X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fdns_geodns.pp;h=4560fba4f1f1e114374a2347f17d50d500269919;hb=c744e409e7024a4c41238cc93d7f18e29ab667f6;hp=80ac29adc84e03e4a74cbbc739c3e5a032ec42df;hpb=41789475e67ec05e5aaeca4d2e299328db42ab32;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/dns_geodns.pp b/modules/roles/manifests/dns_geodns.pp
index 80ac29adc..4560fba4f 100644
--- a/modules/roles/manifests/dns_geodns.pp
+++ b/modules/roles/manifests/dns_geodns.pp
@@ -14,4 +14,12 @@ class roles::dns_geodns {
     target_user => 'geodnssync',
     collect_tag => 'geodnssync-node',
   }
+
+  @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+    tag         => 'named::primary::ferm',
+    description => 'Allow geo nameserver access to the primary for the (non-geo) zones that we AXFR',
+    proto       => ['udp', 'tcp'],
+    port        => 'domain',
+    saddr       => $base::public_addresses,
+  }
 }