move 3rd party nameserver info from the ferm template to hiera, retire geodns old...

[mirror/dsa-puppet.git] / modules / named / manifests / primary.pp

diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp
index b383ca5..5f3f6be 100644 (file)
--- a/modules/named/manifests/primary.pp
+++ b/modules/named/manifests/primary.pp
@@ -1,13 +1,9 @@
+# our primary nameserver
+#
+# it will not, by default, open the firewall for requests.
 class named::primary inherits named::authoritative {
   include dnsextras::entries
 
-  ferm::rule { '01-dsa-bind-4':
-    domain      => '(ip ip6)',
-    description => 'Allow nameserver access',
-    rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )',
-  }
-  Ferm::Rule::Simple <<| tag == 'named::primary::ferm' |>>
-
   concat::fragment { 'dsa-named-conf-puppet-misc---local-shared-keys':
     target  => '/etc/bind/named.conf.puppet-misc',
     order   => '020',