modules/named/templates/named.conf.options.erb

   1 //
   2 // THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
   3 // USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
   4 //
   5
   6 acl Nagios {
   7 <%=
   8   roles = scope.lookupvar('deprecated::roles')
   9   str = ''
  10   roles['nagiosmaster'].each do |node|
  11           str += scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].collect do |ip|
  12               if ip =~ /:/
  13                   "\t#{ip}/128;\n"
  14               else
  15                   "\t#{ip}/32;\n"
  16               end
  17           end.join("")
  18   end
  19   str-%>
  20 };
  21
  22 options {
  23         directory "/var/cache/bind";
  24
  25         auth-nxdomain no;    # conform to RFC1035
  26         listen-on { ! 127.0.0.1; any; };
  27         listen-on-v6 { ! ::1; any; };
  28
  29         allow-transfer { none; };
  30         allow-update { none; };
  31 <% if classes.include?("named::geodns") -%>
  32         blackhole { 192.168.0.0/16; 10.0.0.0/8; 172.16.0.0/12; };
  33 <% end -%>
  34
  35 <%=
  36   allowed='Nagios; '
  37
  38   str =  "\tallow-recursion { " + allowed + " };\n"
  39   str += "\tallow-query { " + allowed + " };\n"
  40
  41   str
  42 -%>
  43
  44         dnssec-enable yes;
  45         dnssec-validation yes;
  46
  47         // Defaults are 100 and 10, causing lots and lots of tiny updates.
  48         // This way, I hope, we'll get fewer (and thus bigger) updates. -- weasel
  49         sig-signing-nodes 5000;
  50         sig-signing-signatures 1000;
  51
  52         max-journal-size 100K;
  53 };
  54
  55 logging {
  56
  57         channel queries {
  58                 file "/var/log/bind9/named-query.log" versions 4 size 40m;
  59                 print-time yes;
  60                 print-category yes;
  61         };
  62         category queries { queries; };
  63         category lame-servers { null; };
  64
  65         channel transfers {
  66                 file "/var/log/bind9/named-transfers.log" versions 4 size 40m;
  67                 print-time yes;
  68                 print-category yes;
  69         };
  70         category xfer-out { transfers; };
  71         category notify { transfers; };
  72
  73 };
  74
  75 include "/etc/bind/named.conf.puppet-shared-keys";
  76 include "/etc/bind/named.conf.puppet-misc";