Refactor whole formula
diff --git a/README.md b/README.md
index 9debc9f..ca5d65b 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,6 @@
zone:
sub.domain.com:
type: master
- notify: false
records:
- name: @
type: A
@@ -18,8 +17,22 @@
1.168.192.in-addr.arpa:
type: master
notify: false
+ slave.domain.com:
+ type: slave
+ notify: true
+ masters:
+ - dns01.domain.com
+ - dns02.domain.com
+ dnssec:
+ enabled: true
+ # Don't hide version
+ version: true
+ # Allow recursion, better don't on public dns servers
+ recursion:
+ hosts:
+ - localhost
## Read more
* https://github.com/theforeman/puppet-dns
-* https://help.ubuntu.com/community/BIND9ServerHowto
\ No newline at end of file
+* https://help.ubuntu.com/community/BIND9ServerHowto
diff --git a/bind/files/localhost.zone b/bind/files/localhost.zone
deleted file mode 100644
index 1cae98d..0000000
--- a/bind/files/localhost.zone
+++ /dev/null
@@ -1,12 +0,0 @@
-$TTL 86400
-$ORIGIN localhost.
-@ 1D IN SOA @ root (
- 42 ; serial (d. adams)
- 3H ; refresh
- 15M ; retry
- 1W ; expiry
- 1D ) ; minimum
-
- 1D IN NS @
- 1D IN A 127.0.0.1
-
diff --git a/bind/files/logrotate b/bind/files/logrotate
deleted file mode 100644
index 410bde4..0000000
--- a/bind/files/logrotate
+++ /dev/null
@@ -1,11 +0,0 @@
-/var/log/named/query.log {
- rotate 7
- daily
- missingok
- notifempty
- sharedscripts
- copytruncate
- compress
- create 0664 bind root
- su
-}
\ No newline at end of file
diff --git a/bind/files/named.ca b/bind/files/named.ca
deleted file mode 100644
index 902a704..0000000
--- a/bind/files/named.ca
+++ /dev/null
@@ -1,85 +0,0 @@
-; This file holds the information on root name servers needed to
-; initialize cache of Internet domain name servers
-; (e.g. reference this file in the "cache . <file>"
-; configuration file of BIND domain name servers).
-;
-; This file is made available by InterNIC
-; under anonymous FTP as
-; file /domain/named.root
-; on server FTP.INTERNIC.NET
-; -OR- RS.INTERNIC.NET
-;
-; last update: Feb 04, 2008
-; related version of root zone: 2008020400
-;
-; formerly NS.INTERNIC.NET
-;
-. 3600000 IN NS A.ROOT-SERVERS.NET.
-A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
-A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
-;
-; formerly NS1.ISI.EDU
-;
-. 3600000 NS B.ROOT-SERVERS.NET.
-B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
-;
-; formerly C.PSI.NET
-;
-. 3600000 NS C.ROOT-SERVERS.NET.
-C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
-;
-; formerly TERP.UMD.EDU
-;
-. 3600000 NS D.ROOT-SERVERS.NET.
-D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
-;
-; formerly NS.NASA.GOV
-;
-. 3600000 NS E.ROOT-SERVERS.NET.
-E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
-;
-; formerly NS.ISC.ORG
-;
-. 3600000 NS F.ROOT-SERVERS.NET.
-F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
-F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
-;
-; formerly NS.NIC.DDN.MIL
-;
-. 3600000 NS G.ROOT-SERVERS.NET.
-G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
-;
-; formerly AOS.ARL.ARMY.MIL
-;
-. 3600000 NS H.ROOT-SERVERS.NET.
-H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
-H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
-;
-; formerly NIC.NORDU.NET
-;
-. 3600000 NS I.ROOT-SERVERS.NET.
-I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
-;
-; operated by VeriSign, Inc.
-;
-. 3600000 NS J.ROOT-SERVERS.NET.
-J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
-J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
-;
-; operated by RIPE NCC
-;
-. 3600000 NS K.ROOT-SERVERS.NET.
