saltstack-formulas/bind-formula
1
0
Fork 0
mirror of https://github.com/saltstack-formulas/bind-formula.git synced 2025-04-17 02:00:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #69 from alxwr/freebsd-support

Browse source 
FreeBSD support
This commit is contained in:
alxwr 2017-02-02 09:40:50 +01:00 committed by GitHub
commit 29662c0f04
6 changed files with 533 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bind/config.sls
View file

@ -22,7 +22,7 @@ bind_restart:
file.managed: file.managed:
- user: {{ salt['pillar.get']('bind:config:user', map.user) }} - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
- group: {{ salt['pillar.get']('bind:config:group', map.group) }} - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
- mode: 644 - mode: {{ salt['pillar.get']('bind:config:log_mode', map.log_mode) }}
- require: - require:
- file: {{ map.log_dir }} - file: {{ map.log_dir }}
@ -67,7 +67,7 @@ bind_local_config:
- watch_in: - watch_in:
- service: bind - service: bind
{% if grains['os_family'] != 'Arch' %} {% if grains['os_family'] not in ['Arch', 'FreeBSD'] %}
bind_default_config: bind_default_config:
file.managed: file.managed:
- name: {{ map.default_config }} - name: {{ map.default_config }}

392
bind/files/freebsd/named.conf Normal file
View file

@ -0,0 +1,392 @@
// $FreeBSD: head/dns/bind99/files/named.conf.in 382109 2015-03-24 15:22:51Z mat $
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/local/share/doc/bind for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works. Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.
options {
// All file and path names are relative to the chroot directory,
// if any, and should be fully qualified.
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
auth-nxdomain no; # conform to RFC1035
// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver. To give access to the network, specify
// an IPv6 address, or the keyword "any".
// listen-on-v6 { ::1; };
// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
forwarders {
127.0.0.1;
};
*/
// If the 'forwarders' clause is not empty the default is to 'forward first'
// which will fall back to sending a query from your local server if the name
// servers in 'forwarders' do not have the answer. Alternatively you can
// force your name server to never initiate queries of its own by enabling the
// following line:
// forward only;
// If you wish to have forwarding configured automatically based on
// the entries in /etc/resolv.conf, uncomment the following line and
// set named_auto_forward=yes in /etc/rc.conf. You can also enable
// named_auto_forward_only (the effect of which is described above).
// include "/usr/local/etc/namedb/auto_forward.conf";
/*
Modern versions of BIND use a random UDP port for each outgoing
query by default in order to dramatically reduce the possibility
of cache poisoning. All users are strongly encouraged to utilize
this feature, and to configure their firewalls to accommodate it.
AS A LAST RESORT in order to get around a restrictive firewall
policy you can try enabling the option below. Use of this option
will significantly reduce your ability to withstand cache poisoning
attacks, and should be avoided if at all possible.
Replace NNNNN in the example with a number between 49160 and 65530.
*/
// query-source address * port NNNNN;
{%- if salt['pillar.get']('bind:config:ipv6', False) %}
listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; };
{%- endif -%}
{#- Allow inclusion of arbitrary statements #}
{%- for statement, value in salt['pillar.get']('bind:config:options', {}).items() -%}
{%- if value is iterable and value is not string %}
{{ statement }} {
{%- for item in value %}
{{ item }};
{%- endfor %}
};
{%- else %}
{{ statement }} {{ value }};
{%- endif %}
{%- endfor %}
};
{%- if salt['pillar.get']('bind:config:default_zones', False) and not salt['pillar.get']('bind:configured_views', False) %}
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
/* Slaving the following zones from the root name servers has some
significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
3. Greater resilience to any potential root server failure/DDoS
On the other hand, this method requires more monitoring than the
hints file to be sure that an unexpected failure mode has not
incapacitated your server. Name servers that are serving a lot
of clients will benefit more from this approach than individual
hosts. Use with caution.
To use this mechanism, uncomment the entries below, and comment
the hint zone above.
As documented at http://dns.icann.org/services/axfr/ these zones:
"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
are available for AXFR from these servers on IPv4 and IPv6:
xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
*/
/*
zone "." {
type slave;
file "/usr/local/etc/namedb/slave/root.slave";
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
notify no;
};
zone "arpa" {
type slave;
file "/usr/local/etc/namedb/slave/arpa.slave";
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
notify no;
};
*/
/* Serving the following zones locally will prevent any queries
for these zones leaving your network and going to the root
name servers. This has two significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
*/
// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
zone "localhost" { type master; file "/usr/local/etc/namedb/master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
zone "0.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
// "This" Network (RFCs 1912, 5735 and 6303)
zone "0.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
{%- if salt['pillar.get']('bind:config:empty_private_networks', True) %}
// Private Use Networks (RFCs 1918, 5735 and 6303)
zone "10.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "16.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "168.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
{% endif %}
// Shared Address Space (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "65.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "66.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "67.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "68.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "69.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "70.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "71.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "72.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "73.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "74.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "75.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "76.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "77.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "78.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "79.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "80.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "81.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "82.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "83.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "84.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "85.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "86.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "87.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "88.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "89.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "90.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "91.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "92.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "93.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "94.