{"id":15061231,"url":"https://github.com/kenyon/puppet-bind","last_synced_at":"2026-03-04T20:32:40.426Z","repository":{"id":46343581,"uuid":"347487096","full_name":"kenyon/puppet-bind","owner":"kenyon","description":"Puppet module for managing the BIND DNS server and DNS zones","archived":false,"fork":false,"pushed_at":"2025-03-26T22:07:13.000Z","size":393,"stargazers_count":3,"open_issues_count":2,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-24T06:57:27.839Z","etag":null,"topics":["bind","bind9","dns","named","puppet","puppet-module"],"latest_commit_sha":null,"homepage":"https://forge.puppet.com/modules/kenyon/bind","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kenyon.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"kenyon"}},"created_at":"2021-03-13T21:54:58.000Z","updated_at":"2025-08-20T00:52:43.000Z","dependencies_parsed_at":"2024-03-17T01:58:56.842Z","dependency_job_id":"29d0ea55-dc4d-42cf-83aa-47359a00d295","html_url":"https://github.com/kenyon/puppet-bind","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/kenyon/puppet-bind","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenyon%2Fpuppet-bind","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenyon%2Fpuppet-bind/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenyon%2Fpuppet-bind/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenyon%2Fpuppet-bind/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kenyon","download_url":"https://codeload.github.com/kenyon/puppet-bind/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenyon%2Fpuppet-bind/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30091779,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T19:41:02.502Z","status":"ssl_error","status_checked_at":"2026-03-04T19:40:05.550Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bind","bind9","dns","named","puppet","puppet-module"],"created_at":"2024-09-24T23:12:13.671Z","updated_at":"2026-03-04T20:32:39.676Z","avatar_url":"https://github.com/kenyon.png","language":"Ruby","readme":"\u003c!-- SPDX-License-Identifier: AGPL-3.0-or-later --\u003e\n\n# bind\n\n## Table of Contents\n\n1. [Description](#description)\n1. [Setup - The basics of getting started with bind](#setup)\n   - [What bind affects](#what-bind-affects)\n   - [Setup requirements](#setup-requirements)\n   - [Beginning with bind](#beginning-with-bind)\n1. [Usage - Configuration options and additional functionality](#usage)\n   - [Recursive, caching only](#recursive-caching-only)\n   - [Authoritative only](#authoritative-only)\n   - [Authoritative and caching](#authoritative-and-caching)\n   - [The `resource_record` type](#the-resource_record-type)\n   - [The `bind::key` defined type](#the-bindkey-defined-type)\n1. [Limitations - OS compatibility, etc.](#limitations)\n1. [Development - Guide for contributing to the module](#development)\n   - [Running tests](#running-tests)\n   - [Generating documentation](#generating-documentation)\n   - [Release process](#release-process)\n1. [Alternatives](#alternatives)\n1. [BIND documentation](#bind-documentation)\n1. [License](#license)\n\n## Description\n\nThis module manages the [BIND](https://www.isc.org/bind/) DNS server and associated [DNS\nzones](https://en.wikipedia.org/wiki/DNS_zone).\n\n## Setup\n\n### What bind affects\n\n- the BIND package, service, configuration, and zone files\n- a [resolvconf](https://en.wikipedia.org/wiki/Resolvconf) package, by default\n  [openresolv](https://roy.marples.name/projects/openresolv/), is installed if\n  `resolvconf_service_enable` is `true`. This causes the localhost's BIND to be used in\n  `/etc/resolv.conf`.\n- if configured to install the backported package, also affects\n  [APT](https://tracker.debian.org/pkg/apt) sources by ensuring that backports are available.\n\n### Setup requirements\n\nSee [`metadata.json`](metadata.json) for supported operating systems, supported Puppet versions,\nand Puppet module dependencies.\n\n### Beginning with bind\n\nFor a default configuration that provides recursive, caching name resolution service:\n\n```puppet\ninclude bind\n```\n\nOn Debian, install the `bind9` package from the backports repository (ensures that the\n`$facts['os']['distro']['codename']-backports` apt source is configured using the\n[`puppetlabs-apt`](https://github.com/puppetlabs/puppetlabs-apt) module, but will fail if a\nbackported package does not exist for your particular\n`$facts['os']['distro']['codename']-backports` repo; check on the [Debian package\ntracker](https://tracker.debian.org/pkg/bind9)):\n\n```puppet\nclass { 'bind':\n  package_backport =\u003e true,\n}\n```\n\n## Usage\n\nSee the [reference](REFERENCE.md) for available class parameters and defaults. For\nplatform-specific defaults, see the [`data`](data) directory, which is organized according to\n[`hiera.yaml`](hiera.yaml).\n\nThe test suite in the [`spec`](spec) directory is a good source for usage examples.\n\nTo manage the resource records of a zone with this module, the zone must be dynamically updatable\nby the host being managed, via either the `allow-update` or `update-policy` configuration\noptions.\n\n### Recursive, caching only\n\nUsing a minimal configuration with BIND defaults:\n\n```puppet\ninclude bind\n```\n\nTODO: provide more examples.\n\n### Authoritative only\n\nNote that support for authoritative servers is incomplete in this module.\n\nWhen creating a new zone with BIND, the zone file must have a `$TTL`, a SOA record, an NS record,\nand an address record for that host used in the NS record. All of these have defaults (see the\n`zone_default_*` parameters of [`init.pp`](manifests/init.pp) and the [initial zone\ntemplate](templates/db.empty.epp)) so you don't have to specify them. The default initial zone\ncreates `A` and `AAAA` records based on the host's facts. Those default NS records are only used\nif no NS records are provided for the zone's origin. You should specify your own SOA and NS\nrecords unless you happen to want those defaults. Note that if you want to provide your own NS\nrecords at the zone origin, you also have to provide your own SOA record.