Set a saner max-journal-size than unlimited

[mirror/dsa-puppet.git] / modules / named / templates / named.conf.options.erb

diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb
index 9ec33e8..ede58e2 100644 (file)
--- a/modules/named/templates/named.conf.options.erb
+++ b/modules/named/templates/named.conf.options.erb
@@ -42,7 +42,7 @@ options {
        dnssec-validation yes;
 <% end -%>
 
-<% if classes.include?('named::authoritative') and not scope.lookupvar('site::nodeinfo')['dns_primary'] -%>
+<% if scope.function_has_role(['dns_secondary']) -%>
        rate-limit {
                responses-per-second 25;
                window 5;
@@ -51,6 +51,7 @@ options {
        };
 <% end -%>
 
+       max-journal-size 100K;
 };
 
 logging {
@@ -66,9 +67,17 @@ logging {
        };
        category queries { queries; };
        category lame-servers { null; };
+
+       channel transfers {
+               file "/var/log/bind9/named-transfers.log" versions 4 size 40m;
+               print-time yes;
+               print-category yes;
+       };
+       category xfer-out { transfers; };
+       category notify { transfers; };
+
 };
 
- 
 <% if classes.include?('named::authoritative') -%>
 include "/etc/bind/named.conf.puppet-shared-keys";
 <% end -%>