-K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
-K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
-;
-; operated by ICANN
-;
-. 3600000 NS L.ROOT-SERVERS.NET.
-L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
-;
-; operated by WIDE
-;
-. 3600000 NS M.ROOT-SERVERS.NET.
-M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
-M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
-; End of File
diff --git a/bind/files/named.conf.RedHat b/bind/files/named.conf.RedHat
new file mode 100644
index 0000000..86d6f7d
--- /dev/null
+++ b/bind/files/named.conf.RedHat
@@ -0,0 +1,24 @@
+{%- from "bind/map.jinja" import server with context -%}
+
+{%- include "bind/files/named.conf.options" %}
+{%- include "bind/files/named.conf.local" %}
+
+logging {
+ channel default_debug {
+ file "data/named.run";
+ severity dynamic;
+ print-time yes;
+ };
+};
+
+zone "." IN {
+ type hint;
+ file "named.ca";
+};
+
+include "/etc/named.rfc1912.zones";
+include "/etc/named.root.key";
+
+{#-
+ vim: syntax=jinja
+#}
diff --git a/bind/files/named.conf.default-zones b/bind/files/named.conf.default-zones
deleted file mode 100644
index 843e6cc..0000000
--- a/bind/files/named.conf.default-zones
+++ /dev/null
@@ -1,28 +0,0 @@
-// prime the server with knowledge of the root servers
-zone "." {
- type hint;
- file "/etc/bind/db.root";
-};
-
-// be authoritative for the localhost forward and reverse zones, and for
-// broadcast zones as per RFC 1912
-
-zone "localhost" {
- type master;
- file "/etc/bind/db.local";
-};
-
-zone "127.in-addr.arpa" {
- type master;
- file "/etc/bind/db.127";
-};
-
-zone "0.in-addr.arpa" {
- type master;
- file "/etc/bind/db.0";
-};
-
-zone "255.in-addr.arpa" {
- type master;
- file "/etc/bind/db.255";
-};
\ No newline at end of file
diff --git a/bind/files/named.conf.local b/bind/files/named.conf.local
index d03fe76..98013bc 100644
--- a/bind/files/named.conf.local
+++ b/bind/files/named.conf.local
@@ -1,26 +1,24 @@
-//
-// Do any local configuration here
-//
+{%- from "bind/map.jinja" import server with context -%}
-// Consider adding the 1918 zones here, if they are not used in your
-// organization
-//include "/etc/bind/zones.rfc1918";
+{%- for name, zone in server.get('zone', {}) %}
-{% for key,args in salt['pillar.get']('bind:configured_zones', {}).iteritems() -%}
-{%- set file = salt['pillar.get']("available_zones:" + key + ":file") %}
-{%- set masters = salt['pillar.get']("available_zones:" + key + ":masters") %}
-zone "{{ key }}" {
- type {{ args['type'] }};
- file "zones/{{ file }}";
- {% if args['type'] == "master" -%}
- {% if args['notify'] -%}
- notify yes;
- {% else -%}
- notify no;
- {%- endif -%}
- {% else -%}
- notify no;
- masters { {{ masters }} };
- {%- endif %}
-};
-{% endfor %}
+zone "{{ name }}" {
+ type {{ zone.get('type', 'master') }};
+ file {{ server.zones_dir }}/{{ name }}.conf;
+
+ {%- if zone.get('type', 'master') != 'master' %}
+ notify {% 'yes' if zone.get('notify', False) else 'no' %};
+ {%- if zone.masters is defined %}
+ masters {
+ {%- for master in zone.masters %}
+ {{ master }};
+ };
+ {%- endif %}
+ {%- endif %}
+}
+
+{%- endfor %}
+
+{#-
+ vim: syntax=jinja
+#}
diff --git a/bind/files/named.conf.options b/bind/files/named.conf.options
index 24012ca..bb8d4cd 100644
--- a/bind/files/named.conf.options
+++ b/bind/files/named.conf.options
@@ -1,43 +1,48 @@
-{%- from "bind/map.jinja" import server with context %}
+{%- from "bind/map.jinja" import server with context -%}
options {
- directory "/var/cache/bind";
- // If there is a firewall between you and nameservers you want
- // to talk to, you may need to fix the firewall to allow multiple
- // ports to talk. See http://www.kb.cert.org/vuls/id/800113
+ directory "{{ server.named_dir }}";
- // If your ISP provided one or more IP addresses for stable
- // nameservers, you probably want to use them as forwarders.
