acl Nagios {
<%=
+ roles = scope.lookupvar('site::roles')
str = ''
- localinfo.keys.sort.each do |node|
- if localinfo[node]['nagiosmaster']
- keyinfo[node][0]['ipHostNumber'].each do |ip|
+ roles['nagiosmaster'].each do |node|
+ scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |ip|
str += "\t" + ip + "/32;\n"
end
- end
end
str-%>
};
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
- listen-on-v6 { any; };
+ listen-on { ! 127.0.0.1; any; };
+ listen-on-v6 { ! ::1; any; };
allow-transfer { none; };
allow-update { none; };
<%=
allowed='Nagios; '
- if classes.include?('named::secondary') or classes.include?('named::recursor')
- allowed += 'localnets; '
- end
str = "\tallow-recursion { " + allowed + " };\n"
str += "\tallow-query { " + allowed + " };\n"
str
-%>
-<% if classes.include?('named::secondary') -%>
+<% if classes.include?('named::authoritative') or classes.include?('named::geodns') -%>
dnssec-enable yes;
dnssec-validation yes;
<% end -%>
+
+<% if scope.function_has_role(['dns_secondary']) -%>
+ rate-limit {
+ responses-per-second 25;
+ window 5;
+ slip 5;
+ qps-scale 250;
+ };
+<% end -%>
+
};
logging {
};
+<% if classes.include?('named::authoritative') -%>
+include "/etc/bind/named.conf.puppet-shared-keys";
+<% end -%>
projects / dsa-puppet.git / blobdiff