projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Stop serving git and bzr repos on db.d.o
[mirror/dsa-puppet.git]
/
modules
/
named
/
manifests
/
primary.pp
diff --git
a/modules/named/manifests/primary.pp
b/modules/named/manifests/primary.pp
index
046fd9d
..
cafefff
100644
(file)
--- a/
modules/named/manifests/primary.pp
+++ b/
modules/named/manifests/primary.pp
@@
-1,12
+1,9
@@
+# our primary nameserver
+#
+# it will not, by default, open the firewall for requests.
class named::primary inherits named::authoritative {
include dnsextras::entries
class named::primary inherits named::authoritative {
include dnsextras::entries
- ferm::rule { '01-dsa-bind-4':
- domain => '(ip ip6)',
- description => 'Allow nameserver access',
- rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )',
- }
-
concat::fragment { 'dsa-named-conf-puppet-misc---local-shared-keys':
target => '/etc/bind/named.conf.puppet-misc',
order => '020',
concat::fragment { 'dsa-named-conf-puppet-misc---local-shared-keys':
target => '/etc/bind/named.conf.puppet-misc',
order => '020',
@@
-52,6
+49,13
@@
class named::primary inherits named::authoritative {
};
| EOF
}
};
| EOF
}
+ @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+ tag => 'named::keyring::ferm',
+ description => 'Allow primary access to the keyring master',
+ proto => ['udp', 'tcp'],
+ port => 'domain',
+ saddr => $base::public_addresses,
+ }
concat::fragment { 'puppet-crontab--nsec3':
target => '/etc/cron.d/puppet-crontab',
concat::fragment { 'puppet-crontab--nsec3':
target => '/etc/cron.d/puppet-crontab',