From 9eeab5e696c258f5c9493bb10236ddde49e32119 Mon Sep 17 00:00:00 2001
From: Martin Zobel-Helas <zobel@debian.org>
Date: Thu, 24 Dec 2009 16:30:04 +0100
Subject: [PATCH] ensure our tsig keys are protected

---
 modules/named/manifests/secondary.pp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/named/manifests/secondary.pp b/modules/named/manifests/secondary.pp
index 003f1fe4..8d00d0af 100644
--- a/modules/named/manifests/secondary.pp
+++ b/modules/named/manifests/secondary.pp
@@ -4,5 +4,10 @@ class named::secondary inherits named {
                      "puppet:///named/common/named.conf.debian-zones" ],
         notify  => Exec["bind9 reload"],
     }
+    file { "/etc/bind/named.conf.shared-keys":
+        mode    => 640,
+        owner   => root,
+        group   => bind,
+    }
 }
 
-- 
2.39.2