Merge pull request #51 from saw-leipzig/master

Improvements for Debian based systems
2025-04-15 17:20:21 +00:00 · 2016-03-03 11:46:39 -08:00 · 2016-03-03 11:46:39 -08:00 · 7a075d1ac6
commit 7a075d1ac6
parent 81fea01f6d bf6a0625e7
3 changed files with 29 additions and 9 deletions
--- a/bind/files/debian/named.conf
+++ b/bind/files/debian/named.conf
@ -1,13 +1,17 @@
 // This is the primary configuration file for the BIND DNS server named.
 //
-// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
-// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
 // this configuration file.
 //
 // If you are just adding zones, please do that in /etc/bind/named.conf.local

 include "{{ map.options_config }}";
 include "{{ map.local_config }}";
-{%- if salt['pillar.get']('bind:keys', {}) is defined %}
+{%- if 'keys' in salt['pillar.get']('bind') %}
 include "{{ map.key_config }}";
 {% endif %}
+{%- if salt['pillar.get']('bind:config:default_zones', False) %}
+include "{{ map.default_zones_config }}";
+{% endif %}
+
--- a/bind/files/debian/named.conf.local
+++ b/bind/files/debian/named.conf.local
@ -18,9 +18,9 @@ zone "{{ key }}" {
  };
  {% else -%}
  {% if args['dnssec'] is defined and args['dnssec'] -%}
-  file "zones/{{ file }}.signed";
+  file "{{ map.named_directory }}/{{ file }}.signed";
  {% else -%}
-  file "zones/{{ file }}";
+  file "{{ map.named_directory }}/{{ file }}";
  {%- endif %}

  {% if args['allow-update'] is defined -%}
@ -90,3 +90,11 @@ logging {
  };
  category queries { querylog; };
 };
+
+{%- for name, data in salt['pillar.get']('bind:configured_acls', {}).items() %}
+acl {{ name }} {
+  {%- for d in data %}
+  {{ d }};
+  {%- endfor %}
+};
+{%- endfor %}
--- a/pillar.example
+++ b/pillar.example
@ -13,8 +13,12 @@ bind:
    options:
      allow-recursion: '{ any; };'  # Never include this on a public resolver

-   # force bind to serve only one IP protocol (ipv4: 4, ipv6: 6). omitting this reverts to binds default of both.
-   protocol: 4
+    # force bind to serve only one IP protocol (ipv4: 4, ipv6: 6). omitting this reverts to binds default of both.
+    protocol: 4
+
+    # For Debian based systems:
+    # If set to True, the default-zones configuration will be enabled. Defaults to False.
+    default_zones: True

 bind:
  keys:
@ -29,7 +33,7 @@ bind:
      notify: False
      allow-transfer:
        - 1.1.1.1
-        - 2.2.2.2 
+        - 2.2.2.2
    dynamic.domain.com:
      type: master
      allow-update: "key core_dhcp"
@ -38,7 +42,7 @@ bind:
      type: forward
      forwarders:
        - 10.9.8.7
-        - 10.9.8.5 
+        - 10.9.8.5
  configured_views:
    myview1:
      match_clients:
@ -50,6 +54,10 @@ bind:
          notify: False
          update_policy:
            - "grant core_dhcp name dns_entry_allowed_to_update. ANY"
+  configured_acls:
+    my_net:
+      - 127.0.0.0/8
+      - 10.20.0.0/16

 bind:
  available_zones: