Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- Archlinux, , , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'theforeman-dns', '11.0.0'
Learn more about managing modules with a PuppetfileDocumentation
DNS module for Puppet
Installs and manages an ISC BIND DNS server with basic zones, primarily for The Foreman.
Usage
Include the top level dns
class to fully configure the service.
include dns
A key is set up to allow dynamic DNS updates, stored in rndc.key. This is used by Foreman's smart proxy to add and remove records on the fly.
Zones can be created with the dns::zone
resource:
dns::zone { 'example.com': }
Keys can be created with the dns::key
resource:
dns::key {'dns-key':}
Slaves can also be configured by setting allow_transfer
in the master's zone
and setting zonetype => 'slave'
in the slave's zone.
Logging can be added with the dns::logging_categories
and dns::logging_channels
defined types. The following Hiera example shows all the available options:
dns::logging_categories:
unmatched:
channels:
- 'test_file'
- 'test_stderr'
- 'test_syslog'
- 'test_null'
dns::logging_channels:
test_file:
file_path: '/var/log/named/test.log'
file_versions: 3
file_size: '5m'
log_type: 'file'
print_category: 'yes'
print_severity: 'yes'
print_time: 'yes'
severity: 'dynamic'
test_null:
log_type: 'null'
print_category: 'yes'
print_severity: 'yes'
print_time: 'yes'
severity: 'dynamic'
test_stderr:
log_type: 'stderr'
print_category: 'yes'
print_severity: 'yes'
print_time: 'yes'
severity: 'dynamic'
test_syslog:
log_type: 'syslog'
print_category: 'yes'
print_severity: 'yes'
print_time: 'yes'
severity: 'dynamic'
syslog_facility: 'auth'
Credits
Based on zleslie-dns, with a lot of the guts ripped out. Thanks to zleslie for the original work
Contributing
- Fork the project
- Commit and push until you are happy with your contribution
- Send a pull request with a description of your changes
See the CONTRIBUTING.md file for much more information.
More info
See https://theforeman.org and https://theforeman.org/support.html for support
Copyright (c) 2010-2016 Foreman developers and Zach Leslie
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Reference
Table of Contents
Classes
Public Classes
dns
: Manage an ISC BIND nameserver
Private Classes
dns::config
: Configure dnsdns::install
: Install dns servicedns::logging
: Enable logging for nameddns::params
: Default parametersdns::service
: Enable and start dns service
Defined types
dns::dnssec_policy
: Manage custom DNSSEC policiesdns::key
: Generate a new key for the dnsdns::logging::category
: Define new category for loggingdns::logging::channel
: Define new channel for loggingdns::view
: Define new view for the dnsdns::zone
: Define new zone for the dns
Functions
dns::dnssec_keygen
: Generate a DNSSEC keydns::reverse_dns
: Get the reverse DNS for an IP addressdns::tsig_keygen
: Generate a TSIG keyget_in_addr_arpa
: DEPRECATED. Use thedns::reverse_dns
function instead.
Data types
Dns::Dnssec_policy_key
: Validate dnssec-policy parameterDns::Forwarder
: a DNS forwarder entryDns::UpdatePolicy
: Validate update-policy parameter
Classes
dns
Manage an ISC BIND nameserver
- See also
- dns::zone
- dns::key
- dns::logging::category
- dns::logging::channel
Parameters
The following parameters are available in the dns
class:
namedconf_path
dnsdir
dns_server_package
rndckeypath
optionspath
publicviewpath
vardir
logdir
group_manage
manage_service
namedservicename
zonefilepath
localzonepath
defaultzonepath
forward
forwarders
listen_on_v6
recursion
allow_recursion
allow_query
empty_zones_enable
dns_notify
dnssec_enable
dnssec_validation
namedconf_template
acls
optionsconf_template
sysconfig_file
sysconfig_template
sysconfig_startup_options
sysconfig_resolvconf_integration
sysconfig_disable_zone_checking
sysconfig_additional_settings
controls
statistics_channels
service_ensure
service_enable
service_restart_command
config_check
additional_options
additional_directives
enable_views
zones
keys
logging_categories
logging_channels
disable_empty_zones
namedconf_path
Data type: Stdlib::Absolutepath
Path of the named config
Default value: $dns::params::namedconf_path
dnsdir
Data type: Stdlib::Absolutepath
Directory holding the named configs
Default value: $dns::params::dnsdir
dns_server_package
Data type: String
Name of the package to install
Default value: $dns::params::dns_server_package
rndckeypath
Data type: Stdlib::Absolutepath
Path of the RNDC key
Default value: $dns::params::rndckeypath
optionspath
Data type: Stdlib::Absolutepath
Path of the named options
Default value: $dns::params::optionspath
publicviewpath
Data type: Stdlib::Absolutepath
Path of the config file holding all the zones
Default value: $dns::params::publicviewpath
vardir
Data type: Stdlib::Absolutepath
Directory holding the variable or working files
Default value: $dns::params::vardir
logdir
Data type: Stdlib::Absolutepath
Directory holding the log files for named
Default value: '/var/log/named'
group_manage
Data type: Boolean
Should this module manage the Unix system group under which BIND runs (see dns::params)? Defaults to true. Set to false if you want to manage the system group yourself.
