projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
make rietz an authoritative NS
[mirror/dsa-puppet.git]
/
modules
/
named
/
templates
/
named.conf.options.erb
diff --git
a/modules/named/templates/named.conf.options.erb
b/modules/named/templates/named.conf.options.erb
index
4224254
..
8bc2f87
100644
(file)
--- a/
modules/named/templates/named.conf.options.erb
+++ b/
modules/named/templates/named.conf.options.erb
@@
-20,12
+20,8
@@
options {
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
-<% if classes.include?("named::recursor") -%>
- listen-on-v6 { any; };
-<% else -%>
listen-on { ! 127.0.0.1; any; };
listen-on-v6 { ! ::1; any; };
listen-on { ! 127.0.0.1; any; };
listen-on-v6 { ! ::1; any; };
-<% end -%>
allow-transfer { none; };
allow-update { none; };
allow-transfer { none; };
allow-update { none; };
@@
-35,9
+31,6
@@
options {
<%=
allowed='Nagios; '
<%=
allowed='Nagios; '
- if classes.include?('named::recursor')
- allowed += 'localnets; '
- end
str = "\tallow-recursion { " + allowed + " };\n"
str += "\tallow-query { " + allowed + " };\n"
str = "\tallow-recursion { " + allowed + " };\n"
str += "\tallow-query { " + allowed + " };\n"
@@
-49,6
+42,16
@@
options {
dnssec-enable yes;
dnssec-validation yes;
<% end -%>
dnssec-enable yes;
dnssec-validation yes;
<% end -%>
+
+<% if %w{senfl ravel orff diamond rietz}.include?(hostname) -%>
+ rate-limit {
+ responses-per-second 25;
+ window 5;
+ slip 5;
+ qps-scale 250;
+ };
+<% end -%>
+
};
logging {
};
logging {