\n\n```puppet\nclass { 'bind':\n  authoritative =\u003e true,\n  # TODO: add settings to disable recursive query support\n}\n```\n\nTODO: provide more examples.\n\n### Authoritative and caching\n\n```puppet\nclass { 'bind':\n  authoritative =\u003e true,\n}\n```\n\nTODO: provide more examples.\n\n### The `resource_record` type\n\nDNS resource records can be created with the `resource_record` Puppet type.\n\nEquivalent examples:\n\n```puppet\nresource_record { 'www.example.com. AAAA':\n  data =\u003e '2001:db8::1',\n}\n```\n\n```puppet\nresource_record { 'my record':\n  zone   =\u003e 'example.com.',\n  record =\u003e 'www',\n  type   =\u003e 'AAAA',\n  data   =\u003e '2001:db8::1',\n}\n```\n\nThe title of `resource_record` resources can be in one of the following formats:\n\n1. Name, zone, type: `www.example.com. AAAA` (AAAA record `www` in the `example.com.` zone)\n1. Name and zone: `www.example.com.` (record `www` in the `example.com.` zone with type specified as a parameter)\n1. Name and type: `www AAAA` (AAAA record `www` in a zone specified as a parameter)\n1. Name: `www` (record `www` with zone and type specified as parameters)\n1. Any other format means all of the required parameters need to be specified in the resource definition.\n\n### The `bind::key` defined type\n\nTSIG keys for dynamic zone updates used by clients can be added to the configuration as follows.\n\n```puppet\nbind::key { 'key_name':\n  algorithm =\u003e 'hmac-sha512',\n  secret    =\u003e 'ZlfCDgP7d3g7LjV4YMLg62EbpLZRCt9BMh3MyqiZfPX5Y2IcTyx/la6PMsfAqLMM9QDadZiNiLVzD4IPoI/4hg==',\n}\n```\n\nThe key's secret needs to be generated using the BIND tool `tsig-keygen`; example:\n\n```bash\ntsig-keygen -a $algorithm [$key_name]\n```\n\n## Limitations\n\nSee [`metadata.json`](metadata.json) for supported operating systems, supported Puppet versions,\nand Puppet module dependencies.\n\nDowngrading the package by setting `package_backport =\u003e false` (after it had been `true`) is not\nsupported by this module, but you can of course do such a downgrade manually outside of Puppet.\n\nChanging the value provided for a zone's `$TTL` directive after initial zone creation is not\nsupported by this module (because the zone file is only created initially from a template and\nthen never replaced, only updated dynamically using the [RFC\n2136](https://tools.ietf.org/html/rfc2136) method), but you can do this manually outside of\nPuppet.\n\n## Development\n\nThe development of this module attempts to be\n[test-driven](https://en.wikipedia.org/wiki/Test-driven_development) as much as possible.\nTherefore, changes should generally be accompanied by tests. The test suite is located in the\n[`spec`](spec) directory. Acceptance tests (in the [`acceptance`](spec/acceptance) directory) use\n[Serverspec](https://serverspec.org/), while unit tests (everything else) use\n[rspec-puppet](https://rspec-puppet.com/).\n\n### Running tests\n\n[PDK](https://puppet.com/docs/puppet/latest/pdk_install.html) and\n[Docker](https://docs.docker.com/engine/) must be installed and working.\n[GNU Parallel](https://tracker.debian.org/pkg/parallel) is used to run acceptance tests in\nparallel by default. This can be disabled with the `--no-parallel` option.\n\n```console\n./run_tests\n```\n\n### Generating documentation\n\n```console\npdk bundle exec rake strings:generate:reference\n```\n\nSee also:\n\n- [Puppet Strings](https://puppet.com/docs/puppet/latest/puppet_strings.html)\n\n### Release process\n\n1. `git checkout main`\n1. Update the version in `metadata.json` to the to-be-released version.\n1. `pdk bundle exec rake changelog`\n1. `git commit --all`\n1. `git tag -a \u003cversion\u003e`\n1. `pdk build`\n1. `git push` (I have `git config --global push.followTags true` so that the tag will also be\n   pushed. This also causes the `publish.yaml` GitHub workflow to build and publish a release to the\n   Puppet Forge.)\n1. `gh release create \u003cversion\u003e pkg/kenyon-bind-\u003cversion\u003e.tar.gz` (using [GitHub CLI](https://cli.github.com/))\n\n## Alternatives\n\n[Other BIND modules on Puppet Forge](https://forge.puppet.com/modules?q=bind)\n\n## BIND documentation\n\n- [BIND Administrator Reference Manual](https://bind9.readthedocs.io/)\n\n## Acknowledgments\n\nThe following files came from the [Debian package](https://tracker.debian.org/pkg/bind9) and are\nlicensed under the [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/).\n\n- [`files/etc/bind/db.0`](files/etc/bind/db.0)\n- [`files/etc/bind/db.127`](files/etc/bind/db.127)\n- [`files/etc/bind/db.255`](files/etc/bind/db.255)\n- [`files/etc/bind/db.local`](files/etc/bind/db.local)\n\n## License\n\nCopyright ⓒ 2021 Kenyon Ralph\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU Affero General Public License as\npublished by the Free Software Foundation, either version 3 of the\nLicense, or (at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU Affero General Public License for more details.\n\nYou should have received a copy of the GNU Affero General Public License\nalong with this program. If not, see \u003chttps://www.gnu.org/licenses/\u003e.\n","funding_links":["https://github.com/sponsors/kenyon"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkenyon%2Fpuppet-bind","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkenyon%2Fpuppet-bind","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkenyon%2Fpuppet-bind/lists"}