Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / bind / refs/heads/release/2019.2.0 / . / README.rst
blob: 709a8c859de95c288d173274dc62307c0560c441 [file] [log] [blame]
Ales Komarek882ac7b2014-07-14 10:47:56 +0200[diff] [blame]1
Ales Komarek77dbf032017-01-29 21:46:05 +0100[diff] [blame]2============
3Bind formula
4============
Ales Komarek882ac7b2014-07-14 10:47:56 +0200[diff] [blame]5
Ales Komarek77dbf032017-01-29 21:46:05 +0100[diff] [blame]6BIND is open source software that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users. The name BIND stands for Berkeley Internet Name Domain”, because the software originated in the early 1980s at the University of California at Berkeley.
7
8Sample pillars
9==============
10
Filip Pytloun3b50b102017-03-14 12:46:11 +0100[diff] [blame]11Server
12------
13
Ales Komarek77dbf032017-01-29 21:46:05 +0100[diff] [blame]14.. code-block:: yaml
Ales Komarek882ac7b2014-07-14 10:47:56 +0200[diff] [blame]15
Ales Komarek712343b2014-09-22 11:36:17 +0200[diff] [blame]16 bind:
17 server:
18 enabled: true
Filip Pytloun5299d072016-10-06 11:23:21 +0200[diff] [blame]19 key:
20 keyname:
21 secret: xyz
22 algorithm: hmac-sha512
Filip Pytloun57435b22016-10-06 11:30:16 +0200[diff] [blame]23 server:
24 8.8.8.8:
25 keys:
26 - keyname
Filip Pytloun394922e2017-03-14 10:03:48 +0100[diff] [blame]27 control:
28 local:
29 enabled: true
30 bind:
31 address: 127.0.0.1
32 port: 953
33 allow:
34 - 127.0.0.1
35 keys:
36 - xyz
Ales Komarek712343b2014-09-22 11:36:17 +0200[diff] [blame]37 zone:
38 sub.domain.com:
Filip Pytloun52aa75d2016-02-26 17:14:54 +0100[diff] [blame]39 ttl: 86400
40 root: "hostmaster@domain.com"
Ales Komarek712343b2014-09-22 11:36:17 +0200[diff] [blame]41 type: master
Martin Horakdc71a602018-10-19 14:05:16 +0200[diff] [blame]42 ns: zone.name.server.
43 refresh: 43200
44 retry: 180
45 expire: 1209600
46 nxttl: 10
Ales Komarekce71bf92014-09-30 11:35:30 +0200[diff] [blame]47 records:
48 - name: @
49 type: A
50 ttl: 7200
51 value: 192.168.0.5
Martin Horakd6f624a2018-10-12 16:20:50 +0200[diff] [blame]52 # Allow autoload of host records from salt mine.
Martin Horakdc71a602018-10-19 14:05:16 +0200[diff] [blame]53 auto_records: true
Ales Komarek712343b2014-09-22 11:36:17 +0200[diff] [blame]54 1.168.192.in-addr.arpa:
55 type: master
Ales Komarekce71bf92014-09-30 11:35:30 +0200[diff] [blame]56 notify: false
Filip Pytlounfaf8bbc2016-02-26 16:32:20 +0100[diff] [blame]57 slave.domain.com:
58 type: slave
59 notify: true
60 masters:
Filip Pytloun52aa75d2016-02-26 17:14:54 +0100[diff] [blame]61 # Masters must be specified by IP address
62 - 8.8.8.8
63 - 8.8.4.4
Filip Pytlounfaf8bbc2016-02-26 16:32:20 +0100[diff] [blame]64 dnssec:
65 enabled: true
66 # Don't hide version
67 version: true
68 # Allow recursion, better don't on public dns servers
69 recursion:
70 hosts:
71 - localhost
Ales Komarekfbfa1682014-09-22 11:31:14 +0200[diff] [blame]72
Filip Pytloun394922e2017-03-14 10:03:48 +0100[diff] [blame]73You can use following command to generate key:
74
75.. code-block:: bash
76
77 dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST -r /dev/urandom mykey
78
Filip Pytloun3b50b102017-03-14 12:46:11 +0100[diff] [blame]79Client
80------
81
82.. code-block:: yaml
83
84 bind:
85 client:
86 enabled: true
87 option:
88 default:
89 server: localhost
90 port: 953
91 key: keyname
92 key:
93 keyname:
94 secret: xyz
95 algorithm: hmac-sha512
96 server:
97 8.8.8.8:
98 keys:
99 - keyname
100
Ales Komarek77dbf032017-01-29 21:46:05 +0100[diff] [blame]101Read more
102=========
Ales Komarek2bf43322014-09-22 13:03:41 +0200[diff] [blame]103
Ales Komarekce71bf92014-09-30 11:35:30 +0200[diff] [blame]104* https://github.com/theforeman/puppet-dns
Filip Pytlounfaf8bbc2016-02-26 16:32:20 +0100[diff] [blame]105* https://help.ubuntu.com/community/BIND9ServerHowto
Ales Komarek77dbf032017-01-29 21:46:05 +0100[diff] [blame]106* https://www.isc.org/downloads/bind/