dns

Overview
Module Description - What the module does and why it is useful
Setup - The basics of getting started with dns
Usage - Configuration options and additional functionality
- Basic Config
- Master Slave Config
Reference - An under-the-hood peek at what the module is doing and how
Limitations - OS compatibility, etc.
Development - Guide for contributing to the module

Overview

Manage the installation and configuration of knot and nsd installations. Also allows for managing master -> slave relations via exported resources.

Module Description

This module acts as an interface to icann-nsd and icann-knot to allow the same config yto manage both servers and ease switch between the two daemons. It can also use exportedconcat resources to manage master slave relationships

Setup

What dns affects

installs and manages icann-knot
installs and manages icann-nsd
dynamicly sets processor count based on installed processes
Optionaly install zonecheck python library and associated cron job. if the is a problem mwith dns a custom fact is created which can be used by other modules (see icann-quagga)

Setup Requirements

puppetlabs-stdlib 4.12.0 (may work with earlier versions)
puppetlabs-concat 1.2.0
icann-knot 0.1.3
icann-nsd 0.1.3
stankevich-python 1.15.0

Beginning with dns

install either icann-nsd or -cann-knot depending on the operating system:

class { '::dns': }

Force a specific daemon and disable zonecheck

class { '::dns':
  daemon => 'knot',
  enable_zonecheck => false,
}

and in hiera

dns::daemon: knot
dns::enable_zonecheck: false

Usage

Basic Config

Add config with primary tsig key

class {'::dns': 
  tsig => {
    'name' => 'test',
    'algo' => 'hmac-sha256',
    'data' => 'adsasdasdasd='
  }
}

or with hiera

dns::tsig:
  name: test
  algo: hmac-sha256
  data: adsasdasdasd=

add zone files. zone files are added with sets of common config.

class {'::dns': 
  zones => {
    'master1_zones' => {
      'allow_notify' => ['192.0.2.1'],
      'masters'      => ['192.0.2.1'],
      'provide_xfr'  => ['127.0.0.1'],
      'zones'        => ['example.com', 'example.net']
    },
    'master2_zones'  => {
      'allow_notify' => ['192.0.2.2'],
      'masters'      => ['192.0.2.2'],
      'provide_xfr'  => ['127.0.0.2'],
      'zones'        => ['example.org']
    }
  }
}

in hiera

dns::zones:
  master1_zones:
    allow_notify:
    - 192.0.2.1
    masters:
    - 192.0.2.1
    provide_xfr:
    - 192.0.2.1
    zones:
    - example.com
    - example.net
  master2_zones:
    allow_notify:
    - 192.0.2.2
    masters:
    - 192.0.2.2
    provide_xfr:
    - 192.0.2.2
    zones:
    - example.org

creat and as112 server also uses the dns::file resource

  class {'::dns': 
    zones =>  {
      'rfc1918' => { 
        'zonefile' => 'db.dd-empty',
        'zones' => [
          '10.in-addr.arpa',
          '16.172.in-addr.arpa',
          '17.172.in-addr.arpa',
          '18.172.in-addr.arpa',
          '19.172.in-addr.arpa',
          '20.172.in-addr.arpa',
          '21.172.in-addr.arpa',
          '22.172.in-addr.arpa',
          '23.172.in-addr.arpa',
          '24.172.in-addr.arpa',
          '25.172.in-addr.arpa',
          '26.172.in-addr.arpa',
          '27.172.in-addr.arpa',
          '28.172.in-addr.arpa',
          '29.172.in-addr.arpa',
          '30.172.in-addr.arpa',
          '31.172.in-addr.arpa',
          '168.192.in-addr.arpa',
          '254.169.in-addr.arpa'
        ]
      },
      'empty.as112.arpa' => {
        'zonefile' => 'db.dr-empty',
        'zones'    => ['empty.as112.arpa'],
      },
      'hostname.as112.net' => {
        'zonefile' => 'hostname.as112.net.zone',
        'zones'    =>  ['hostname.as112.net'],
      }
      'hostname.as112.arpa' => {
        'zonefile' => 'hostname.as112.arpa.zone',
        'zones'    => ['hostname.as112.arpa'],
      },
    },
    files => {
      'db.dd-empty' => {
        source  => 'puppet:///modules/dns/etc/dns/db.dd-empty',
      },
      'db.dr-empty' => {
        source  => 'puppet:///modules/dns/etc/dns/db.dr-empty',
      }
      'hostname.as112.net.zone' => {
        content_template => 'dns/etc/dns/hostname.as112.net.zone.erb',
      }
      'hostname.as112.arpa.zone' => {
        content_template => 'dns/etc/dns/hostname.as112.arpa.zone.erb',
      }
    }
  }

