X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fnamed%2Fmanifests%2Fprimary.pp;h=800c5360d2065bd87de75561bd91748f4be994b8;hb=7089d71c0209bb35fe1b8ce6a761405beb97f7db;hp=64fc3489e5523d9ba15023e01695e906256c1d54;hpb=e7aca653292defd2f0e06961cb0c3bf78e47a979;p=mirror%2Fdsa-puppet.git diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp index 64fc3489e..800c5360d 100644 --- a/modules/named/manifests/primary.pp +++ b/modules/named/manifests/primary.pp @@ -23,11 +23,16 @@ class named::primary inherits named::authoritative { concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone': target => '/etc/bind/named.conf.puppet-misc', order => '020', - content => @("EOF"), + content => @("EOF"/$) + // MAINTAIN-KEY: _openpgpkey.debian.org + zone "_openpgpkey.debian.org" { type slave; file "db._openpgpkey.debian.org"; allow-query { any; }; + masters { + ${ join(getfromhash($site::allnodeinfo, 'kaufmann.debian.org', 'ipHostNumber'), ";") } ; + }; allow-transfer { 127.0.0.1; rcode0-ACL; @@ -36,7 +41,24 @@ class named::primary inherits named::authoritative { }; also-notify { }; + + key-directory "/srv/dns.debian.org/var/keys/_openpgpkey.debian.org"; + sig-validity-interval 40 25; + auto-dnssec maintain; + inline-signing yes; }; | EOF } + + concat::fragment { 'dsa-puppet-stuff--nsec3': + target => '/etc/cron.d/dsa-puppet-stuff', + content => @(EOF) + 13 19 4 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.net + 29 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.org + 32 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debconf.org + 36 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) _openpgpkey.debian.org + + | EOF + } + }