Default value: true
manage_service
Data type: Boolean
Should this module manage the dns service? This only applies to the service management (running, stopped) and not to whether the service should be installed or not. IMPORTANT: this will not reload the service after a config change, you'll have to do that manually or via a separate call to notify
Default value: true
namedservicename
Data type: String
Name of the service
Default value: $dns::params::namedservicename
zonefilepath
Data type: Stdlib::Absolutepath
Directory containing zone files
Default value: $dns::params::zonefilepath
localzonepath
Data type: Variant[Enum['unmanaged'], Stdlib::Absolutepath]
File holding local zones like RFC1912 or RFC1918 files. The special value 'unmanaged' can be used if one plans to create custom RFC1912/RFC1918 zones via dns, where the inclusion of package-shipped zone files is not desired.
Default value: $dns::params::localzonepath
defaultzonepath
Data type: Variant[Enum['unmanaged'], Stdlib::Absolutepath]
File holding some RFC1912 zone includes on systems like Debian. The special value 'unmanaged' can be used if one plans to create custom zones via dns, where the inclusion of package-shipped zone files is not desired.
Default value: $dns::params::defaultzonepath
forward
Data type: Optional[Enum['only', 'first']]
The forward option
Default value: undef
forwarders
Data type: Array[Dns::Forwarder]
The forwarders option
Default value: []
listen_on_v6
Data type: Variant[String, Boolean]
The listen-on-v6 option
Default value: 'any'
recursion
Data type: Enum['yes', 'no']
The recursion option
Default value: 'yes'
allow_recursion
Data type: Array[String]
The allow-recursion option
Default value: ['localnets', 'localhost']
allow_query
Data type: Array[String]
The allow-query option
Default value: ['any']
empty_zones_enable
Data type: Enum['yes', 'no']
The empty-zones-enable option
Default value: 'yes'
dns_notify
Data type: Optional[Enum['yes', 'no', 'explicit']]
The notify option in named.conf
Default value: undef
dnssec_enable
Data type: Optional[Enum['yes', 'no']]
The dnssec-enable option. This option is deprecated and has no effect since BIND 9.15. It's been removed in BIND 9.18.
Default value: $dns::params::dnssec_enable
dnssec_validation
Data type: Enum['yes', 'no', 'auto']
The dnssec-validation option
Default value: 'yes'
namedconf_template
Data type: String
The template to be used for named.conf
Default value: 'dns/named.conf.erb'
acls
Data type: Hash[String, Array[String]]
Specify a hash of ACLs. Each key is the name of a network, and its value is an array of subnet strings.
Default value: {}
optionsconf_template
Data type: String
The template to be used for options.conf
Default value: 'dns/options.conf.erb'
sysconfig_file
Data type: Optional[Stdlib::Absolutepath]
Path to the sysconfig or default file used to set startup options for named. Under Debian this is /etc/default/bind9, under RedHat this is /etc/sysconfig/named. FreeBSD/DragonFly and ArchLinux do not feature such files, thus the sysconfig parameters are not relevant for these operating systems.
Default value: $dns::params::sysconfig_file
sysconfig_template
Data type: Optional[String]
The template used to model /etc/default/bind9 or /etc/sysconfig/named. Default is "dns/sysconfig.${facts[osfamily]}.erb" for Debian and RedHat, and undef for others.
