acl Nagios {
<%=
str = ''
- localinfo.keys.sort.each do |node|
- if localinfo[node]['nagiosmaster']
- allnodeinfo[node]['ipHostNumber'].each do |ip|
+ scope.lookupvar('site::localinfo').keys.sort.each do |node|
+ if scope.lookupvar('site::localinfo')[node]['nagiosmaster']
+ scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |ip|
str += "\t" + ip + "/32;\n"
end
end
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
-<% if classes.include?("named::geodns") or %w{senfl}.include(hostname) -%>
listen-on { ! 127.0.0.1; any; };
listen-on-v6 { ! ::1; any; };
-<% else -%>
- listen-on-v6 { any; };
-<% end -%>
allow-transfer { none; };
allow-update { none; };
<%=
allowed='Nagios; '
- if (classes.include?('named::authoritative') and not %w{senfl}.include(hostname)) or classes.include?('named::recursor')
- allowed += 'localnets; '
- end
str = "\tallow-recursion { " + allowed + " };\n"
str += "\tallow-query { " + allowed + " };\n"
dnssec-enable yes;
dnssec-validation yes;
<% end -%>
+
+<% if classes.include?('named::authoritative') and not classes.include?('named::primary') -%>
+ rate-limit {
+ responses-per-second 25;
+ window 5;
+ slip 5;
+ qps-scale 250;
+ };
+<% end -%>
+
};
logging {
};
+<% if classes.include?('named::authoritative') -%>
+include "/etc/bind/named.conf.puppet-shared-keys";
+<% end -%>
projects / mirror / dsa-puppet.git / blobdiff