- // Uncomment the following block, and insert the addresses replacing
- // the all-0's placeholder.
+ {%- if server.forwarders is defined %}
+ forwarders {
+ {%- for forwarder in server.forwarders %}
+ {{ forwarder }};
+ {%- endfor %}
+ };
+ {%- endif %}
- // forwarders {
- // 0.0.0.0;
- // };
+ {%- if server.get('dnssec', {}).get('enabled', True) %}
+ dnssec-enable yes;
+ {%- else %}
+ dnssec-enable no;
+ {%- endif %}
+ {%- if server.get('dnssec', {}).get('validation', True) %}
+ dnssec-validation yes;
+ {%- else %}
+ dnssec-enable no;
+ {%- endif %}
auth-nxdomain no; # conform to RFC1035
- {%- if server.get('ipv6_enabled', 'False') %}
+ {%- if server.get('ipv6_enabled', True) %}
listen-on-v6 { {{ server.get('ipv6_listen', 'any') }}; };
{%- endif %}
+
+ {%- if server.get('version', 'hidden') != True %}
+ version: "{{ server.get('version', 'hidden') }}";
+ {%- endif %}
+
+ {%- if server.get('recursion', False) != False %}
+ allow-recursion {
+ {%- if server.recursion.hosts is defined %}
+ {%- for host in server.recursion.hosts %}
+ {{ host }};
+ {%- endfor %}
+ {%- else %}
+ any;
+ {%- endif %}
+ };
+ {%- endif %}
};
-logging {
- category default { default_syslog; default_debug; };
- category unmatched { null; };
-
- category queries { query.log; };
- channel query.log {
- file "/var/log/named/query.log";
- print-time yes;
- severity debug 3;
- };
-
- category update { update_log; };
- channel update_log {
- file "/var/log/named/update.log" versions 2 size 20m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
-
-};
+{#-
+ vim: syntax=jinja
+#}
diff --git a/bind/files/named.local b/bind/files/named.local
deleted file mode 100644
index 8bfc435..0000000
--- a/bind/files/named.local
+++ /dev/null
@@ -1,10 +0,0 @@
-$TTL 86400
-@ IN SOA localhost. root.localhost. (
- 1997022700 ; Serial
- 28800 ; Refresh
- 14400 ; Retry
- 3600000 ; Expire
- 86400 ) ; Minimum
- IN NS localhost.
-
-1 IN PTR localhost.
diff --git a/bind/map.jinja b/bind/map.jinja
index 2d12668..b4e261c 100644
--- a/bind/map.jinja
+++ b/bind/map.jinja
@@ -4,11 +4,10 @@
'pkgs': ['bind9', 'bind9utils'],
'service': 'bind9',
'config': '/etc/bind/named.conf',
- 'local_config': '/etc/bind/named.conf.local',
- 'options_config': '/etc/bind/named.conf.options',
- 'default_zones_config': '/etc/bind/named.conf.default-zones',
- 'named_dir': '/var/cache/bind/zones',
- 'rndc_key': '/etc/rndc.key',
+ 'config_local': '/etc/bind/named.conf.local',
+ 'config_options': '/etc/bind/named.conf.options',
+ 'named_dir': '/var/cache/bind',
+ 'zones_dir': '/var/cache/bind/zones',
'user': 'bind',
'group': 'bind'
},
@@ -16,10 +15,9 @@
'pkgs': ['bind'],
'service': 'named',
'config': '/etc/named.conf',
- 'local_config': '/etc/named.conf.local',
- 'named_dir': '/var/named/data',
- 'rndc_key': '/etc/rndc.key',
- 'user': 'root',
+ 'named_dir': '/var/named',
+ 'zones_dir': '/var/named/data',
+ 'user': 'named',
'group': 'named'
},
}, merge=salt['pillar.get']('bind:server')) %}
diff --git a/bind/server/service.sls b/bind/server/service.sls
index eebe4fa..69d5f32 100644
--- a/bind/server/service.sls
+++ b/bind/server/service.sls