Default value: $dns::params::sysconfig_template
sysconfig_startup_options
Data type: Optional[String]
Startup options for the named
process, rendered as the OPTIONS
string
in the sysconfig file (see above). Use this to set commandline flags and
options for named
. For example, to use IPv4 only and disable IPv6 support
in named on Debian set this parameter to -u bind -4
. The default value
depends on the underlying OS.
Default value: $dns::params::sysconfig_startup_options
sysconfig_resolvconf_integration
Data type: Optional[Boolean]
Should named integrate with resolvconf upon startup? Default is false, and this only pertains to the Debian OS family.
Default value: $dns::params::sysconfig_resolvconf_integration
sysconfig_disable_zone_checking
Data type: Optional[Boolean]
Should zone checking be disabled upon named startup? Default is undef, and this only pertains to the RedHat OS family.
Default value: $dns::params::sysconfig_disable_zone_checking
sysconfig_additional_settings
Data type: Hash[String[1], String]
Additional settings to add to the sysconfig file. This is a simple hash of
key-value strings that will be rendered as KEY="value"
in the sysconfig
file. Use this to add custom (environment) variables relevant for named.
Default is empty.
Default value: {}
controls
Data type: Hash[String, Hash[String, Data]]
Specify a hash of controls. Each key is the name of a network, and its value is a hash containing 'port' => integer, 'keys' => array and 'allowed_addresses' => array
Default value: $dns::params::controls
statistics_channels
Data type: Hash[String, Hash[String, Data]]
Specify a hash of statistics-channels. Each key is the name of a network, and its value is a hash containing 'port' => integer and 'allowed_addresses' => array
Default value: {}
service_ensure
Data type: Variant[Enum['running', 'stopped'], Boolean]
The ensure attribute on the service
Default value: 'running'
service_enable
Data type: Boolean
Whether to enable the service (start at boot)
Default value: true
service_restart_command
Data type: Optional[String[1]]
Custom command to use when the service will be restarted (notified by
configuration changes). Will be passed directly to the restart parameter of
the contained service resource. This is useful when you want BIND to reload
its configuration instead of restarting the whole process, for example by
setting service_restart_command
to /usr/sbin/service bind9 reload
or
/usr/sbin/rndc reload
or even /usr/bin/systemctl try-reload-or-restart bind9
.
Default is 'undef' so the service resource default is used.
Default value: undef
config_check
Data type: Boolean
Should this module run configuration checks before putting new configurations in place? Defaults to true. Set to false if you don't want configuration checks when config files are changed.
Default value: true
additional_options
Data type: Hash[String, Data]
Additional options
Default value: {}
additional_directives
Data type: Array[String]
Additional directives. These are free form strings that allow for full customization. Use with caution.
Default value: []
enable_views
Data type: Boolean
Flag to indicate bind views support. Will remove global zone configuration like localzonepath inclusion.
Default value: false
zones
Data type: Hash[String, Hash]
A hash of zones to be created. See dns::zone for options.
Default value: {}
keys
Data type: Hash[String, Hash]
A hash of keys to be created. See dns::key for options.
Default value: {}
logging_categories
Data type: Hash[String, Hash]
A hash of logging categories to be created. See dns::logging::category for options.
Default value: {}
logging_channels
Data type: Hash[String, Hash]
A hash of logging channels to be created. See dns::logging::channel for options.
Default value: {}
disable_empty_zones
Data type: Array[Stdlib::Fqdn]
A hash containing a list of empty zones that shouldn't be created by bind See: https://kb.isc.org/docs/aa-00800
Default value: []
Defined types
dns::dnssec_policy
Manage custom DNSSEC policies
Parameters
The following parameters are available in the dns::dnssec_policy
defined type:
dnskey_ttl
keys
max_zone_ttl
parent_ds_ttl
parent_propagation_delay
publish_safety
retire_safety
signatures_refresh
signatures_validity
signatures_validity_dnskey
zone_propagation_delay
dnskey_ttl
Data type: Optional[Integer]
This indicates the TTL to use when generating DNSKEY resource records.
Default value: undef
keys
Data type: Array[Dns::Dnssec_policy_key]
This is a list specifying the algorithms and roles to use when generating keys and signing the zone. Entries in this list do not represent specific DNSSEC keys, which may be changed on a regular basis, but the roles that keys play in the signing policy.
