Version information
This version is compatible with:
- ,
Start using this module
Add this module to your Puppetfile:
mod 'ajjahn-dns', '2.1.0'
Learn more about managing modules with a PuppetfileDocumentation
Puppet DNS (BIND9) Module
Module for provisioning DNS (bind9)
Supports:
- Ubuntu: 14.04, 12.04
- CentOS: 7.x, 6.x
Patches to support other operating systems are welcome.
This module depends on concat (https://github.com/puppetlabs/puppet-concat).
This module ''will'' overwrite all bind configuration, it is not safe to apply to a server with an existing bind configuration.
Installation
Clone this repo to your Puppet modules directory
git clone git://github.com/ajjahn/puppet-dns.git dns
or
puppet module install ajjahn/dns
Usage
Tweak and add the following to your site manifest:
node 'server.example.com' {
include dns::server
# Forwarders
dns::server::options { '/etc/bind/named.conf.options':
forwarders => [ '8.8.8.8', '8.8.4.4' ]
}
# Forward Zone
dns::zone { 'example.com':
soa => 'ns1.example.com',
soa_email => 'admin.example.com',
nameservers => ['ns1']
}
# Reverse Zone
dns::zone { '1.168.192.IN-ADDR.ARPA':
soa => 'ns1.example.com',
soa_email => 'admin.example.com',
nameservers => ['ns1']
}
# A Records:
dns::record::a {
'huey':
zone => 'example.com',
data => ['98.76.54.32'];
'duey':
zone => 'example.com',
data => ['12.34.56.78', '12.23.34.45'];
'luey':
zone => 'example.com',
data => ['192.168.1.25'],
ptr => true; # Creates a matching reverse zone record. Make sure you've added the proper reverse zone in the manifest.
}
# MX Records:
dns::record::mx {
'mx,0':
zone => 'example.com',
preference => 0,
data => 'ASPMX.L.GOOGLE.com';
'mx,10':
zone => 'example.com',
preference => 10,
data => 'ALT1.ASPMX.L.GOOGLE.com';
}
# NS Records:
dns::record::ns {
'example.com':
zone => 'example.com',
data => 'ns3';
'delegation-to-ns4-jp-example-net':
zone => 'example.com',
host => 'delegated-zone',
data => 'ns4.jp.example.net.';
}
# CNAME Record:
dns::record::cname { 'www':
zone => 'example.com',
data => 'huey.example.com',
}
# TXT Record:
dns::record::txt { 'www':
zone => 'example.com',
data => 'Hello World',
}
# TSIG
dns::tsig { 'ns3' :
ensure => present,
algorithm => "hmac-md5",
secret => "La/E5CjG9O+os1jq0a2jdA==",
server => "192.168.1.3"
}
}
You can also declare forwarders for a specific zone, if you don't have one in the dns::option.
dns::zone { 'example.com':
soa => 'ns1.example.com',
soa_email => 'admin.example.com',
allow_forwarder => ['8.8.8.8'],
forward_policy => 'first',
nameservers => ['ns1'],
}
You can change the checking of the domain name. The policy can be either warn fail or ignore.
dns::server::options { '/etc/bind/named.conf.options':
check_names_master => 'fail',
check_names_slave => 'warn',
forwarders => [ '8.8.8.8', '4.4.4.4' ],
}
You can enable the report of bind stats trough the statistics-channels
using:
dns::server::options { '/etc/bind/named.conf.options':
check_names_master => 'fail',
check_names_slave => 'warn',
forwarders => [ '8.8.8.8', '4.4.4.4' ],
statistic_channel_ip => '127.0.0.1',
statistic_channel_port => 8053
}
You can also create dynamic zones. Mind they are only created once by puppet and never replaced unless allow_update is empty.
