include named::geodns
ssh::keygen { 'geodnssync': }
+ ssh::authorized_key_add { 'dns_geodns::pull-from-primary':
+ target_user => 'geodnssync',
+ command => '/usr/bin/rsync --server --sender -logDtprze.iL . zonefiles/',
+ key => $facts['geodnssync_key'],
+ collect_tag => 'dns_primary',
+ }
ssh::authorized_key_collect { 'geodnssync-node':
target_user => 'geodnssync',
collect_tag => 'geodnssync-node',
}
+
+ @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+ tag => 'named::primary::ferm',
+ description => 'Allow geo nameserver access to the primary for the (non-geo) zones that we AXFR',
+ proto => ['udp', 'tcp'],
+ port => 'domain',
+ saddr => $base::public_addresses,
+ }
}