Default value: []
max_zone_ttl
Data type: Optional[Integer]
This specifies the maximum permissible TTL value in seconds for the zone.
Default value: undef
parent_ds_ttl
Data type: Optional[Integer]
This is the TTL of the DS RRset that the parent zone uses.
Default value: undef
parent_propagation_delay
Data type: Optional[String[1]]
This is the expected propagation delay from the time when the parent zone is updated to the time when the new version is served by all of the parent zone’s name servers.
Default value: undef
publish_safety
Data type: Optional[String[1]]
This is a margin that is added to the pre-publication interval in rollover timing calculations, to give some extra time to cover unforeseen events. This increases the time between when keys are published and they become active.
Default value: undef
retire_safety
Data type: Optional[String[1]]
This is a margin that is added to the post-publication interval in rollover timing calculations, to give some extra time to cover unforeseen events. This increases the time a key remains published after it is no longer active.
Default value: undef
signatures_refresh
Data type: Optional[String[1]]
This determines how frequently an RRSIG record needs to be refreshed. The signature is renewed when the time until the expiration time is closer than the specified interval.
Default value: undef
signatures_validity
Data type: Optional[String[1]]
This indicates the validity period of an RRSIG record (subject to inception offset and jitter).
Default value: undef
signatures_validity_dnskey
Data type: Optional[String[1]]
This is similar to signatures-validity, but for DNSKEY records.
Default value: undef
zone_propagation_delay
Data type: Optional[String[1]]
This is the expected propagation delay from the time when a zone is first updated to the time when the new version of the zone is served by all secondary servers.
Default value: undef
dns::key
Generate a new key for the dns
Parameters
The following parameters are available in the dns::key
defined type:
algorithm
Data type: String
The algorithm used to generate the secret key
Default value: 'hmac-md5'
filename
Data type: String
The filename to store the key. This is placed in the key directory.
Default value: "${name}.key"
secret
Data type: Optional[String]
This is the secret to be place inside the keyfile, if left empty the key will be generated
Default value: undef
keydir
Data type: Stdlib::Absolutepath
The directory to store the key in. Inherited from the main dns class by default.
Default value: $dns::dnsdir
keysize
Data type: Integer
The size of the key to generate. Only used when generating the key. It's ignored if when a key is specified.
Default value: 512
dns::logging::category
Define new category for logging
Parameters
The following parameters are available in the dns::logging::category
defined type:
channels
Data type: Array
The array of channels to attach to the category
order
Data type: Integer[51, 59]
The order of the category in the configuration file
Default value: 55
dns::logging::channel
Define new channel for logging
Parameters
The following parameters are available in the dns::logging::channel
defined type:
file_path
file_size
file_versions
log_type
order
print_category
print_severity
print_time
severity
syslog_facility
file_path
Data type: Optional[Stdlib::Absolutepath]
The path to the log file
Default value: undef
file_size
Data type: Optional[String]
The maximum size the log file is allowed to reach
Default value: undef
file_versions
Data type: Optional[Integer]
The number of log files to keep when rotating
Default value: undef
log_type
Data type: Enum['file', 'null', 'stderr', 'syslog']
The destination type for the log (file, stderr, syslog, or "null")
Default value: undef
order
Data type: Integer[51, 59]
The order of the channel in the configuration file
Default value: 51
print_category
Data type: Optional[Enum['no', 'yes']]
Decide whether to log the category in the log message
Default value: undef
print_severity
Data type: Optional[Enum['no', 'yes']]
Decide whether to log the severity in the log message
Default value: undef
print_time
Data type: Optional[Enum['no', 'yes']]
Decide whether to log the time in the log message
Default value: undef
severity
Data type: Optional[String]
The severity of messages to log
Default value: undef
syslog_facility
Data type: Optional[String]
The syslog facility to use when logging to a syslog log_type
Default value: undef
dns::view
Define new view for the dns
- See also
Parameters
The following parameters are available in the dns::view
defined type:
match_clients
match_destinations
match_recursive_only
allow_transfer
allow_recursion
allow_query
allow_query_cache
also_notify
forwarders
forward
recursion
dnssec_enable
dnssec_validation
dns_notify
include_localzones
include_defaultzones
order
match_clients
Data type: Array[String]
The value for match-clients in the view definition
Default value: []
match_destinations
Data type: Array[String]
The value for match-destinations in the view definition
Default value: []
match_recursive_only
Data type: Optional[Enum['yes','no']]
The value for match-recursive-only in the view definition
Default value: undef
allow_transfer
Data type: Array[String]
The value for allow-transfer in the view definition
Default value: []
allow_recursion
Data type: Array[String]
The value for allow-recursion in the view definition
Default value: []
allow_query
Data type: Array[String]
The value for allow-query in the view definition
Default value: []
allow_query_cache
Data type: Array[String]
The value for allow-query-cache in the view definition
Default value: []
also_notify
Data type: Array[String]
The value for also-notify in the view definition
Default value: []
forwarders
Data type: Array[Dns::Forwarder]
The value for forwarders in the view definition
Default value: []
forward
Data type: Optional[Enum['only','first']]
The value for forward in the view definition. Only used if forwarders is not empty.
