Module for provisioning DNS (bind9)
Supports:
- Ubuntu: 14.04, 12.04
- CentOS: 7.x, 6.x
Patches to support other operating systems are welcome.
This module depends on concat (https://github.com/puppetlabs/puppet-concat).
This module ''will'' overwrite all bind configuration, it is not safe to apply to a server with an existing bind configuration.
Clone this repo to your Puppet modules directory
git clone git://github.com/ajjahn/puppet-dns.git dns
or
puppet module install ajjahn/dns
Tweak and add the following to your site manifest:
node 'server.example.com' {
include dns::server
# Forwarders
dns::server::options { '/etc/bind/named.conf.options':
forwarders => [ '8.8.8.8', '8.8.4.4' ]
}
# Forward Zone
dns::zone { 'example.com':
soa => 'ns1.example.com',
soa_email => 'admin.example.com',
nameservers => ['ns1']
}
# Reverse Zone
dns::zone { '1.168.192.IN-ADDR.ARPA':
soa => 'ns1.example.com',
soa_email => 'admin.example.com',
nameservers => ['ns1']
}
# A Records:
dns::record::a {
'huey':
zone => 'example.com',
data => ['98.76.54.32'];
'duey':
zone => 'example.com',
data => ['12.34.56.78', '12.23.34.45'];
'luey':
zone => 'example.com',
data => ['192.168.1.25'],
ptr => true; # Creates a matching reverse zone record. Make sure you've added the proper reverse zone in the manifest.
}
# MX Records:
dns::record::mx {
'mx,0':
zone => 'example.com',
preference => 0,
data => 'ASPMX.L.GOOGLE.com';
'mx,10':
zone => 'example.com',
preference => 10,
data => 'ALT1.ASPMX.L.GOOGLE.com';
}
# NS Records:
dns::record::ns {
'example.com':
zone => 'example.com',
data => 'ns3';
'delegation-to-ns4-jp-example-net':
zone => 'example.com',
host => 'delegated-zone',
data => 'ns4.jp.example.net.';
}
# CNAME Record:
dns::record::cname { 'www':
zone => 'example.com',
data => 'huey.example.com',
}
# TXT Record:
dns::record::txt { 'www':
zone => 'example.com',
data => 'Hello World',
}
# TSIG
dns::tsig { 'ns3' :
ensure => present,
algorithm => "hmac-md5",
secret => "La/E5CjG9O+os1jq0a2jdA==",
server => "192.168.1.3"
}
}You can also declare forwarders for a specific zone, if you don't have one in the dns::option.
dns::zone { 'example.com':
soa => 'ns1.example.com',
soa_email => 'admin.example.com',
allow_forwarder => ['8.8.8.8'],
forward_policy => 'first',
nameservers => ['ns1'],
}You can change the checking of the domain name. The policy can be either warn fail or ignore.
dns::server::options { '/etc/bind/named.conf.options':
check_names_master => 'fail',
check_names_slave => 'warn',
forwarders => [ '8.8.8.8', '4.4.4.4' ],
}You can enable the report of bind stats trough the statistics-channels using:
dns::server::options { '/etc/bind/named.conf.options':
check_names_master => 'fail',
check_names_slave => 'warn',
forwarders => [ '8.8.8.8', '4.4.4.4' ],
statistic_channel_ip => '127.0.0.1',
statistic_channel_port => 8053
}You can also create dynamic zones. Mind they are only created once by puppet and never replaced unless allow_update is empty.
dns::zone {
soa => 'ns1.example.com',
soa_email => 'admin.example.com',
allow_forwarder => ['8.8.8.8'],
allow_update => ['192.168.1.2', '192.168.1.3'],
forward_policy => 'first',
nameservers => ['ns1'],
}node default {
# Other nodes export an A record for their hostname
@@dns::record::a { $::hostname:
zone => $::domain,
data => $::ipaddress,
}
}
node 'ns1.xkyle.com' {
dns::zone { $::domain:
soa => $::fqdn,
soa_email => "admin.${::domain}",
nameservers => [ 'ns1' ],
}
# Collect all the records from other nodes
Dns::Record::A <<||>>
}- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Added some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
Note: This module is a merge of the work from the following authors:
This module is released under the MIT license: