projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bind should not listen on * if there is unbound installed
[mirror/dsa-puppet.git]
/
modules
/
named
/
templates
/
named.conf.options.erb
diff --git
a/modules/named/templates/named.conf.options.erb
b/modules/named/templates/named.conf.options.erb
index
3a2624a
..
b3d6a1f
100644
(file)
--- a/
modules/named/templates/named.conf.options.erb
+++ b/
modules/named/templates/named.conf.options.erb
@@
-8,7
+8,7
@@
acl Nagios {
str = ''
localinfo.keys.sort.each do |node|
if localinfo[node]['nagiosmaster']
str = ''
localinfo.keys.sort.each do |node|
if localinfo[node]['nagiosmaster']
-
key
info[node]['ipHostNumber'].each do |ip|
+
allnode
info[node]['ipHostNumber'].each do |ip|
str += "\t" + ip + "/32;\n"
end
end
str += "\t" + ip + "/32;\n"
end
end
@@
-20,7
+20,12
@@
options {
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
+<% if classes.include?("named::geodns") or %w{orff senfl}.include?(hostname) -%>
+ listen-on { ! 127.0.0.1; any; };
+ listen-on-v6 { ! ::1; any; };
+<% else -%>
listen-on-v6 { any; };
listen-on-v6 { any; };
+<% end -%>
allow-transfer { none; };
allow-update { none; };
allow-transfer { none; };
allow-update { none; };
@@
-30,7
+35,7
@@
options {
<%=
allowed='Nagios; '
<%=
allowed='Nagios; '
- if
classes.include?('named::authoritative'
) or classes.include?('named::recursor')
+ if
(classes.include?('named::authoritative') and not %w{orff senfl}.include?(hostname)
) or classes.include?('named::recursor')
allowed += 'localnets; '
end
allowed += 'localnets; '
end