Default value: undef
recursion
Data type: Optional[Enum['yes','no']]
The value for recursion in the view definition
Default value: undef
dnssec_enable
Data type: Optional[Enum['yes','no']]
The value for dnssec-enable in the view definition
Default value: undef
dnssec_validation
Data type: Optional[Enum['yes','no']]
The value for dnssec-validation in the view definition
Default value: undef
dns_notify
Data type: Optional[Enum['yes','no','explicit']]
The value for notify in the view definition
Default value: undef
include_localzones
Data type: Boolean
Whether to include the local zones or not. Requires dns::localzonepath not to be unmanaged to be effective.
Default value: true
include_defaultzones
Data type: Boolean
Whether to include the default zones or not. Requires dns::defaultzonepath not to be unmanaged to be effective.
Default value: true
order
Data type: String
The order parameter to the concat fragment.
Default value: '-'
dns::zone
Define new zone for the dns
Parameters
The following parameters are available in the dns::zone
defined type:
soaip
soaipv6
manage_file
manage_file_name
replace_file
update_policy
target_views
zonetype
soa
reverse
ttl
refresh
update_retry
expire
negttl
serial
records
masters
allow_transfer
allow_query
allow_update
also_notify
zone
contact
zonefilepath
filename
forward
master_empty_forwarders_enable
forwarders
dns_notify
zone_statistics
key_directory
inline_signing
dnssec_secure_to_insecure
auto_dnssec
dnssec_policy
masterfile_format
soaip
Data type: Optional[Stdlib::IP::Address::V4]
The IP address for the SOA. If reverse
is false, an A record will be
created pointing to this IP address for $soa
. This only makes sense if
$soa
is withing this zone and needs glue records.
Default value: undef
soaipv6
Data type: Optional[Stdlib::IP::Address::V6]
The IPv6 address for the SOA. If reverse
is false, an AAAA record will be
created pointing to this IP address for $soa
. This only makes sense if
$soa
is withing this zone and needs glue records.
Default value: undef
manage_file
Data type: Boolean
Whether the manage the file resource. When true $manage_file_name is implied.
Default value: true
manage_file_name
Data type: Boolean
Whether to set the file parameter in the zone file.
Default value: false
replace_file
Data type: Boolean
Whether to update the zone file when a change is detected.
Default value: false
update_policy
Data type: Optional[Dns::UpdatePolicy]
This can be used to specifiy additional update policy rules in the following format { '<KEY_NAME' => {'matchtype' => '', 'tname' => '', 'rr' => 'VALUE' } } Example {'foreman_key' => {'matchtype' => 'zonesub', 'rr' => 'ANY'}} tname and rr are optional
Default value: undef
target_views
Data type: Array[String]
Default value: []
zonetype
Data type: String
Default value: 'master'
soa
Data type: String
Default value: $facts['networking']['fqdn']
reverse
Data type: Boolean
Default value: false
ttl
Data type: String
Default value: '10800'
refresh
Data type: Integer
Default value: 86400
update_retry
Data type: Integer
Default value: 3600
expire
Data type: Integer
Default value: 604800
negttl
Data type: Integer
Default value: 3600
serial
Data type: Integer
Default value: 1
records
Data type: Array[String[1]]
A list of records which will be added to the zone file in the RFC 1035 format (see https://datatracker.ietf.org/doc/html/rfc1035) Example ['host1 IN A 192.168.0.10', 'alt-host1 IN CNAME host1']
Default value: []
masters
Data type: Array
Default value: []
allow_transfer
Data type: Array
Default value: []
allow_query
Data type: Array
Default value: []
allow_update
Data type: Array
Default value: []
also_notify
Data type: Array
Default value: []
zone
Data type: String
Default value: $title
contact
Data type: Optional[String]
Default value: undef
zonefilepath
Data type: Stdlib::Absolutepath
Default value: $dns::zonefilepath
filename
Data type: String
Default value: "db.${title}"
forward
Data type: Enum['first', 'only']
Default value: 'first'
master_empty_forwarders_enable
Data type: Boolean
Enable empty forwarders option in master zone. Applicable when forwarders are empty and zonetype is set to master.