dns::zone {
soa => 'ns1.example.com',
soa_email => 'admin.example.com',
allow_forwarder => ['8.8.8.8'],
allow_update => ['192.168.1.2', '192.168.1.3'],
forward_policy => 'first',
nameservers => ['ns1'],
}
Exported resource patterns
node default {
# Other nodes export an A record for their hostname
@@dns::record::a { $::hostname:
zone => $::domain,
data => $::ipaddress,
}
}
node 'ns1.xkyle.com' {
dns::zone { $::domain:
soa => $::fqdn,
soa_email => "admin.${::domain}",
nameservers => [ 'ns1' ],
}
# Collect all the records from other nodes
Dns::Record::A <<||>>
}
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
Authors
Note: This module is a merge of the work from the following authors:
License
This module is released under the MIT license:
Change Log
2.1.0 (2017-01-26)
Closed issues:
- Function Call, validate_re(): input needs to be a String, not a NilClass at modules/dns/manifests/server/default.pp:29:3 #190
- Getting puppet evaluation error about $enable_zone_write #184
dns::server::defaults
class fails with puppetlabs-stdlib 4.10.0 #181- Setup Travis CI Releases to Forge #177
- TXT record types should properly format the data value #170
- Tags and Forge releases for 2.0.1 and 2.0.2 #167
- How to handle class B nets #166
- Any thoughts on pointing cfg_dir to different directory? #163
- cut releases more frequently. :) #157
- Support for Views #156
- statistics-channel option broken #148
- named.conf not including options #101
- doesnt work with dynamic dns #54
Merged pull requests:
- Remove Ruby 1.8 from the build matrix #194 (solarkennedy)
- fixing path issue which prevents working when path is not /etc/bind #193 (ppouliot)
- 2nd chance: feat query_log - optional parameter query_log_enable to enable query log #192 (eumel8)
- Add support for stub zones #191 (jjthiessen)
- Make data_dir configurable in defined resource types. #189 (n00by)
- Fix template formatting for #188 (n00by)
- Fix statistics-channels location outside named.conf.options, add supp… #187 (kwisatz)
- feat re-implement serial number in dns zone as optional parameter #186 (eumel8)
- Ensure
validate\_re
calls are wrapped inif
checks to avoid passing undef #182 (jearls) - Ignore /*.lock files #175 (sspreitzer)
- Make lint happy: change variables class_[ABC]_* to class_[abc]_* #174 (jearls)
- Fix typos in
dns::collector
anddns::zone
#173 (jearls) - Allow dynamic dns, fixes ajjahn/puppet-dns#54 #172 (sspreitzer)
- issue #170: Produce proper DNS quoted strings for TXT and SPF records #171 (jearls)
- Correct indentation of template. #169 (MemberIT)
- Bugfix/template named options #168 (MemberIT)
- feature TSIG configuration #129 (eumel8)
v2.0.2 (2016-05-24)
Closed issues:
- Is dependency on electrical-file_concat still required? #160
- seemingly random order within the zonefile #154
- Concat dependency causing builds to fail #142
- Version update #141
Merged pull requests:
- Remove unneeded dependency on electrical/file_concat module #165 (jearls)
- Add
reverse =\> reverse
option to dns::zone #162 (jearls) - Add
notify\_source
andtransfer\_source
todns::server::options
#161 (jearls) - Adjust Gemfile to Fix Tests #159 (solarkennedy)
- Removed 'ensure' setting from concat::fragment statements #158 (Loewe88)
- Comparison of: String >= Integer, is not possible #155 (wazoo)
- Added Package require #153 (mooreandrew)
- Allow query zone #152 (gcmalloc)
- Fix default spec, a class not a define #151 (solarkennedy)
- Control whether DNS-SEC support is enabled/disabled #146 (evidex)
- [WIP] Fix fixtures #145 (solarkennedy)
- Empty Zone Generation control #144 (evidex)
- Add support for delegation-only zone types. #143 (evidex)
- Add
all
andfirst
values toptr
parameter ofdns::record::a
#138 (jearls)
v2.0.0 (2015-12-03)
Closed issues:
- Outdated dependencies make this module incompatible with other modules. #120
- Fatal Regression in #112- bad config means bind will not start. #115
- Adding record to multiple zones or all zones? #105
- Large Number of Records? #104
- Tag New Release #97
- SOA has additional "." #93
- Error finding a dependency. #78
- Allow "type forward" without file-statement #64
- 'dnssec-validation auto' not supported in Debian Squeeze (Bind 9.7.3) #52
Merged pull requests:
- Test NS records, provide example for README #140 (roderickm)
- Properly escape the { and } in the listen-on-v6 regexp check. #139 (jearls)
- fix variable access preference with @preference #136 (timogoebel)
- fixes for puppet future parser support #135 (timogoebel)
- Make "listen-on-v6" a configurable option #134 (djm256)
- Allow the dns::zone::slave_masters parameter to be an array #133 (jearls)
- params.pp: excluded dnssec-tools from $necessary_package for debian 8 #131 (Gril258)
- Added support to modify service startup #130 (Cicco0)
- add updated Gemfile.lock #128 (jearls)
- Added initial acceptance test framework #126 (solarkennedy)
- Fix the
directory
option in named.conf.options #125 (darkfoxprime) - Make dnssec validation a configurable option. #124 (darkfoxprime)
- fix zone template's @allow_transfer check #123 (darkfoxprime)
- Correct path for named.conf.options in tests/init.pp #122 (darkfoxprime)
- Remove invalid reference to dns::server::options::forwarder #121 (darkfoxprime)
- Named.options fix #119 (tedivm)
- Fixes #93 - Avoid the extra dot in the soa #117 (oloc)
- Updated concat module version #116 (tedivm)
- Fix comment syntax in named.conf template #114 (jaxim)
- Add param to manage packages #113 (jaxim)
- issue 101: take control of named.conf. #112 (jearls)
- Add notify to server options & also_notify to server and zone options. #110 (jearls)
- Remove dnssec-tools from RedHat package list. #108 (jearls)
- Added file_concat as a dependent module #103 (solarkennedy)
- Use resource names instead of hosts for the aliases of dns record types. With spec test file. #100 (jearls)
- zone files should only be created or modified for master zones #99 (jearls)
- spec tests: fix invalid range in regexp #98 (jearls)
- Fixed a bug where key did not work on redhat due to incorrect pkg name #87 (fhaynes)
- Bind stats #77 (gcmalloc)
v1.2.0 (2015-04-10)
Closed issues:
- Custom NS not supported- can't properly handle domain forwarding #95
- Error: Could not set 'present' on ensure: No such file or directory - /etc/bind/named.conf.options20150404-12319-h6cff6.lock #94
- dnssec-tools not available in centos 7 epel #83
- Invalid relationship errors with concat #81
- Dependency required for repository "epel" on CentOS #79
- New Release 1.1.0 #75
Merged pull requests:
- Added NS record type #96 (tedivm)
- Added in feature allowing for global allow-transfer #90 (fhaynes)
- Fixed a bug where the secret line was not ending a ; #89 (fhaynes)
- Fixed a bug where the key was being written with }: and not }; #88 (fhaynes)
- fixed params.pp for rhel 7 and added fixes for concat issues #84 (ITBlogger)
- Added a description to make RHEL/CentOS users aware that EPEL is required. #82 (robertdebock)
- Test check_names_response with wrong string #76 (roderickm)
v1.1.0 (2015-02-03)
Closed issues:
- Version 2.0.0 #38
Merged pull requests:
- EL Compatible #74 (roderickm)
- cleanup of inline rdocs in
dns::server::options
class #73 (talisto) - allow port to be customized in dns::server::options #72 (talisto)
- MX preference fix, unique alias, add tests #71 (roderickm)
- Add listen-on option (with tests) #70 (roderickm)
- Use the new build env on Travis #68 (joshk)
- Zone with "type forward" are now without "file"-line #66 (fr3dm4n)
- fix README example #65 (rkcpi)
- Update README.md #62 (kylecannon)
v1.0.0 (2014-10-19)
Closed issues:
- Error 400 on SERVER: Duplicate declaration: Dns::Record::A[server1] is already declared #44
- Change zone-serial only on record updates (this a solution) #24
- Possibility to set forwarders #22
- Provide a feature to set the /etc/bind/named.conf.options file #21
- module not found when installing from the forge using puppet module install #15
Merged pull requests:
- Updated docs #60 (solarkennedy)
- Create ns.pp #53 (gilneidp)
- Fix 'Usage' section in dns::server::options #51 (strangeman)
- Fix 'Usage' section in dns::acl #50 (strangeman)
- Spec refactor #49 (danzilio)
- Reformatted dns::key and wrote tests for it #48 (danzilio)
- allow recursion #47 (gcmalloc)
- Adding a forward option for a zone. #46 (gcmalloc)
- Update zone-serial only on changing zone-records (sed version) #45 (kubashin-a)
- Use FQDN as PTR name instead of octet #43 (kubashin-a)
- El compatible #41 (sereinity)
- Solved Syntax error at 'inherits' in ::dns::server::options.pp:18 #40 (n1tr0g)
- Params refactor for future OS support with tests... on top of danzilio's refactor #34 (solarkennedy)
- Allow transfer... on top of danzilios refactor #33 (solarkennedy)
- Update zone_file.erb #31 (seanscottking)
- Update Modulefile #30 (seanscottking)
- ACL #29 (danzilio)
- Refactored the module with a better Gemfile and Rakefile. #28 (danzilio)
- Template changes #27 (ppouliot)
- Add possibility to set forwarders #23 (zeleznypa)
- Added support for SRV DNS record types. #20 (samcday)
v0.1.4 (2013-02-12)
v0.1.3 (2013-01-14)
Closed issues:
- Named.conf Updates #13
- Building PTR Records Fails With Same Resource Defined In Seperate Zones #12
- Zone regenerates w/ every Puppet run #3
Merged pull requests:
- add supoprt for managing slave zones #14 (aussielunix)
- MX Records need a host field #11 (aaronbbrown)
- Syntax error when using strings #10 (aaronbbrown)
- Dependency version #9 (aaronbbrown)
- A few Modulefile corrections #8 (aaronbbrown)
- Changed single quotes to doubles #7 (zodeus)
- .IN-ADDR.ARPA is missing when a PTR record is created with an A record #2 (guillaumerose)
- Fix bug in mx record #1 (dvigueras)
* This Change Log was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/concat (>=1.0.0 <3.0.0)
- puppetlabs/stdlib (>=2.4.0 <6.0.0)