Signed-off-by: Stephen Gran <steve@lobefin.net>
- nono.debian.org
dbmaster:
- draghi.debian.org
+ dns_primary:
+ - denis.debian.org
+ dns_secondary:
+ - ravel.debian.org
+ - senfl.debian.org
+ - diamond.debian.org
+ - orff.debian.org
extranrpeclient:
- denis.debian.org
- orff.debian.org
buildd_master:
- grieg.debian.org
- wuiet.debian.org
- dns_primary:
- - denis.debian.org
- dns_secondary:
- - ravel.debian.org
- - senfl.debian.org
- - diamond.debian.org
- - orff.debian.org
rule => 'proto udp dport 53 mod string from 32 to 64 algo bm hex-string \'|0000ff0001|\' jump DROP'
}
- if getfromhash($site::nodeinfo, 'dns_primary') {
+ if has_role('dns_primary') {
@ferm::rule { '01-dsa-bind-4':
domain => '(ip)',
description => 'Allow nameserver access',
dnssec-validation yes;
<% end -%>
-<% if classes.include?('named::authoritative') and not scope.lookupvar('site::nodeinfo')['dns_primary'] -%>
+<% if scope.function_has_role(['dns_secondary']) -%>
rate-limit {
responses-per-second 25;
window 5;
projects / mirror / dsa-puppet.git / commitdiff