Allow configuration of the check-names and transfer-format options

manifests/acl.pp

@@ -2,6 +2,8 @@
 
 define bind::acl (
     $addresses,
+    $geoip_type = undef,
+    $geoip_location = undef,
 ) {
 
     concat::fragment { "bind-acl-${name}":

manifests/init.pp

@@ -1,133 +1,151 @@
 # ex: syntax=puppet si ts=4 sw=4 et
 
 class bind (
-    $forwarders                           = undef,
-    $forward                              = undef,
-    $dnssec                               = undef,
-    $filter_ipv6                          = undef,
-    $version                              = undef,
-    $statistics_port                      = undef,
-    $auth_nxdomain                        = undef,
-    $include_default_zones                = true,
-    $include_local                        = false,
-    $tkey_gssapi_credential               = undef,
-    $tkey_domain                          = undef,
-    $chroot                               = false,
-    $chroot_class                         = $::bind::defaults::chroot_class,
-    $chroot_dir                           = $::bind::defaults::chroot_dir,
-    # NOTE: we need to be able to override this parameter when declaring class,
-    # especially when not using hiera (i.e. when using Foreman as ENC):
-    $default_zones_include                = $::bind::defaults::default_zones_include,
+  $forwarders             = undef,
+  $forward                = undef,
+  $dnssec                 = undef,
+  $filter_ipv6            = undef,
+  $version                = undef,
+  $statistics_port        = undef,
+  $auth_nxdomain          = undef,
+  $include_default_zones  = true,
+  $include_local          = false,
+  $tkey_gssapi_credential = undef,
+  $tkey_domain            = undef,
+  $chroot                 = false,
+  $chroot_class           = $::bind::defaults::chroot_class,
+  $chroot_dir             = $::bind::defaults::chroot_dir,
+  # NOTE: we need to be able to override this parameter when declaring class,
+  # especially when not using hiera (i.e. when using Foreman as ENC):
+  $default_zones_include  = $::bind::defaults::default_zones_include,
+  $transfer_format        = undef,
+  $check_names_type       = '', #master, slave or response
+  $check_names_handling   = '', #warn, fail or ignore
+  $geoip_directory        = undef,
 ) inherits bind::defaults {
-    if $chroot and !$::bind::defaults::chroot_supported {
-        fail('Chroot for bind is not supported on your OS')
-    }
-    File {
-        ensure  => present,
-        owner   => 'root',
-        group   => $::bind::defaults::bind_group,
-        mode    => '0644',
-        require => Package['bind'],
-        notify  => Service['bind'],
-    }
-
-    include ::bind::updater
+  if $chroot and !$::bind::defaults::chroot_supported {
+    fail('Chroot for bind is not supported on your OS')
+  }
+  File {
+    ensure  => present,
+    owner   => 'root',
+    group   => $::bind::defaults::bind_group,
+    mode    => '0644',
+    require => Package['bind'],
+    notify  => Exec['bind-config-test'],
+  }
 
-    package { 'bind':
-        ensure => latest,
-        name   => $::bind::defaults::bind_package,
-    }
+  include ::bind::updater
 
-    if $chroot and $::bind::defaults::chroot_class {
-        # When using a dedicated chroot class, service declaration is dedicated to this class
-        class { $::bind::defaults::chroot_class : }
-    }
+  package { 'bind':
+    ensure => latest,
+    name   => $::bind::defaults::bind_package,
+  }
 
-    if $dnssec {
-        file { '/usr/local/bin/dnssec-init':
-            ensure => present,
-            owner  => 'root',
-            group  => 'root',
-            mode   => '0755',
-            source => 'puppet:///modules/bind/dnssec-init',
-        }
-    }
+  if $chroot and $::bind::defaults::chroot_class {
+    # When using a dedicated chroot class, service declaration is dedicated to this class
+    class { $::bind::defaults::chroot_class: }
+  }
 
-    # rndc only supports HMAC-MD5
-    bind::key { 'rndc-key':
-        algorithm   => 'hmac-md5',
-        secret_bits => '512',
-        keydir      => $bind::defaults::confdir,
-        keyfile     => 'rndc.key',
-        include     => false,
+  if $dnssec {
+    file { '/usr/local/bin/dnssec-init':
+      ensure => present,
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0755',
+      source => 'puppet:///modules/bind/dnssec-init',
     }
+  }
 
-    file { '/usr/local/bin/rndc-helper':
-        ensure  => present,
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0755',
-        content => template('bind/rndc-helper.erb'),
-    }
+  # rndc only supports HMAC-MD5
+  bind::key { 'rndc-key':
+    algorithm   => 'hmac-md5',
+    secret_bits => '512',
+    keydir      => $bind::defaults::confdir,
+    keyfile     => 'rndc.key',
+    include     => false,
+  }
 
-    file { "${::bind::defaults::confdir}/zones":
-        ensure => directory,
-        mode   => '2755',
-    }
+  file {
+    '/usr/local/bin/rndc-helper':
+      ensure  => present,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0755',
+      content => template('bind/rndc-helper.erb'),
+    ;
+    "${::bind::defaults::confdir}/zones":
+      ensure => directory,
+      mode   => '2755',
+      purge  => true,
+      force  => true,
+    ;
+    "${::bind::defaults::confdir}/zones/geo":
+      ensure => directory,
+      mode   => '2755',
+      purge  => true,
+      force  => true,
+    ;
+    $::bind::defaults::namedconf:
+      content => template('bind/named.conf.erb'),
+  }
 
-    file { $::bind::defaults::namedconf:
-        content => template('bind/named.conf.erb'),
+  if $include_default_zones and $::bind::defaults::default_zones_source {
+    file { $default_zones_include:
+      source => $::bind::defaults::default_zones_source,
     }
+  }
 
-    if $include_default_zones and $::bind::defaults::default_zones_source {
-        file { $default_zones_include:
-            source => $::bind::defaults::default_zones_source,
-        }
-    }
+  class { '::bind::keydir':
+    keydir => "${::bind::defaults::confdir}/keys",
+  }
 
-    class { '::bind::keydir':
-        keydir => "${::bind::defaults::confdir}/keys",
-    }
+  concat { [
+    "${::bind::defaults::confdir}/acls.conf",
+    "${::bind::defaults::confdir}/keys.conf",
+    "${::bind::defaults::confdir}/views.conf",
+    "${::bind::defaults::confdir}/servers.conf",
+    "${::bind::defaults::confdir}/logging.conf",
+    "${::bind::defaults::confdir}/view-mappings.txt",
+    "${::bind::defaults::confdir}/domain-mappings.txt",
+  ]:
+    owner   => 'root',
+    group   => $::bind::defaults::bind_group,
+    mode    => '0644',
+    warn    => true,
+    require => Package['bind'],
+    notify  => Exec['bind-config-test'],
+  }
 
-    concat { [
-        "${::bind::defaults::confdir}/acls.conf",
-        "${::bind::defaults::confdir}/keys.conf",
-        "${::bind::defaults::confdir}/views.conf",
-        "${::bind::defaults::confdir}/servers.conf",
-        "${::bind::defaults::confdir}/logging.conf",
-        "${::bind::defaults::confdir}/view-mappings.txt",
-        "${::bind::defaults::confdir}/domain-mappings.txt",
-        ]:
-        owner   => 'root',
-        group   => $::bind::defaults::bind_group,
-        mode    => '0644',
-        warn    => true,
-        require => Package['bind'],
-        notify  => Service['bind'],
-    }
+  concat::fragment { 'bind-logging-header':
+    order   => '00-header',
+    target  => "${::bind::defaults::confdir}/logging.conf",
+    content => "logging {\n";
+  }
 
-    concat::fragment { 'bind-logging-header':
-        order   => '00-header',
-        target  => "${::bind::defaults::confdir}/logging.conf",
-        content => "logging {\n";
-    }
+  concat::fragment { 'bind-logging-footer':
+    order   => '99-footer',
+    target  => "${::bind::defaults::confdir}/logging.conf",
+    content => "};\n";
+  }
 
