saltstack-formulas/bind-formula
1
0
Fork 0
mirror of https://github.com/saltstack-formulas/bind-formula.git synced 2025-04-16 01:30:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind-formula/pillar.example
Alastair Knowles afa5402cca Add documentation to pillar.example 
As per issue 32, documentation has been added to better explain that each
section with a "bind:" heading is a seperate section with different
features described. Comments have also been added to describe what
different parts of the config actually do.
2016-09-16 19:52:14 +10:00

102 lines
4.7 KiB
Text
Raw Blame History

# Note - Each section beginning with 'bind:' below represents a different way you may configure
pillars for bind. When configuring your pillar(s), you may use any combination of subsections,
but salt will not merge sections with the same heading.
### Overrides for the defaults specified by ###
### map.jinja ###
bind:
lookup:
pkgs:
- bind # Need to install
service: named # Service name
zones_source_dir: bind/zonedata # Take zonefiles from `salt://bind/zonedata`
# instead of `salt://zones`
### General config options ###
bind:
config:
tmpl: salt://bind/files/debian/named.conf # Template we'd like to use (not implemented?)
user: root # File & Directory user
group: named # File & Directory group
mode: 640 # File & Directory mode
options:
allow-recursion: '{ any; }' # Never include this on a public resolver
protocol: 4 # Force bind to serve only one IP protocol
# (ipv4: 4, ipv6: 6). Omitting this reverts to
# binds default of both.
# Debian based systems
default_zones: True # If set to True, the default-zones configuration
# will be enabled. Defaults to False.
includes: # Include any additional configuration file(s) in
- /some/additional/named.conf # named.conf
# End Debian based systems
### Keys, Zones, ACLs and Views ###
bind:
keys:
"core_dhcp": # The name for our key
secret: "YourSecretKey" # The key its self
configured_zones:
sub.domain.com: # First domain zone
type: master # We're the master of this zone
notify: False # Don't notify any NS RRs of any changes to zone
also-notify: # Do notify these IP addresses (pointless as
- 1.1.1.1 # notify has been set to no)
- 2.2.2.2
1.168.192.in-addr.arpa: # Reverse lookup for local IPs
type: master # As above
notify: False # As above
allow-transfer: # As above
- 1.1.1.1
- 2.2.2.2
dynamic.domain.com: # Our ddns zone
type: master # As above
allow-update: "key core_dhcp" # Who we allow updates from (refers to above key)
notify: True # Notify NS RRs of changes
sub.anotherdomain.com: # Another domain zone
type: forward # This time it's a forwarding zone
forwarders: # Where we need to forward requests to
- 10.9.8.7
- 10.9.8.5
sub.forwardonlydomain.com: # Forwarding only domain
type: forward # As above
forward: only # We don't want the server to do any resulving
forwarders: # As above (but with different IPs)
- 10.9.8.8
- 10.9.8.9
configured_views:
myview1: # First (and only) view
match_clients: # The clients we wish to match
- client1
- client2
configured_zones: # Zones that our view is applicable to
my.zone: # We've defined a new zone in here
type: master
notify: False
update_policy: # A given update policy
- "grant core_dhcp name dns_entry_allowed_to_update. ANY"
configured_acls: # And now for some ACLs
my_net: # Our ACL's name
- 127.0.0.0/8 # And the applicable IP addresses
- 10.20.0.0/16
### Externally defined Zones ###
bind:
available_zones:
sub.domain.org:
file: db.sub.domain.org # DB file containing our zone
masters: "192.168.0.1;" # Masters of this zone
Reference in a new issue View git blame Copy permalink