dns::files:
  db.dd-empty:
    source: 'puppet:///modules/dns/etc/dns/db.dd-empty'
  db.dr-empty:
    source: 'puppet:///modules/dns/etc/dns/db.dr-empty'
  hostname.as112.net.zone:
    content_template: 'dns/etc/dns/hostname.as112.net.zone.erb'
  hostname.as112.arpa.zone:
    content_template: 'dns/etc/dns/hostname.as112.arpa.zone.erb'
dns::zones:
  rfc1918:
    zonefile: db.dd-empty
    zones:
    - 10.in-addr.arpa
    - 16.172.in-addr.arpa
    - 17.172.in-addr.arpa
    - 18.172.in-addr.arpa
    - 19.172.in-addr.arpa
    - 20.172.in-addr.arpa
    - 21.172.in-addr.arpa
    - 22.172.in-addr.arpa
    - 23.172.in-addr.arpa
    - 24.172.in-addr.arpa
    - 25.172.in-addr.arpa
    - 26.172.in-addr.arpa
    - 27.172.in-addr.arpa
    - 28.172.in-addr.arpa
    - 29.172.in-addr.arpa
    - 30.172.in-addr.arpa
    - 31.172.in-addr.arpa
    - 168.192.in-addr.arpa
    - 254.169.in-addr.arpa
  'empty.as112.arpa':
    zonefile: db.dr-empty
    zones:
    - empty.as112.arpa
  'hostname.as112.net':
    zonefile: hostname.as112.net.zone
    zones:
    - hostname.as112.net
  'hostname.as112.arpa':
    zonefile: hostname.as112.arpa.zone
    zones:
    - hostname.as112.arpa

Master Slave Config

This module makes use of exported concat fragments so that we can configure slave IP address and TSIG keys on the master server. This is done by managing the following files in the custom facts directory on the master server.

/etc/puppetlabs/facter/facts.d/dns_slave_addresses.yaml
/etc/puppetlabs/facter/facts.d/dns_slave_tsigs.yaml.

As we are relying on custom facts this means that there will be a delay as to when the slave server is configurered on the master server the flow is as follows. In a future release it is intended to remove the reliance on the custom facts dir (pull requests welcome)

Slave server runs puppet and exports slave configueration
Master server runs puppet and updates custom facts file
master server runs and now sees the new servers configuered by the custom facts

The parameter dns::instance is used to create pairs. All slaves in the same instance will be configured on all masters with the same instance.

puppet policy

#Master server ip address = 192.0.2.2
#Slave server ip address = 192.0.2.3
include dns

Slave hiera config

dns::instance: example.com
dns::tsig:
    algo: hmac-sha256
    data: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
    name: slave.example.com
dns::zones:
  example:
    allow_notify:
    - 192.0.2.2
    masters:
    - 192.0.2.2
    zones:
    - example.com
    - example.net

Master hiera config

dns::master: true
dns::instance: example.com
dns::tsig:
    algo: hmac-sha256
    data: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
    name: master.example.com
dns::zones:
  example.com:
    zones:
    - example.com
    - example.net

Classes

Public Classes

Class: `dns`

Guides the basic setup and installation of KNOT on your system

Parameters (all optional)

daemon (/^(nsd|knot)$/, Default: os dependent): which daemon to use
slaves_target (Path, Default: /etc/puppetlabs/facter/facts.d/dns_slave_addresses.yaml) patch on master to store facts used for master/slave relationship
nsid (String, Default: FQDN): string to use for EDNS NSID queires
identity (String, Default: FQDN): string to use for hostname.bind queires
ip_addresses (Array, Default: [@ipaddress]): IP addresses that daemon should listen on
master (Boolean, Deafult: true): wheather the system is a master or a slave
instance (String, Default: 'default'): used for master/slave relationships
ensure (Pattern[/^(present|absent)$/], Default: present): whether to install dns daemon
enable_zonecheck (Boolean, Default: true): Weather to install and manage zonecheck
zones (Hash, Default: {}): A hash of nsd::zone or knot::zone resourves
files (Hash, Default: {}): A hash of nsd::file or knot::file resourves
tsig (Hash, Default: {}): A hash of nsd::tsig or knot::tsig
enable_nagios (Boolean, Default: false): export nagios_Service definitions for each zone

Private Classes

Class `dns::params`

Set os specific parameters

Limitations

This module has been tested on:

Ubuntu 12.04, 14.04
FreeBSD 10

Development

Pull requests welcome but please also update documentation and tests.

Name		Name	Last commit message	Last commit date
Latest commit History 43 Commits
.github		.github
files		files
manifests		manifests
spec		spec
templates		templates
tests		tests
types		types
.fixtures.yml		.fixtures.yml
.gitignore		.gitignore
.msync.yml		.msync.yml
.puppet-lint.rc		.puppet-lint.rc
.rspec		.rspec
.rubocop.yml		.rubocop.yml
.sync.yml		.sync.yml
.travis.yml		.travis.yml
.yardopts		.yardopts
CHANGELOG.md		CHANGELOG.md
DEVELOPMENT.md		DEVELOPMENT.md
Gemfile		Gemfile
Gemfile.lock		Gemfile.lock
LICENSE		LICENSE
README.md		README.md
Rakefile		Rakefile
Vagrantfile		Vagrantfile
metadata.json		metadata.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

dns

Table of Contents

Overview

Module Description

Setup

What dns affects

Setup Requirements

Beginning with dns

Usage

Basic Config

Master Slave Config

Reference

Classes

Public Classes

Class: `dns`

Parameters (all optional)

Private Classes

Class `dns::params`

Limitations

Development

About

Releases

Packages

Languages

License

PuppetBSD/puppet-dns

Folders and files

Latest commit

History

Repository files navigation

dns

Table of Contents

Overview

Module Description

Setup

What dns affects

Setup Requirements

Beginning with dns

Usage

Basic Config

Master Slave Config

Reference

Classes

Public Classes

Class: dns

Parameters (all optional)

Private Classes

Class dns::params

Limitations

Development

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Class: `dns`

Class `dns::params`

Packages