target_user => 'geodnssync',
collect_tag => 'geodnssync-node',
}
+
+ @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+ tag => 'named::primary::ferm',
+ description => 'Allow geo nameserver access to the primary for the (non-geo) zones that we AXFR',
+ proto => ['udp', 'tcp'],
+ port => 'domain',
+ saddr => $base::public_addresses,
+ }
}