From ba4f3445de0a6052344f998cb29f38d525a52bdc Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sat, 20 Apr 2013 12:44:05 +0200 Subject: [PATCH] secure 29.172.in-addr.arpa --- modules/unbound/files/29.172.in-addr.arpa.key | 3 +++ modules/unbound/manifests/init.pp | 8 ++++++++ modules/unbound/templates/unbound.conf.erb | 1 + 3 files changed, 12 insertions(+) create mode 100644 modules/unbound/files/29.172.in-addr.arpa.key diff --git a/modules/unbound/files/29.172.in-addr.arpa.key b/modules/unbound/files/29.172.in-addr.arpa.key new file mode 100644 index 00000000..1ff6a292 --- /dev/null +++ b/modules/unbound/files/29.172.in-addr.arpa.key @@ -0,0 +1,3 @@ +; DS record, April 2013' +29.172.in-addr.arpa. IN DS 29088 7 2 BAD9990C3107B7D30AB51ECEF6976CB1ABD4FF2060B641C9FCF11F4CF7459C4F + diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp index bb48f644..3a0eeb34 100644 --- a/modules/unbound/manifests/init.pp +++ b/modules/unbound/manifests/init.pp @@ -46,6 +46,14 @@ class unbound { mode => '0644', source => 'puppet:///modules/unbound/debian.org.key' } + file { '/var/lib/unbound/29.172.in-addr.arpa.key': + ensure => present, + replace => false, + owner => unbound, + group => unbound, + mode => '0644', + source => 'puppet:///modules/unbound/29.172.in-addr.arpa.key' + } file { '/etc/unbound/unbound.conf': content => template('unbound/unbound.conf.erb'), require => [ diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb index e8e8b581..080bf951 100644 --- a/modules/unbound/templates/unbound.conf.erb +++ b/modules/unbound/templates/unbound.conf.erb @@ -43,6 +43,7 @@ server: # auto-trust-anchor-file: "" auto-trust-anchor-file: "/var/lib/unbound/root.key" auto-trust-anchor-file: "/var/lib/unbound/debian.org.key" + auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key" # recursive: <%= @is_recursor ? "y" : "n" %> <% if not @is_recursor -%> -- 2.39.2