Manage the BIND name server.

Stefan Möding



598 latest version

5.0 quality score

Version information

  • 0.3.0 (latest)
  • 0.2.0
  • 0.1.0
released Mar 4th 2021
This version is compatible with:
  • Puppet Enterprise 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 8.0.0
  • Debian

Start using this module

Tags: bind, dns, named


stm/bind — version 0.3.0 Mar 4th 2021


Build Status Puppet Forge License

Table of Contents

  1. Description
  2. Setup - The basics of getting started with bind
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module


This module manages the BIND Name Server on Debian and Ubuntu. The module supports setting up a Caching Name Server or an Authoritative Name Server using primary and secondary zones.


What bind affects

The module manages the named process and related service files. It also managed the configuration and zone files. On Debian and Ubuntu these files are below the /etc/bind, /var/lib/bind and /var/cache/bind directories. The module uses a multi-level directory tree below /var/lib/bind to separate primary and secondary zone files.

Setup Requirements

The module uses the stdlib and concat modules. It is tested on Debian and Ubuntu using Puppet 6.

Beginning with bind

Set up a caching name server on localhost:

class { 'bind':
  listen_on         => [ '', ],
  listen_on_v6      => [ 'none', ],
  allow_query       => [ 'localhost', ],
  allow_query_cache => [ 'localhost', ],
  allow_recursion   => [ 'localhost', ],


Set up a caching name server that provides recursive name resolution for a local subnet:

class { 'bind':
  allow_query       => [ 'localhost', '10/8', ],
  allow_query_cache => [ 'localhost', '10/8', ],
  allow_recursion   => [ 'localhost', '10/8', ],

Set up a caching name server that provides recursive name resolution for a local subnet and uses forwarders:

class { 'bind':
  allow_query       => [ 'localhost', '10/8', ],
  allow_query_cache => [ 'localhost', '10/8', ],
  allow_recursion   => [ 'localhost', '10/8', ],
  forwarders        => [ '', '', ],

Add a primary zone for the domain:

bind::zone::primary { '':
  source => 'puppet:///modules/profile/dns/',

The zone file will be managed on the server as /var/lib/bind/primary/com/example/ This tree structure is better than a flat directory structure if many zones will be managed by the server.




Not all BIND features are currently implemented as I started with the options I needed myself. Some options are not yet available and features like DNSSEC inline signing are not well tested.


You may open Github issues for this module if you need additional options currently not available.

Feel free to send pull requests for new features.