X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fnamed%2Fmanifests%2Fprimary.pp;h=cafefff658d08ba2f2b307e97c1351311674da10;hb=368e147f10b8e748f7e171a15568a94d79599039;hp=5f3f6beed3c16243e65ffd78114f8e57f26aa872;hpb=584f12fb4c5f6ce47a187868570f439f543b635d;p=mirror%2Fdsa-puppet.git

diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp
index 5f3f6beed..cafefff65 100644
--- a/modules/named/manifests/primary.pp
+++ b/modules/named/manifests/primary.pp
@@ -49,6 +49,13 @@ class named::primary inherits named::authoritative {
       };
       | EOF
   }
+  @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+    tag         => 'named::keyring::ferm',
+    description => 'Allow primary access to the keyring master',
+    proto       => ['udp', 'tcp'],
+    port        => 'domain',
+    saddr       => $base::public_addresses,
+  }
 
   concat::fragment { 'puppet-crontab--nsec3':
     target  => '/etc/cron.d/puppet-crontab',