modules/named/manifests/init.pp

   1 class named {
   2
   3         munin::check { 'bind': }
   4
   5         package { 'bind9':
   6                 ensure => installed
   7         }
   8
   9         service { 'bind9':
  10                 ensure => running,
  11         }
  12
  13         @ferm::rule { 'dsa-bind':
  14                 domain      => '(ip ip6)',
  15                 description => 'Allow nameserver access',
  16                 rule        => '&TCP_UDP_SERVICE(53)'
  17         }
  18
  19         @ferm::rule { 'dsa-bind-notrack':
  20                 domain      => '(ip ip6)',
  21                 description => 'NOTRACK for nameserver traffic',
  22                 table       => 'raw',
  23                 chain       => 'PREROUTING',
  24                 rule        => 'proto (tcp udp) dport 53 jump NOTRACK'
  25         }
  26
  27         @ferm::rule { 'dsa-bind-notrack-out':
  28                 domain      => '(ip ip6)',
  29                 description => 'NOTRACK for nameserver traffic',
  30                 table       => 'raw',
  31                 chain       => 'PREROUTING',
  32                 rule        => 'proto (tcp udp) sport 53 jump NOTRACK'
  33         }
  34
  35         file { '/var/log/bind9':
  36                 ensure => directory,
  37                 owner  => bind,
  38                 group  => bind,
  39                 mode   => '0775',
  40         }
  41 }