X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fkeyring.pp;h=a411ff5402f43d2f7377c2857a8f874c3e55fd51;hb=e71099e47c57303bb7090e404db84ad3e8d3b75b;hp=5743dbd368973b097d9e9146d737f5b7d3b05f03;hpb=c092962f8f0879ffc60c39c6b8d5aa09f43412b3;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/keyring.pp b/modules/roles/manifests/keyring.pp
index 5743dbd36..a411ff540 100644
--- a/modules/roles/manifests/keyring.pp
+++ b/modules/roles/manifests/keyring.pp
@@ -12,13 +12,12 @@ class roles::keyring {
 
 	include named::authoritative
 
-	$notify_address = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "  ")
-	$notify_address_bind = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
+	$notify_address_bind = join(getfromhash($deprecated::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
 
-	@ferm::rule { '01-dsa-bind':
+	ferm::rule { '01-dsa-bind':
 		domain      => '(ip ip6)',
 		description => 'Allow nameserver access',
-		rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_NAGIOS $notify_address ) )',
+		rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_NAGIOS $HOST_DNSPRIMARY ) )',
 	}
 
 	concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone':
@@ -34,7 +33,7 @@ class roles::keyring {
 					127.0.0.1;
 				};
 				also-notify {
-					$notify_address;
+					$notify_address_bind;
 				};
 			};
 			| EOF