Skip to content

Series of changes: #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Series of changes: #7

wants to merge 1 commit into from

Conversation

@gramsa49
Copy link

  • Add additional Bind::Options: dnssec-enable, dnssec-validation, listen-on, listen-on-v6, recursion, tkey-gssapi-keytab, version
  • Enable support for TSIG authentication for: allow-transfer, allow-update, also_notify
  • Fix an issue with Bind::Logging when using syslog channel logging

@gramsa49
Copy link
Author

gramsa49 commented Jun 20, 2021
edited by kenyon
Loading

This the error related to the Bind::Logging/syslog fix:

Notice: /Stage[main]/Bind::Config/Concat[/etc/bind/named.conf]/File[/etc/bind/named.conf]/content:
--- /etc/bind/named.conf        2021-06-19 17:58:54.456086044 -0500
+++ /tmp/puppet-file20210619-21855-jbc1q4       2021-06-19 18:19:19.975867480 -0500
@@ -1,6 +1,14 @@
 # Managed by Puppet


+logging {
+    channel syslog {
+        print-category yes;
+        print-severity yes;
+        print-time true;
+        severity dynamic;
+    };
+};

 options {
     directory "/var/cache/bind";

Info: Computing checksum on file /etc/bind/named.conf
Info: /Stage[main]/Bind::Config/Concat[/etc/bind/named.conf]/File[/etc/bind/named.conf]: Filebucketed /etc/bind/named.conf to puppet with sum df3f88e9dc877230a1f78dbd8c2e2180656977d5125fac0d2e5b26221700f74c
Error: Execution of '/usr/sbin/named-checkconf /etc/bind/named.conf20210619-21855-1m7nkcy' returned 1: /etc/bind/named.conf20210619-21855-1m7nkcy:5: channel 'syslog': exactly one of file, syslog, null, and stderr must be present
Error: /Stage[main]/Bind::Config/Concat[/etc/bind/named.conf]/File[/etc/bind/named.conf]/content: change from '{sha256}df3f88e9dc877230a1f78dbd8c2e2180656977d5125fac0d2e5b26221700f74c' to '{sha256}ea037ff85efe055fc1a7ff805c6c29cd31a7c5938c17229bb7526ae3b6a94d74' failed: Execution of '/usr/sbin/named-checkconf /etc/bind/named.conf20210619-21855-1m7nkcy' returned 1: /etc/bind/named.conf20210619-21855-1m7nkcy:5: channel 'syslog': exactly one of file, syslog, null, and stderr must be present

The Hiera data that produced that error:

bind::logging:
  channels:
    syslog:
      print-time: yes
      print-category: yes
      print-severity: yes
      syslog: local0
      severity: dynamic

@gramsa49
Copy link
Author

This is an example configuration that would make use of the

zone "my.domain.org." {
        type master;
        file "/var/lib/bind/zones/db.my.domain.org";
        allow-update { key rndc-key; key dhcpd-key; };
        also-notify { 10.1.2.252 key named; };
        key-directory "/etc/bind/keys/my.domain.org";
        inline-signing yes;
        auto-dnssec maintain;
};

That allows for signed updates and notifies based on both IP and key.
This is important when performing dynamic updates from multiple DHCP serves when multiple views are used. In this case, the ACL can apply the update to the appropriate zone based on the key.

@kenyon kenyon self-assigned this Jun 24, 2021
@gramsa49 @kenyon
Series of changes:
8b61e16 
- Add additional Bind::Options: dnssec-enable, dnssec-validation, listen-on, listen-on-v6, recursion, tkey-gssapi-keytab, version
- Enable support for TSIG authentication for: allow-transfer, allow-update, also_notify
- Fix an issue with Bind::Logging when using syslog channel logging
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@kenyon kenyon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gramsa49 @kenyon