@@ -8,21 +8,19 @@
named_directory:
file.directory:
- name: {{ server.named_dir }}
- - user: {{ server.user }}
+ - user: root
- group: {{ server.group }}
- mode: 775
- makedirs: True
- require:
- pkg: bind_packages
-{%- if grains.os_family == 'RedHat' %}
-
bind_config:
file.managed:
- name: {{ server.config }}
- - source: 'salt://bind/files/named.conf.RedHat'
+ - source: 'salt://bind/files/named.conf.{{ grains.os_family }}'
- template: jinja
- - user: {{ server.user }}
+ - user: root
- group: {{ server.group }}
- mode: 640
- require:
@@ -30,42 +28,14 @@
- watch_in:
- service: bind_service
-bind_local_config:
- file.managed:
- - name: {{ server.local_config }}
- - source: 'salt://bind/files/named.conf.local'
- - template: jinja
- - user: {{ server.user }}
- - group: {{ server.group }}
- - mode: 644
- - require:
- - pkg: bind_packages
- - watch_in:
- - service: bind_service
-
-{%- endif %}
-
{%- if grains['os_family'] == 'Debian' %}
-bind_config:
+bind_config_local:
file.managed:
- - name: {{ server.config }}
- - source: 'salt://bind/files/named.conf.Debian'
- - template: jinja
- - user: {{ server.user }}
- - group: {{ server.group }}
- - mode: 644
- - require:
- - pkg: bind_packages
- - watch_in:
- - service: bind_service
-
-bind_local_config:
- file.managed:
- - name: {{ server.local_config }}
+ - name: {{ server.config_local }}
- source: 'salt://bind/files/named.conf.local'
- template: jinja
- - user: {{ server.user }}
+ - user: root
- group: {{ server.group }}
- mode: 644
- require:
@@ -73,49 +43,18 @@
- watch_in:
- service: bind_service
-bind_options_config:
+bind_config_options:
file.managed:
- - name: {{ server.options_config }}
+ - name: {{ server.config_options }}
- source: 'salt://bind/files/named.conf.options'
- template: jinja
- - user: {{ server.user }}
- - group: {{ server.group }}
- - mode: 644
- - require:
- - pkg: bind_packages
- - watch_in:
- - service: bind_service
-
-bind_default_zones:
- file.managed:
- - name: {{ server.default_zones_config }}
- - source: 'salt://bind/files/named.conf.default-zones'
- - template: jinja
- - user: {{ server.user }}
- - group: {{ server.group }}
- - mode: 644
- - require:
- - pkg: bind_packages
- - watch_in:
- - service: bind_service
-
-/var/log/named:
- file.directory:
- - user: {{ server.user }}
- - group: {{ server.group }}
- - mode: 775
- - template: jinja
-
-/var/log/named/query.log:
- file.managed:
- - user: {{ server.user }}
- - group: {{ server.group }}
-
-/etc/logrotate.d/bind9:
- file.managed:
- - source: salt://bind/files/logrotate
- user: root
- - group: root
+ - group: {{ server.group }}
+ - mode: 644
+ - require:
+ - pkg: bind_packages
+ - watch_in:
+ - service: bind_service
{%- endif %}
@@ -127,18 +66,4 @@
- require:
- pkg: bind_packages
-setup_rndc:
- cmd.run:
- - name: /usr/sbin/rndc-confgen -r /dev/urandom -a -c {{ server.rndc_key }}
- - unless: test -e {{ server.rndc_key }}
- - require:
- - pkg: bind_packages
-
-{{ server.rndc_key }}:
- file.managed:
- - user: root
- - mode: 0640
- - require:
- - cmd: setup_rndc
-
-{%- endif %}
\ No newline at end of file
+{%- endif %}