secure 29.172.in-addr.arpa

diff --git a/modules/unbound/files/29.172.in-addr.arpa.key b/modules/unbound/files/29.172.in-addr.arpa.key
new file mode 100644 (file)
index 0000000..1ff6a29
--- /dev/null
+++ b/modules/unbound/files/29.172.in-addr.arpa.key
@@ -0,0 +1,3 @@
+; DS record, April 2013'
+29.172.in-addr.arpa.    IN DS 29088 7 2 BAD9990C3107B7D30AB51ECEF6976CB1ABD4FF2060B641C9FCF11F4CF7459C4F
+

diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp
index bb48f64..3a0eeb3 100644 (file)
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -46,6 +46,14 @@ class unbound {
                mode    => '0644',
                source  => 'puppet:///modules/unbound/debian.org.key'
        }
+       file { '/var/lib/unbound/29.172.in-addr.arpa.key':
+               ensure  => present,
+               replace => false,
+               owner   => unbound,
+               group   => unbound,
+               mode    => '0644',
+               source  => 'puppet:///modules/unbound/29.172.in-addr.arpa.key'
+       }
        file { '/etc/unbound/unbound.conf':
                content => template('unbound/unbound.conf.erb'),
                require => [

diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index e8e8b58..080bf95 100644 (file)
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -43,6 +43,7 @@ server:
        # auto-trust-anchor-file: ""
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
+       auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
 
 # recursive: <%= @is_recursor ? "y" : "n" %>
 <% if not @is_recursor -%>