Default value: false
forwarders
Data type: Array[Dns::Forwarder]
Default value: []
dns_notify
Data type: Optional[Enum['yes', 'no', 'explicit']]
Default value: undef
zone_statistics
Data type: Optional[Enum['yes', 'no']]
Default value: undef
key_directory
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
inline_signing
Data type: Optional[Enum['yes', 'no']]
Default value: undef
dnssec_secure_to_insecure
Data type: Optional[Enum['yes', 'no']]
Default value: undef
auto_dnssec
Data type: Optional[Enum['allow', 'maintain', 'off']]
Default value: undef
dnssec_policy
Data type: Optional[String[1]]
Causes the zone to be signed and turns on automatic maintenance for the zone.
Default value: undef
masterfile_format
Data type: Optional[Enum['text', 'raw', 'map']]
The format used to load the master file
Default value: undef
Functions
dns::dnssec_keygen
Type: Ruby 4.x API
Generate a DNSSEC key
dns::dnssec_keygen(String[1] $name, String[1] $algorithm, Optional[Integer[1, 4096]] $keysize, Optional[String[1]] $nametype)
The dns::dnssec_keygen function.
Returns: Hash[String, String]
name
Data type: String[1]
algorithm
Data type: String[1]
keysize
Data type: Optional[Integer[1, 4096]]
nametype
Data type: Optional[String[1]]
dns::reverse_dns
Type: Ruby 4.x API
Get the reverse DNS for an IP address
dns::reverse_dns(Stdlib::IP::Address::Nosubnet $ip)
The dns::reverse_dns function.
Returns: Stdlib::Fqdn
ip
Data type: Stdlib::IP::Address::Nosubnet
The IP address to get the reverse for
dns::tsig_keygen
Type: Ruby 4.x API
Generate a TSIG key
dns::tsig_keygen(String[1] $name, Optional[String[1]] $algorithm)
The dns::tsig_keygen function.
Returns: Hash[String, String]
name
Data type: String[1]
algorithm
Data type: Optional[String[1]]
get_in_addr_arpa
Type: Ruby 4.x API
DEPRECATED. Use the dns::reverse_dns
function instead.
get_in_addr_arpa(Any *$args)
The get_in_addr_arpa function.
Returns: Any
*args
Data type: Any
Data types
Dns::Dnssec_policy_key
Validate dnssec-policy parameter
Alias of
Struct[{
type => Enum['csk', 'ksk', 'zsk'],
directory => Optional[Enum['key-directory']],
lifetime => String[1],
algorithm => Variant[String[1], Integer],
size => Optional[Integer],
}]
Dns::Forwarder
A forwarder is an IP address (v4 or v6) with optionally followed a port. Since we can't compose patterns, this copies stdlib's implementation for v4. For v6 it uses the default type and grossly simplifies the port check for simplicity.
