modules/named/manifests/init.pp

   1 class named {
   2
   3         munin::check { 'bind': }
   4
   5         site::aptrepo { 'bind-ratelimit':
   6                 url        => 'http://db.debian.org/debian-admin',
   7                 suite      => 'bind-ratelimit',
   8                 components => 'main',
   9         }
  10
  11         package { 'bind9':
  12                 ensure => installed
  13         }
  14
  15         service { 'bind9':
  16                 ensure => running,
  17         }
  18
  19         @ferm::rule { 'dsa-bind':
  20                 domain      => '(ip ip6)',
  21                 description => 'Allow nameserver access',
  22                 rule        => '&TCP_UDP_SERVICE(53)'
  23         }
  24
  25         @ferm::rule { 'dsa-bind-notrack':
  26                 domain      => '(ip ip6)',
  27                 description => 'NOTRACK for nameserver traffic',
  28                 table       => 'raw',
  29                 chain       => 'PREROUTING',
  30                 rule        => 'proto (tcp udp) dport 53 jump NOTRACK'
  31         }
  32
  33         @ferm::rule { 'dsa-bind-notrack-out':
  34                 domain      => '(ip ip6)',
  35                 description => 'NOTRACK for nameserver traffic',
  36                 table       => 'raw',
  37                 chain       => 'OUTPUT',
  38                 rule        => 'proto (tcp udp) sport 53 jump NOTRACK'
  39         }
  40
  41         file { '/var/log/bind9':
  42                 ensure => directory,
  43                 owner  => bind,
  44                 group  => bind,
  45                 mode   => '0775',
  46         }
  47 }