class named::primary inherits named::authoritative {
	include dnsextras::entries

	@ferm::rule { '01-dsa-bind-4':
		domain      => '(ip ip6)',
		description => 'Allow nameserver access',
		rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )',
	}

	file { '/etc/bind/named.conf.debian-zones':
		content => template('named/named.conf.debian-zones.erb'),
		notify  => Service['bind9'],
	}

	concat::fragment { 'dsa-named-conf-puppet-misc---named.conf.external-secondaries-ACLs':
		target => '/etc/bind/named.conf.puppet-misc',
		order  => '010',
		content => template('named/named.conf.external-secondaries-ACLs.erb'),
	}

	concat::fragment { 'dsa-named-conf-puppet-misc---local-shared-keys':
		target => '/etc/bind/named.conf.puppet-misc',
		order  => '011',
		content  => @(EOF),
			include "/etc/bind/named.conf.shared-keys";
			| EOF
	}
}