ensure our tsig keys are protected

author Martin Zobel-Helas <zobel@debian.org>

Thu, 24 Dec 2009 15:30:04 +0000 (16:30 +0100)

committer Martin Zobel-Helas <zobel@debian.org>

Thu, 24 Dec 2009 15:30:04 +0000 (16:30 +0100)
author Martin Zobel-Helas <zobel@debian.org>
Thu, 24 Dec 2009 15:30:04 +0000 (16:30 +0100)
committer Martin Zobel-Helas <zobel@debian.org>
Thu, 24 Dec 2009 15:30:04 +0000 (16:30 +0100)
diff --git a/modules/named/manifests/secondary.pp b/modules/named/manifests/secondary.pp

index 003f1fe..8d00d0a 100644 (file)
--- a/modules/named/manifests/secondary.pp
+++ b/modules/named/manifests/secondary.pp
@@ -4,5 +4,10 @@ class named::secondary inherits named {
                       "puppet:///named/common/named.conf.debian-zones" ],
          notify  => Exec["bind9 reload"],
      }
+    file { "/etc/bind/named.conf.shared-keys":
+        mode    => 640,
+        owner   => root,
+        group   => bind,
+    }
  }
author	Martin Zobel-Helas <zobel@debian.org>
	Thu, 24 Dec 2009 15:30:04 +0000 (16:30 +0100)
committer	Martin Zobel-Helas <zobel@debian.org>
	Thu, 24 Dec 2009 15:30:04 +0000 (16:30 +0100)