diff --git a/manifests/zone.pp b/manifests/zone.pp index 33b5de19..dfbae160 100644 --- a/manifests/zone.pp +++ b/manifests/zone.pp @@ -1,5 +1,136 @@ # == Define dns::zone # +# `dns::zone` defines a DNS zone and creates both the zone entry +# in the `named.conf` files and the standardized zone file header +# to which the zone records will be added. +# +# === BIND Time Values +# +# BIND time values are numeric strings and default to representing a +# number of seconds (e.g. a time value of `3600` equals one hour). +# Time values may optionally be followed by a suffix of `m`, `h`, +# `d`, or `w`, meaning the time is in minutes, hours, days, or weeks, +# respectively. For example, one week could be represented as any of +# `1w`, `7d`, `168h`, `10080m`, or `604800`. +# +# === FQDN Values +# +# The `dns::zone` type will append the final `.` dot to any value which +# is listed in the *Parameters* section as an *FQDN* (Fully Qualified +# Domain Name). This has two implications: First, any FQDN must *not* +# include the trailing `.` dot; second, any parameter listed as an FQDN +# _must_ be fully-qualified, and will not allow the hostname-only form +# of the name (e.g. in the `example.net` domain, `ns1.example.net` could +# not be referred to as `ns1` in any parameter that requires an FQDN). +# +# === Access Control Lists +# +# Any parameter which is an Access Control List is an array that may +# contain the pre-defined ACL names `none`, `any`, `localhost`, or +# `localnets`, or may contain ip addresses, optionally precededed by a +# `!` exclamation mark and optionally followed by a `/` and a prefix +# length for a subnet match. +# +# === Parameters +# +# [*allow_transfer*] +# An array that indicates what other DNS servers may initiate a +# zone transfer of this zone. The array may contain IP addresses, +# optionally followed by a `/` and a prefix length for a subnet match, +# and optionally prefixed by a `!` exclamation mark (to indicate that +# the IP address - or addresses, with a subnet match - are denied +# rather than allowed) or the special ACL names `any`, `localhost`, +# `localnets`, or `none`: `any` matches any host; `localhost` matches +# only the name server itself; `localnets` matches the name server +# and any request from the name server's subnet(s); and `none` is the +# equivalent of `!any` - it denies all requests. The first entry in +# the array that matches the requester's address will be used. +# +# [*allow_forwarder*] +# An array of IP addresses and optional port numbers to which queries +# for this zone will be forwarded (based on the *forward_policy* +# setting). If the optional port number is included, it must be +# separated from the IP address by the word `port` - for example, `[ +# '192.168.100.102 port 1234' ]`. Defaults to an empty array, which +# means no forwarding will be done. +# +# [*also_notify*] +# This is an array of IP addresses and optional port numbers to +# which this DNS server will send notifies when the master DNS server +# reloads the zone file. See the *allow_forwarder* parameter for how +# to include the optional port numbers. +# +# [*forward_policy*] +# Either `first` or `only`. If the *allow_forwarder* array is not +# empty, this setting defines how query forwarding is handled. With a +# value of `only`, the DNS server will forward the request and return +# the response to the client immediately. With a value of `first`, +# the DNS server will forward the request; if the forwarder server +# returns a not-found response, the DNS server will attempt to answer +# the request itself. +# +# [*nameservers*] +# An array containing the FQDN's of each name server for this zone. +# This will be used to create the `NS` records for the zone file. +# Defaults to an array containing the `$::fqdn` fact. +# +# [*reverse*] +# If `true`, the zone will have `.in-addr.arpa` appended to it. +# Defaults to `false`. +# +# [*slave_masters*] +# If *zone_type* is set to `slave`, this holds an array or string +# containing the IP addresses of the DNS servers from which this slave +# transfers the zone. If a string, the IP addresses must be separated +# by semicolons (`;`). +# +# [*soa*] +# The authoritative name server for this zone. Defaults to the +# `$::fqdn` fact. +# +# [*soa_email*] +# The point-of-contact authoritative name server for this zone, in +# the form __`.`__ (__ may not contain +# `.` dots). Defaults to `root.` followed by the `$::fqdn` fact. +# +# [*zone_expire*] +# This is the maximum amount of time after the last successful refresh +# of the zone for which the slave will continue to respond to DNS +# queries for records in this zone. +# +# [*zone_minimum*] +# Despite _minimum_ in the parameter name, this is the maximum time +# that a _negative_ for this zone (e.g. a host not found response) +# may be cached by other resolvers. +# +# [*zone_notify*] +# One of `yes`, `no`, or `explicit`. With a value of `explicit`, +# when sending notifies, the DNS server will send them only to the +# slaves listed in the `also_notify` list. With `yes`, the DNS server +# will send notifies to the `also_notify` list _and_ to all nameservers +# listed in the `NS` records for the zone _except_ for the nameserver +# listed in the `soa` parameter and the sending name server. With `no`, +# the DNS server will never send notifies for this zone. +# +# [*zone_refresh*] +# The minimum time between when slaves will check back with the zone +# master(s) to check if the zone has been updated. See *Time values* +# above. Defaults to 604800 seconds (7 days). +# +# [*zone_retry*] +# If a slave tries and fails to contact the master(s), this is the +# time the slave will wait before retrying. +# +# [*zone_ttl*] +# The default TTL (time-to-live) for the zone records. See *Time +# values* above. Defaults to 604800 seconds (7 days). +# +# [*zone_type*] +# The type of DNS zone being described. Can be one of `master`, `slave` +# (requires *slave_masters* to be set), or `forward` (requires both +# *allow_forwarder* and *forward_policy* to be set). Defaults to +# `master`. +# define dns::zone ( $soa = $::fqdn, $soa_email = "root.${::fqdn}", diff --git a/spec/defines/dns__zone_spec.rb b/spec/defines/dns__zone_spec.rb index fd617da3..5df5f4d9 100644 --- a/spec/defines/dns__zone_spec.rb +++ b/spec/defines/dns__zone_spec.rb @@ -127,7 +127,7 @@ end it 'should have masters entry' do should contain_concat__fragment('named.conf.local.test.com.include'). - with_content(/masters/) + with_content(/masters.*123.123.123.123 *;/) end it 'should not have allow_tranfer entry' do should_not contain_concat__fragment('named.conf.local.test.com.include'). @@ -144,6 +144,18 @@ end end + context 'with a slave zone with multiple masters' do + let :params do + { :slave_masters => ['123.123.123.123', '234.234.234.234'], + :zone_type => 'slave' + } + end + it 'should have masters entry with all masters joined by ;' do + should contain_concat__fragment('named.conf.local.test.com.include'). + with_content(/masters.*123.123.123.123 *;[ \n]*234.234.234.234 *;/) + end + end + context 'with a master zone' do let :params do { :allow_transfer => ['8.8.8.8','8.8.4.4'], diff --git a/templates/zone.erb b/templates/zone.erb index 5075ffcb..321d0d6a 100644 --- a/templates/zone.erb +++ b/templates/zone.erb @@ -14,7 +14,11 @@ type <%= @zone_type %>; file "<%= @zone_file %>"; <% end -%> <% if @zone_type == 'slave' -%> +<%- if @slave_masters.is_a?(Array) -%> + masters { <%= @slave_masters.join(";") %>;}; +<%- else -%> masters { <%= @slave_masters %>;}; +<%- end -%> <% elsif @zone_type == 'master' -%> <% if @allow_transfer.is_a?(Array) and @allow_transfer.size != 0 -%> allow-transfer {