Alias of Variant[Pattern[/\A([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\s+port\s+[0-9]{1,5})?\z/], Stdlib::IP::Address::V6::Nosubnet, Pattern[/(\A(:{0,2}[[:xdigit:]]{1,4}){1,8}\s+port\s[0-9]{1,5}\Z)/]]
Dns::UpdatePolicy
Validate update-policy parameter
Alias of
Variant[Enum['local'], Hash[
String,
Struct[{
Optional[action] => Enum['deny', 'grant'],
Optional[tname] => String,
rr => String,
matchtype => Enum[
'6to4-self',
'external',
'krb5-self',
'krb5-selfsub',
'krb5-subdomain',
'ms-self',
'ms-selfsub',
'ms-subdomain',
'name',
'self',
'selfsub',
'selfwild',
'subdomain',
'tcp-self',
'wildcard',
'zonesub',
],
}],
]]
Changelog
11.0.0 (2024-07-18)
Breaking changes:
- Remove unused date function #263 (ekohl)
- Drop RHEL 7, CentOS 7 & 8, Scientific 7 & Debian 10; Add RHEL 9 & Fedora 39 & 40 #262 (ekohl)
- Drop files/named.ca #258 (bigon)
- Update ensure_packages->stdlib::ensure_packages; require stdlib 9 #249 (bastelfreak)
Implemented enhancements:
- Update puppet_metadata to ~> 4.0 and voxpupuli-acceptance to ~> 3.0 #261 (archanaserver)
- Fixes #37604 - Validate DNS forwarders #260 (ekohl)
- Add parameter to set disable-empty-zone option #259 (bigon)
- Add AlmaLinux 8 & 9 support #254 (archanaserver)
- Refs #37121 - Add dns::tsig_keygen function #253 (ekohl)
- Add dns::dnssec_keygen function #246 (ekohl)
10.4.0 (2024-05-16)
Implemented enhancements:
10.3.0 (2024-02-19)
Implemented enhancements:
- add support for the statistics-channels directive #245 (UiP9AV6Y)
- Add support for empty forwarders in master zone #244 (mbarecki)
Fixed bugs:
10.2.0 (2023-11-14)
Implemented enhancements:
- Add Debian 12 support #242 (bastelfreak)
- Add Puppet 8 support #237 (bastelfreak)
10.1.0 (2023-09-18)
Implemented enhancements:
Fixed bugs:
10.0.0 (2023-05-15)
Breaking changes:
- Refs #36345 - Drop Puppet 6 support #232 (ekohl)
- Drop Debian 9 & Fedora 32 and add Fedora 37/38 #231 (ekohl)
9.6.0 (2023-05-03)
Implemented enhancements:
- Mark compatible with puppetlabs/concat 8.x #230 (ekohl)
- Add support for Ubuntu Jammy (22.04) #228 (kajinamit)
9.5.1 (2023-02-02)
Fixed bugs:
- Remove legacy fact usage #225 (smortex)
- logging channel error message typo faility to facility #224 (ikonia)
9.5.0 (2022-10-28)
Implemented enhancements:
- stopped zone file from being created if zone type is forward #219 (ikonia)
- Remove dnssec-enable option for EL >= 9 #218 (ikonia)
- Added defaultzonepath to template name.conf.erb #217 (benjamin-robertson)
Merged pull requests:
9.4.0 (2022-08-01)
Implemented enhancements:
- Update to voxpupuli-test 5 #214 (ekohl)
- Add support for
allow-update
in zones #213 (LadyNamedLaura) - Manage zone records #212 (BDelacour)
9.3.0 (2022-04-20)
Implemented enhancements:
- Handle dnssec-enable config option removal #210 (ekohl)
- Add support for defining custom dnssec-policies #206 (smortex)
- Add support for
dnssec-policy
#205 (smortex) - Update the specified bind version on FreeBSD to 9.16. #204 (rtprio)
Closed issues:
- dnssec-enable no longer a valid configuration item. #207
9.2.0 (2022-02-03)
Implemented enhancements:
- Support CentOS 9, Debian 11 and Ubuntu 20.04 #201 (ekohl)
- puppetlabs/stdlib: Allow 8.x #199 (bastelfreak)
9.1.0 (2021-10-29)
Implemented enhancements:
9.0.0 (2021-07-22)
Breaking changes:
Implemented enhancements:
- Drop usage of -r from rndc-confgen #190 (karelyatin)
- Allow Puppet 7 compatible versions of mods #186 (ekohl)
- Replace get_in_addr_arpa with reverse_dns function #175 (ekohl)
Closed issues:
- create-rndc.key fails with bind9 9.13.0+ #189
8.2.0 (2021-04-27)
Implemented enhancements:
- Support Puppet 7 #184 (ekohl)
- Drop Fedora 26, add Fedora 32 #181 (ekohl)
- Allow configuration checks to be turned off #178 (coreone)
8.1.0 (2020-10-27)
Implemented enhancements:
Fixed bugs:
- Enforce parameter_documentation lint plugin #176 (ekohl)
- Update zone documentation #174 (marcdeop)
- Fix custom key ordering #173 (coreone)
8.0.0 (2020-05-13)
Breaking changes:
- Use modern facts #169
- Make bind view clauses optional #163 (dlucredativ)
