name_server };
+
+// Generate more efficient zone transfers. This will place
+// multiple DNS records in a DNS message, instead of one per
+// DNS message.
+ transfer-format many-answers;
+
+// Set the maximum zone transfer time to something more
+// reasonable. In this case, we state that any zone transfer
+// that takes longer than 60 minutes is unlikely to ever
+// complete. WARNING: If you have very large zone files,
+// adjust this to fit your requirements.
+ max-transfer-time-in 60;
+
+// We have no dynamic interfaces, so BIND shouldn't need to
+// poll for interface state {UP|DOWN}.
+ interface-interval 0;
+
+// Uncoment these to enable IPv6 connections support
+// IPv4 will still work
+// listen-on { none; };
+// listen-on-v6 { any; };
+
+ auth-nxdomain yes;
+// allow-query { trusted_networks; };
+
+ allow-transfer {"none";};
+
+ allow-recursion { trusted_networks; };
+
+// Deny anything from the bogon networks as
+// detailed in the "bogon" ACL.
+// blackhole { bogon; };
+};
+
+zone "." IN {
+ type hint;
+ file "named.ca";
+};
+
+zone "localdomain" IN {
+ type master;
+ file "master/localdomain.zone";
+ allow-update { none; };
+};
+
+zone "localhost" IN {
+ type master;
+ file "master/localhost.zone";
+ allow-update { none; };
+};
+
+zone "0.0.127.in-addr.arpa" IN {
+ type master;
+ file "reverse/named.local";
+ allow-update { none; };
+};
+
+zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
+ type master;
+ file "reverse/named.ip6.local";
+ allow-update { none; };
+};
+
+zone "255.in-addr.arpa" IN {
+ type master;
+ file "reverse/named.broadcast";
+ allow-update { none; };
+};
+
+zone "0.in-addr.arpa" IN {
+ type master;
+ file "reverse/named.zero";
+ allow-update { none; };
+};
+
diff --git a/modules/bind/templates/named_master.conf b/modules/bind/templates/named_master.conf
new file mode 100644
index 00000000..27808060
--- /dev/null
+++ b/modules/bind/templates/named_master.conf
@@ -0,0 +1,14 @@
+inclzone "mageia.org" IN {
+ type master;
+ file "master/mageia.org";
+ allow-update { none; };
+};
+
+zone "mageia.fr" IN {
+ type master;
+ file "master/mageia.fr";
+ allow-update { none; };
+};
+
+
+
diff --git a/modules/bind/templates/named_slave.conf b/modules/bind/templates/named_slave.conf
new file mode 100644
index 00000000..2a3a2fad
--- /dev/null
+++ b/modules/bind/templates/named_slave.conf
@@ -0,0 +1,14 @@
+zone "mageia.org" IN {
+ type slave;
+ file "slave/mageia.org";
+ allow-update { 212.85.158.146; };
+};
+
+zone "mageia.fr" IN {
+ type master;
+ file "master/mageia.fr";
+ allow-update { 212.85.158.146; };
+};
+
+
+
diff --git a/modules/bind/templates/zones/mageia.fr.zone b/modules/bind/templates/zones/mageia.fr.zone
new file mode 100644
index 00000000..fc6d6f59
--- /dev/null
+++ b/modules/bind/templates/zones/mageia.fr.zone
@@ -0,0 +1,27 @@
+; cfengine-distributed file
+; local modifications will be lost
+; $Id$
+$TTL 3D
+@ IN SOA ns0.zarb.org. mageia.fr. (
+ 2008111801 ; Serial
+ 21600 ; Refresh
+ 3600 ; Retry
+ 2419200 ; Expire
+ 86400 ; Minmun TTL
+ )
+
+; nameservers
+@ IN NS ns0.zarb.org.
+@ IN NS ns1.zarb.org.
+
+@ IN MX 10 mx0.zarb.org.
+@ IN MX 20 mx1.zarb.org.
+
+; MX
+;@ IN MX 10 mx0.zarb.org.
+
+; machines
+mageia.fr. IN A 212.85.158.22
+
+; aliases
+www IN CNAME mageia.fr.
diff --git a/modules/bind/templates/zones/mageia.org.zone b/modules/bind/templates/zones/mageia.org.zone
new file mode 100644
index 00000000..10ce0b22
--- /dev/null
+++ b/modules/bind/templates/zones/mageia.org.zone
@@ -0,0 +1,62 @@
+; cfengine-distributed file
+; local modifications will be lost
+; $Id$
+$TTL 3D
+@ IN SOA ns0.zarb.org. mageia.org. (
+ 2010100507 ; Serial
+ 21600 ; Refresh
+ 3600 ; Retry
+ 2419200 ; Expire
+ 86400 ; Minmun TTL
+ )
+
+; nameservers
+@ IN NS ns0.zarb.org.
+@ IN NS ns1.zarb.org.
+
+@ IN MX 10 mx0.zarb.org.
+@ IN MX 20 mx1.zarb.org.
+
+; MX
+;@ IN MX 10 mx0.zarb.org.
+
+; machines
+mageia.org. IN A 212.85.158.22
+www-zarb IN A 212.85.158.22
+; gandi vm 1
+vm-gandi IN A 95.142.164.207
+kouign-amann IN A 95.142.164.207
+krampouezh IN A 95.142.164.207
+
+www-aufml IN A 91.121.11.63
+forum IN A 88.191.127.89
+
+; lost oasis
+alamut IN A 212.85.158.146
+alamut IN AAAA 2a02:2178:2:7::2
+valstar IN A 212.85.158.147
+valstar IN AAAA 2a02:2178:2:7::3
+ecosse IN A 212.85.158.148
+ecosse IN AAAA 2a02:2178:2:7::4
+jonund IN A 212.85.158.149
+jonund IN AAAA 2a02:2178:2:7::5
+fiona IN A 212.85.158.150
+fiona IN AAAA 2a02:2178:2:7::6
+
+
+; aliases
+www IN CNAME www-zarb
+blog IN CNAME www-zarb
+rsync IN CNAME www-zarb
+
+svn IN CNAME krampouezh
+meetbot IN CNAME krampouezh
+
+donate IN CNAME www-aufml
+donation IN CNAME www-aufml
+
+puppetmaster IN CNAME valstar
+
+; temporary
+;forum IN A 140.211.167.148
+;wiki IN A 88.191.83.84