modules/named/templates/named.conf.options.erb

   1 //
   2 // THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
   3 // USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
   4 //
   5
   6 acl Nagios {
   7 <%=
   8   str = ''
   9   localinfo.keys.sort.each do |node|
  10       if localinfo[node]['nagiosmaster']
  11           keyinfo[node][0]['ipHostNumber'].each do |ip|
  12               str += "\t" + ip + "/32;\n"
  13           end
  14       end
  15   end
  16   str-%>
  17 };
  18
  19 options {
  20         directory "/var/cache/bind";
  21
  22         auth-nxdomain no;    # conform to RFC1035
  23         listen-on-v6 { any; };
  24
  25         allow-transfer { none; };
  26         allow-update { none; };
  27 <%= if classes.include?('named::geodns') -%>
  28         blackhole { 192.168.0.0/16; 10.0.0.0/8; 172.16.0.0/12; };
  29 <%= end -%>
  30
  31 <%=
  32   allowed='Nagios; '
  33   if classes.include?('named::secondary')
  34     allowed += 'localnets; '
  35   end
  36
  37   str =  "allow-recursion { " + allowed + " };\n"
  38   str += "allow-query { " + allowed + " };\n"
  39
  40   str
  41 -%>
  42
  43 <%= if classes.include?('named::secondary') -%>
  44         dnssec-enable yes;
  45         dnssec-validation yes;
  46 <%= end -%>
  47 };
  48
  49 logging {
  50
  51         channel queries {
  52 <%= if classes.include?('named::geodns') -%>
  53                 file "/var/log/bind9/geoip-query.log" versions 4 size 40m;
  54 <%= else -%>
  55                 file "/var/log/bind9/named-query.log" versions 4 size 40m;
  56 <%= end -%>
  57                 print-time yes;
  58                 print-category yes;
  59         };
  60         category queries { queries; };
  61         category lame-servers { null; };
  62 };
  63