- Make zone update_policy_rules more generic #157 (damluk)
Implemented enhancements:
- Fixes #29210 - support el8 #160 (wbclark)
- Introduce several dnssec related zone options #158 (damluk)
7.0.0 (2020-02-11)
Breaking changes:
Implemented enhancements:
- Add Debian 10 #153 (mmoll)
- Add manage_service parameter #149 (flyingstar16)
6.2.0 (2019-07-19)
Implemented enhancements:
- Validate named.conf and zones.conf using named-checkconf #144 (antaflos)
- Allow setting service restart command #143 (antaflos)
- Don't set forbidden zone options for zone type 'forward' #142 (antaflos)
6.1.0 (2019-06-12)
Implemented enhancements:
- Add support for managing sysconfig settings #145 (antaflos)
- Make managing BIND system group optional #139 (antaflos)
Merged pull requests:
- Allow puppetlabs/concat and puppetlabs/stdlib 6.x #146 (alexjfisher)
6.0.0 (2019-04-15)
Breaking changes:
5.4.0 (2019-01-10)
Implemented enhancements:
- Convert documentation to puppet-strings #133 (ekohl)
- Add keys parameter and create_resources accordingly #130 (marcdeop)
- Add Puppet 6 support #129 (ekohl)
5.3.1 (2018-10-04)
Merged pull requests:
5.3.0 (2018-07-16)
Implemented enhancements:
5.2.0 (2018-05-22)
Implemented enhancements:
Closed issues:
5.1.0
- Stop shipping development code in releases
- Remove EOL operating systems and add new ones
5.0.1
- Add a zones parameter
- Disallow undef values for
$localzonepath
and$defaultzonepath
in favor of'unmanaged'
(default parameter)
5.0.0
- Drop Puppet 3 support
- Add BIND views support
4.1.0
- Add
$allow_query
parameter for zones. - Add
$additional_directives
parameter to define top-scope directives innamed.conf
. - Document all class parameters.
4.0.0
- Add Arch Linux support
- Fix README to state the module is under the Apache License 2.0, add full licence text
- Drop support for Ruby 1.8.7
3.4.1
- Do not configure listen-on-v6 parameter if it's not set
3.4.0
- Add additional_options parameter to dns class for options without parameters
3.3.1
- Skip package installation when dns_server_package is empty
- Nest 'forwarders' only if 'forward' is used
- Use concat fragments instead of file resource templates for config
3.3.0
- Add dns_notify to dns class and dns::zone define
- Add acls hash
- Add controls hash
- Change default path for zones.conf to /etc/named/zones.conf for the RedHat OS family
3.2.0
- Add empty_zones_enable and forward global parameters
- Add service_ensure, service_enable parameters to manage service properties
- Change allow_recursion default to localnets and localhost to prevent open recursion
- Support Puppet 3.0 minimum
- Support Fedora 21, remove Debian 6 (Squeeze), add Ubuntu 16.04
3.1.0
- Support configuration on FreeBSD
- Add namedconf_template/optionsconf_template parameters to override templates
- Add allow_recursion parameter to control it on a global level
- Add recursion, allow_query, dnssec_enable and dnssec_validation global parameters
- Add manage_file, forward and forwarders parameters to dns::zone
- Add also_notify parameter to dns::zone
- Change package resource to ensure_packages
3.0.0
- Change theforeman-concat_native to puppetlabs-concat
- Test with Puppet 4
2.0.1
- Fix template variable lookups under the future parser
2.0.0
- Add masters/allow_transfer parameters to dns::zone to configure master/slave relationships
- Require that dns is explicitly included, not implicitly included by dns::zone
- Add and refactor dns::zone parameters
- Improve dns::zone defaults for soa, soaip etc.
- Replace dns::zone parameters for zone path and filename
- Remove unused rndc_alg/secret parameters
- Improve style and fix linting issues
- Refresh README
1.4.0
- Add listen_on_v6 parameter
- Prevent create-rndc key exec changing on every run
- Puppet 2.6 support deprecated
- Update gitignore, change fixtures to HTTPS
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/concat (>= 4.1.0 < 10.0.0)
- puppetlabs/stdlib (>= 9.0.0 < 10.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.