From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 2 Mar 2011 15:25:20 +0000 (+0100)
Subject: Configure unbound forwarders unless we are recursive
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=c9e68aa1553fc05fac01385c65bf5a8b10c9f657

Configure unbound forwarders unless we are recursive
---

diff --git a/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb b/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb
index f0840508..04da0806 100644
--- a/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb
+++ b/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb
@@ -32,6 +32,17 @@ module Puppet::Parser::Functions
       end
     end
 
+    if not nodeinfo['hoster']['nameservers'] or nodeinfo['hoster']['nameservers'].empty?
+      # no nameservers known for this hoster
+      results['misc']['resolver-recursive'] = true
+    elsif (nodeinfo['hoster']['nameservers'] & nodeinfo['misc']['v4addrs']).size > 0 or
+          (nodeinfo['hoster']['nameservers'] & nodeinfo['misc']['v6addrs']).size > 0
+      # this host is listed as a nameserver at this location
+      results['misc']['resolver-recursive'] = true
+    else
+      results['misc']['resolver-recursive'] = false
+    end
+
     return(results)
   end
 end
diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index 35610496..ebda9f80 100644
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -54,7 +54,17 @@ server:
 	auto-trust-anchor-file: "/var/lib/unbound/root.key"
 	auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
 
-#forward-zone:
-#	name: "."
-#	forward-addr: 192.0.2.1
-#	forward-addr: 192.0.2.199
+<%=
+	out = []
+	unless results['misc']['resolver-recursive']
+		forwarders = nodeinfo['hoster']['nameservers']
+		forwarders ||= []
+
+		out << 'forward-zone:'
+		out << '	name: "."'
+		forwarders.each do |ns|
+			out << "	forward-addr: #{ns}"
+		end
+	end
+	out.join("\n")
+%>