class named::primary inherits named::authoritative {
	include dnsextras::entries

	@ferm::rule { '01-dsa-bind-4':
		domain      => '(ip ip6)',
		description => 'Allow nameserver access',
		rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )',
	}

	file { '/etc/bind/named.conf.debian-zones':
		content => template('named/named.conf.debian-zones.erb'),
		notify  => Service['bind9'],
	}
}