- zone "_openpgpkey.debian.org" {
- type slave;
- file "db._openpgpkey.debian.org";
- allow-query { any; };
- masters {
- ${ join(getfromhash($site::allnodeinfo, 'kaufmann.debian.org', 'ipHostNumber'), ";") } ;
- };
- allow-transfer {
- 127.0.0.1;
- rcode0-ACL;
- dnsnode-ACL;
- dnsnodeapi-ACL;
- };
- also-notify {
- };
+ key-directory "/srv/dns.debian.org/var/keys/_openpgpkey.debian.org";
+ sig-validity-interval 40 25;
+ auto-dnssec maintain;
+ inline-signing yes;
+ };
+ | EOF
+ }
+ @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+ tag => 'named::keyring::ferm',
+ description => 'Allow primary access to the keyring master',
+ proto => ['udp', 'tcp'],
+ port => 'domain',
+ saddr => $base::public_addresses,
+ }