{"id":20622319,"url":"https://github.com/smoeding/puppet-bind","last_synced_at":"2025-04-15T12:33:37.740Z","repository":{"id":55941679,"uuid":"308549564","full_name":"smoeding/puppet-bind","owner":"smoeding","description":"Manage the BIND name server using Puppet","archived":false,"fork":false,"pushed_at":"2025-01-02T10:45:03.000Z","size":252,"stargazers_count":2,"open_issues_count":0,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-12T04:35:14.327Z","etag":null,"topics":["bind9","dns","puppet-module"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smoeding.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-10-30T06:57:05.000Z","updated_at":"2025-01-02T10:36:52.000Z","dependencies_parsed_at":"2024-10-22T12:50:04.026Z","dependency_job_id":"69ff0e9b-feb4-4bc0-810b-50c6c6503e8b","html_url":"https://github.com/smoeding/puppet-bind","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smoeding%2Fpuppet-bind","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smoeding%2Fpuppet-bind/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smoeding%2Fpuppet-bind/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smoeding%2Fpuppet-bind/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smoeding","download_url":"https://codeload.github.com/smoeding/puppet-bind/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249072432,"owners_count":21208185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bind9","dns","puppet-module"],"created_at":"2024-11-16T12:22:13.081Z","updated_at":"2025-04-15T12:33:37.711Z","avatar_url":"https://github.com/smoeding.png","language":"Ruby","readme":"# bind\n\n[![Build Status](https://github.com/smoeding/puppet-bind/actions/workflows/CI.yaml/badge.svg)](https://github.com/smoeding/puppet-bind/actions/workflows/CI.yaml)\n[![Puppet Forge](http://img.shields.io/puppetforge/v/stm/bind.svg)](https://forge.puppetlabs.com/stm/bind)\n[![License](https://img.shields.io/github/license/smoeding/puppet-bind.svg)](https://raw.githubusercontent.com/smoeding/puppet-bind/master/LICENSE)\n\n## Table of Contents\n\n1. [Description](#description)\n1. [Setup - The basics of getting started with bind](#setup)\n    * [What bind affects](#what-bind-affects)\n    * [Setup requirements](#setup-requirements)\n    * [Beginning with bind](#beginning-with-bind)\n1. [Usage - Configuration options and additional functionality](#usage)\n1. [Limitations - OS compatibility, etc.](#limitations)\n1. [Development - Guide for contributing to the module](#development)\n\n## Description\n\nThis module manages the BIND Name Server on Debian and Ubuntu. The module supports setting up a Caching Name Server or an Authoritative Name Server using primary and secondary zones.\n\n## Setup\n\n### What bind affects\n\nThe module manages the `named` process and related service files. It also managed the configuration and zone files. On Debian and Ubuntu these files are below the `/etc/bind`, `/var/lib/bind` and `/var/cache/bind` directories. The module uses a multi-level directory tree below `/var/lib/bind` and `/var/cache/bind` to separate primary and secondary zone files.\n\n### Setup Requirements\n\nThe module uses the `stdlib` and `concat` modules. It is tested on Debian and Ubuntu using Puppet 8.\n\n### Beginning with bind\n\nSet up a caching name server on localhost:\n\n```puppet\nclass { 'bind':\n  listen_on         =\u003e [ '127.0.0.1', ],\n  listen_on_v6      =\u003e [ 'none', ],\n  allow_query       =\u003e [ 'localhost', ],\n  allow_query_cache =\u003e [ 'localhost', ],\n  allow_recursion   =\u003e [ 'localhost', ],\n}\n```\n\nOr with hiera:\n\n```puppet\nbind::listen_on: ['127.0.0.1']\nbind::listen_on_v6: ['none']\nbind::allow_query: ['localhost']\nbind::allow_query_cache: ['localhost']\nbind::allow_recursion: ['localhost']\n```\n\n## Usage\n\n### Caching name server\n\nSet up a caching name server that provides recursive name resolution for a local subnet:\n\n```puppet\nclass { 'bind':\n  allow_query       =\u003e [ 'localhost', 'lan', ],\n  allow_query_cache =\u003e [ 'localhost', 'lan', ],\n  allow_recursion   =\u003e [ 'localhost', 'lan', ],\n}\n\nbind::acl { 'lan':\n  address_match_list =\u003e [ '192.168.10.0/24' ],\n}\n```\n\nOr with hiera:\n\n```puppet\nbind::allow_query:\n  - localhost\n  - lan\nbind::allow_query_cache:\n  - localhost\n  - lan\nbind::allow_recursion:\n  - localhost\n  - lan\n\nbind::acls:\n  lan:\n    address_match_list: ['192.168.10.0/24']\n```\n\n### Caching name server with forwarders\n\nSet up a caching name server that provides recursive name resolution for a local subnet and uses forwarders:\n\n```puppet\nclass { 'bind':\n  allow_query       =\u003e [ 'localhost', '10/8', ],\n  allow_query_cache =\u003e [ 'localhost', '10/8', ],\n  allow_recursion   =\u003e [ 'localhost', '10/8', ],\n  forwarders        =\u003e [ '10.0.0.53', '10.1.1.53', ],\n}\n```\n\nOr with hiera:\n\n```puppet\nbind::allow_query:\n  - localhost\n  - 10/8\nbind::allow_query_cache:\n  - localhost\n  - 10/8\nbind::allow_recursion:\n  - localhost\n  - 10/8\nbind::forwarders:\n  - 10.0.0.53\n  - 10.1.1.53\n```\n\n### Manage a primary zone\n\nAdd a primary zone for the `example.com` domain and manage the zone file using Puppet:\n\n```puppet\nbind::zone::primary { 'example.com':\n  source =\u003e 'puppet:///modules/profile/dns/example.com.zone',\n}\n```\n\nOr with hiera:\n\n```puppet\nbind::zone::primaries:\n  example.com:\n    source: 'puppet:///modules/profile/dns/example.com.zone'\n```\n\nThe zone file will be managed on the server as `/var/lib/bind/primary/com/example/db.example.com`. This tree structure is better than a flat directory structure if many zones will be managed by the server.\n\n### Manage a primary zone with dynamic updates\n\nAdd a primary zone for the `example.com` domain and allow dynamic updates using a generated key called `nsupdate`:\n\n```puppet\nbind::key { 'nsupdate':\n  secret  =\u003e 'TopSecret',\n  keyfile =\u003e '/etc/bind/nsupdate.key',\n}\n\nbind::zone::primary { 'example.com':\n  update_policy =\u003e ['grant nsupdate zonesub any'],\n  content       =\u003e epp(\"profile/dynamic-zone-template.epp\", $params),\n}\n```\n\nOr with hiera:\n\n```puppet\nbind::keys:\n  nsupdate:\n    secret: TopSecret\n    keyfile: /etc/bind/nsupdate.key\n\nbind::zone::primaries:\n  example.com:\n    update_policy: ['grant nsupdate zonesub any']\n    source: 'puppet:///modules/profile/dns/example.com.zone'\n```\n\nIf the zone file `/var/lib/bind/primary/com/example/db.example.com` does not exist on the name server, a new file will be created using the specified template. After that the file content can not be managed by Puppet as `named` will periodically need to update the zone file when processing dynamic updates. The `source` or `content` parameters are ignored in this case.\n\nManual updates to the zone file will have to be done locally on the name server. Remember that you need to use `rndc freeze example.com` and `rndc thaw example.com` when editing the zone file manually.\n\n### Define a DNSSEC policy for a zone\n\nCreate a new DNSSEC policy named `standard` with a Combined Signing Key (CSK) and use the policy to create a DNSSEC signed zone:\n\n```puppet\nbind::dnssec_policy { 'standard':\n  csk_lifetime  =\u003e 'unlimited',\n  csk_algorithm =\u003e 'ecdsap256sha256',\n}\n\nbind::zone::primary { 'example.net':\n  dnssec_policy  =\u003e 'standard',\n  inline_signing =\u003e true,\n  source         =\u003e 'puppet:///modules/profile/dns/example.net.zone',\n}\n```\n\nOr with hiera:\n\n```puppet\nbind::dnssec_policies:\n  standard:\n    csk_lifetime: unlimited\n    csk_algorithm: ecdsap256sha256\n\nbind::zone::primaries:\n  example.net:\n    dnssec_policy: standard\n    inline_signing: true\n    source: 'puppet:///modules/profile/dns/example.net.zone'\n}\n```\n\nDNSSEC policies are available with Bind 9.16 and later.\n\n### Create views for internal and external access\n\nThe view `internal` allow recursive DNS resolution for all hosts on the local network.\n\n```puppet\nbind::view { 'internal':\n  match_clients   =\u003e [ 'localnets', ],\n  allow_query     =\u003e [ 'localnets', ],\n  allow_recursion =\u003e [ 'localnets', ],\n  recursion       =\u003e true,\n  order           =\u003e '10',\n}\n```\n\nOr with hiera:\n\n```puppet\nbind::views:\n  internal:\n    match_clients: ['localnets']\n    allow_query: ['localnets']\n    allow_recursion: ['localnets']\n    recursion: true\n    order: '10'\n```\n\nThe view `external` is for all other hosts and should only be used for your primary or secondary zones.\n\n```puppet\nbind::view { 'external':\n  match_clients            =\u003e [ 'any', ],\n  allow_query              =\u003e [ 'any', ],\n  recursion                =\u003e false,\n  localhost_forward_enable =\u003e false,\n  localhost_reverse_enable =\u003e false,\n  order                    =\u003e '20',\n}\n```\n\nOr with hiera:\n\n```puppet\nbind::views:\n  external:\n    match_clients: ['any']\n    allow_query: ['any']\n    recursion: false\n    localhost_forward_enable: false\n    localhost_reverse_enable: false\n    order: '20'\n```\n\nThe defined types `bind::zone::primary` and `bind::zone::secondary` can be used to add zones to this view.\n\n## Reference\n\nSee [REFERENCE.md](https://github.com/smoeding/puppet-bind/blob/master/REFERENCE.md)\n\n## Limitations\n\nNot all BIND features are currently implemented as I started with the options I needed myself. Some options are not yet available and features like DNSSEC are not well tested.\n\nCreating DNSSEC keys manually using the `dnssec_key` type with automatic rollover is discouraged. The defined type `bind::dnssec_policy` should be used instead.\n\n## Development\n\nYou may open Github issues for this module if you need additional options currently not available.\n\nFeel free to send pull requests for new features.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmoeding%2Fpuppet-bind","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmoeding%2Fpuppet-bind","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmoeding%2Fpuppet-bind/lists"}