1 class named::primary inherits named::authoritative {
2 include dnsextras::entries
4 @ferm::rule { '01-dsa-bind-4':
6 description => 'Allow nameserver access',
7 rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )',
10 concat::fragment { 'dsa-named-conf-puppet-misc---local-shared-keys':
11 target => '/etc/bind/named.conf.puppet-misc',
14 include "/etc/bind/named.conf.shared-keys";
17 concat::fragment { 'dsa-named-conf-puppet-misc---named.conf.external-secondaries-ACLs':
18 target => '/etc/bind/named.conf.puppet-misc',
20 content => template('named/named.conf.external-secondaries-ACLs.erb'),
23 concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone':
24 target => '/etc/bind/named.conf.puppet-misc',
27 // MAINTAIN-KEY: _openpgpkey.debian.org
29 zone "_openpgpkey.debian.org" {
31 file "db._openpgpkey.debian.org";
34 ${ join(getfromhash($site::allnodeinfo, 'kaufmann.debian.org', 'ipHostNumber'), ";") } ;
48 key-directory "/srv/dns.debian.org/var/keys/_openpgpkey.debian.org";
49 sig-validity-interval 40 25;
56 concat::fragment { 'dsa-puppet-stuff--nsec3':
57 target => '/etc/cron.d/dsa-puppet-stuff',
59 13 19 4 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.net
60 29 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.org
61 32 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debconf.org
62 36 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) _openpgpkey.debian.org