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "95.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "96.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "97.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "98.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "99.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "100.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "101.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "102.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "103.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "104.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "105.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "106.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "107.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "108.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "109.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "110.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "111.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "112.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "113.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "114.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "115.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "116.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "117.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "118.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "119.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "120.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "121.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "122.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "123.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "124.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "125.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "126.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "127.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// Link-local/APIPA (RFCs 3927, 5735 and 6303)
zone "254.169.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IETF protocol assignments (RFCs 5735 and 5736)
zone "0.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
zone "2.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "100.51.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "113.0.203.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// Domain Names for Documentation and Testing (BCP 32)
zone "test" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "example" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "invalid" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "example.com" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "example.net" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "example.org" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "19.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IANA Reserved - Old Class E Space (RFC 5735)
zone "240.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "241.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "242.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "243.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "244.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "245.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "246.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "247.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "248.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "249.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "250.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "251.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "252.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "253.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "254.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "3.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "4.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "5.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "6.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "7.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "8.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "9.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "a.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "b.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "c.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "d.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "e.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "0.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "1.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "2.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "3.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "4.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "5.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "6.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "7.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "8.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "9.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "a.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "b.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "0.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "1.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "2.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "3.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "4.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "5.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "6.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "7.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IPv6 ULA (RFCs 4193 and 6303)
zone "c.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "d.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Link Local (RFCs 4291 and 6303)
zone "8.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "9.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "a.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "b.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
zone "c.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "d.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "e.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "f.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example slave zone config entries. It can be convenient to become
// a slave at least for the zone your own domain is in. Ask
// your network administrator for the IP address of the responsible
// master name server.
//
// Do not forget to include the reverse lookup zone!
// This is named after the first bytes of the IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
//
// Before starting to set up a master zone, make sure you fully
// understand how DNS and BIND work. There are sometimes
// non-obvious pitfalls. Setting up a slave zone is usually simpler.
//
// NB: Don't blindly enable the examples below. :-) Use actual names
// and addresses instead.
/* An example dynamic zone
key "exampleorgkey" {
algorithm hmac-md5;
secret "sf87HJqjkqh8ac87a02lla==";
};
zone "example.org" {
type master;
allow-update {
key "exampleorgkey";
};
file "/usr/local/etc/namedb/dynamic/example.org";
};
*/
/* Example of a slave reverse zone
zone "1.168.192.in-addr.arpa" {
type slave;
file "/usr/local/etc/namedb/slave/1.168.192.in-addr.arpa";
masters {
192.168.1.1;
};
};
*/
{% endif %}
include "{{ map.local_config }}";
{%- if 'keys' in salt['pillar.get']('bind') %}
{% for key,args in salt['pillar.get']('bind:keys', {}).items() -%}
key "{{ key }}" {
algorithm {{ args['algorithm'] | default('HMAC-MD5.SIG-ALG.REG.INT') }};
secret "{{ args['secret'] }}";
};
{% endfor %}
{% endif %}
{%- for incl in salt['pillar.get']('bind:config:includes', []) %}
include "{{ incl }}";
{% endfor %}

105
bind/files/freebsd/named.conf.local Normal file
View file

@ -0,0 +1,105 @@
# vim: sts=2 ts=2 sw=2 et ai
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
{%- macro zone(key, args, file, masters) %}
zone "{{ key }}" {
type {{ args['type'] }};
{% if args['type'] == 'forward' -%}
{% if args['forward'] is defined -%}
forward {{ args['forward'] }};
{%- endif %}
forwarders {
{% for forwarder in args.forwarders -%}
{{ forwarder }};
{%- endfor %}
};
{% else -%}
{% if args['dnssec'] is defined and args['dnssec'] -%}
file "{{ map.named_directory }}/{{ file }}.signed";
{% else -%}
file "{{ map.named_directory }}/{{ file }}";
{%- endif %}
{%- if args['allow-update'] is defined %}
allow-update { {{args['allow-update']}}; };
{%- endif %}
{%- if args.update_policy is defined %}
update-policy {
{%- for policy in args.update_policy %}
{{ policy }};
{%- endfor %}
};
{%- endif %}
{%- if args['allow-transfer'] is defined %}
allow-transfer { {{ args.get('allow-transfer', []) | join('; ') }}; };
{%- endif %}
{%- if args['also-notify'] is defined %}
also-notify { {{ args.get('also-notify', []) | join('; ') }}; };
{%- endif %}
{%- if args['type'] == "master" -%}
{% if args['notify'] %}
notify yes;
{% else %}
notify no;
{%- endif -%}
{% else %}
notify no;
masters { {{ masters }} };
{%- endif %}
{%- endif %}
};
{%- endmacro %}
{%- if salt['pillar.get']('bind:configured_views', {}) is not defined %}
include "{{ map.default_zones_config }}";
{%- endif %}
{% for key, args in salt['pillar.get']('bind:configured_zones', {}).items() -%}
{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
{{ zone(key, args, file, masters) }}
{% endfor %}
{% for view, view_data in salt['pillar.get']('bind:configured_views', {}).items() %}
view {{ view }} {
{%- if view == 'default' %}
include "{{ map.default_zones_config }}";
{%- endif %}
match-clients {
{%- for acl in view_data.get('match_clients', {}) %}
{{ acl }};
{%- endfor %}
};
{% for key, args in view_data.get('configured_zones', {}).items() -%}
{%- set file = salt['pillar.get']("bind:available_zones:" + key + ":file") %}
{%- set masters = salt['pillar.get']("bind:available_zones:" + key + ":masters") %}
{{ zone(key, args, file, masters) }}
{%- endfor %}
};
{%- endfor %}
{% if salt['pillar.get']("bind:use_querylog", False) %}
logging {
channel "querylog" {
file "{{ map.log_dir }}/query.log";
print-time yes;
};
category queries { querylog; };
};
{% endif %}
{%- for name, data in salt['pillar.get']('bind:configured_acls', {}).items() %}
acl {{ name }} {
{%- for d in data %}
{{ d }};
{%- endfor %}
};
{%- endfor %}

16
bind/files/freebsd/tty1.eu-empty-private-networks.conf Normal file
View file

@ -0,0 +1,16 @@
zone "16.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };

17
bind/map.jinja
View file

@ -12,6 +12,7 @@
'default_zones_config': '/etc/bind/named.conf.default-zones', 'default_zones_config': '/etc/bind/named.conf.default-zones',
'named_directory': '/var/cache/bind/zones', 'named_directory': '/var/cache/bind/zones',
'log_dir': '/var/log/bind9', 'log_dir': '/var/log/bind9',
'log_mode': '644',
'user': 'root', 'user': 'root',
'group': 'bind', 'group': 'bind',
'mode': '644' 'mode': '644'
@ -26,6 +27,7 @@
'default_config': '/etc/sysconfig/named', 'default_config': '/etc/sysconfig/named',
'named_directory': '/var/named/data', 'named_directory': '/var/named/data',
'log_dir': '/var/log/named', 'log_dir': '/var/log/named',
'log_mode': '640',
'user': 'root', 'user': 'root',
'group': 'named', 'group': 'named',
'mode': '640' 'mode': '640'
@ -39,10 +41,25 @@
'local_config': '/etc/named.conf.local', 'local_config': '/etc/named.conf.local',
'named_directory': '/var/named', 'named_directory': '/var/named',
'log_dir': '/var/log/named', 'log_dir': '/var/log/named',
'log_mode': '640',
'user': 'root', 'user': 'root',
'group': 'named', 'group': 'named',
'mode': '640' 'mode': '640'
}, },
'FreeBSD': {
'pkgs': ['bind99'],
'service': 'named',
'config_source_dir': 'bind/files/freebsd',
'zones_source_dir': 'zones',
'config': '/usr/local/etc/namedb/named.conf',
'local_config': '/usr/local/etc/namedb/named.conf.local',
'named_directory': '/usr/local/etc/namedb/working',
'log_dir': '/var/log/named',
'log_mode': '660',
'user': 'root',
'group': 'bind',
'mode': '640'
},
}, merge=salt['grains.filter_by']({ }, merge=salt['grains.filter_by']({
'jessie': { 'jessie': {
'pkgs': ['bind9', 'bind9utils'], 'pkgs': ['bind9', 'bind9utils'],

2
pillar.example
View file

@ -29,7 +29,7 @@ bind:
# (ipv4: 4, ipv6: 6). Omitting this reverts to # (ipv4: 4, ipv6: 6). Omitting this reverts to
# binds default of both. # binds default of both.
# Debian based systems # Debian and FreeBSD based systems
default_zones: True # If set to True, the default-zones configuration default_zones: True # If set to True, the default-zones configuration
# will be enabled. Defaults to False. # will be enabled. Defaults to False.