move ACLs for 3rd party things from the named.conf.options template to named.conf...

[mirror/dsa-puppet.git] / modules / named / manifests / primary.pp

diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp
index 85b0021..fd428ac 100644 (file)
--- a/modules/named/manifests/primary.pp
+++ b/modules/named/manifests/primary.pp
@@ -1,3 +1,20 @@
 class named::primary inherits named::authoritative {
        include dnsextras::entries
+
+       @ferm::rule { '01-dsa-bind-4':
+               domain      => '(ip ip6)',
+               description => 'Allow nameserver access',
+               rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )',
+       }
+
+       file { '/etc/bind/named.conf.debian-zones':
+               content => template('named/named.conf.debian-zones.erb'),
+               notify  => Service['bind9'],
+       }
+
+       concat::fragment { 'dsa-named-conf-puppet-misc---named.conf.external-secondaries-ACLs':
+               target => '/etc/bind/named.conf.puppet-misc',
+               order  => '010',
+               content => template('named/named.conf.external-secondaries-ACLs.erb'),
+       }
 }