-    concat::fragment { 'bind-logging-footer':
-        order   => '99-footer',
-        target  => "${::bind::defaults::confdir}/logging.conf",
-        content => "};\n";
+  # DO NOT declare a bind service when chrooting bind with bind::chroot::package class,
+  # because it needs another dedicated chrooted-bind service (i.e. named-chroot on RHEL)
+  # AND it also needs $::bind::defaults::bind_service being STOPPED and DISABLED.
+  if !$chroot or ($chroot and $::bind::defaults::chroot_class == 'bind::chroot::manual') {
+    exec { 'bind-config-test':
+      path        => '/usr/sbin',
+      command     => "named-checkconf ${::bind::defaults::namedconf} > ${::bind::defaults::confdir}/named-checkconf.output 2>&1",
+      refreshonly => true,
+      notify      => Service['bind'],
     }
 
-    # DO NOT declare a bind service when chrooting bind with bind::chroot::package class,
-    # because it needs another dedicated chrooted-bind service (i.e. named-chroot on RHEL)
-    # AND it also needs $::bind::defaults::bind_service being STOPPED and DISABLED.
-    if !$chroot or ($chroot and $::bind::defaults::chroot_class == 'bind::chroot::manual') {
-        service { 'bind':
-            ensure     => running,
-            name       => $::bind::defaults::bind_service,
-            enable     => true,
-            hasrestart => true,
-            hasstatus  => true,
-        }
+    service { 'bind':
+      ensure     => running,
+      name       => $::bind::defaults::bind_service,
+      enable     => true,
+      hasrestart => true,
+      hasstatus  => true,
     }
+  }
 }

manifests/logging/channel.pp

@@ -4,6 +4,7 @@
     $destination     = 'file',
     $file_path       = $::bind::defaults::logdir,
     $file_name       = '',
+    $file_options    = '',
     $syslog_facility = '',
     $severity        = '',
     $print_category  = true,

manifests/server.pp

@@ -1,16 +1,17 @@
 # ex: syntax=puppet si ts=4 sw=4 et
 
 define bind::server (
-    $bogus     = false,
-    $edns      = true,
-    $key       = undef,
-    $transfers = undef,
+  $bogus           = false,
+  $edns            = true,
+  $key             = undef,
+  $transfers       = undef,
+  $transfer_format = undef,
 ) {
-    include ::bind
+  include ::bind
 
-    concat::fragment { "bind-server-${name}":
-        order   => 10,
-        target  => "${::bind::confdir}/servers.conf",
-        content => template('bind/server.erb'),
-    }
+  concat::fragment { "bind-server-${name}":
+    order   => 10,
+    target  => "${::bind::confdir}/servers.conf",
+    content => template('bind/server.erb'),
+  }
 }

manifests/view.pp

@@ -19,6 +19,10 @@
     $empty_zones                  = '',
     $order                        = '10',
     $minimal_responses            = false,
+    $transfer_format              = '',
+    $check_names_type             = '', #master, slave or response
+    $check_names_handling         = '', #warn, fail or ignore
+    $geo_zones                    = [],
 ) {
     $confdir = $::bind::confdir
     $default_zones_include = $::bind::default_zones_include

manifests/zone.pp

@@ -20,6 +20,10 @@
     $forward         = '',
     $source          = '',
     $forwarders_port = 53,
+    $transfer_format = '',
+    $check_names     = '',
+    $deploy_file     = true,
+    $in_view         = '',
 ) {
     # where there is a zone, there is a server
     include ::bind
@@ -81,6 +85,10 @@
         fail("source may only be provided for bind::zone resources with zone_type 'master' or 'hint'")
     }
 
+    unless !($check_names != '' and ! member(['warn', 'fail', 'ignore'], $check_names)) {
+        fail("check_names must be 'warn', 'fail' or 'ignore'")
+    }
+
     $zone_file_mode = $zone_type ? {
         'master' => $dynamic ? {
             true  => 'init',
@@ -149,14 +157,26 @@
         }
     }
 
-    file { "${::bind::confdir}/zones/${name}.conf":
-        ensure  => present,
-        owner   => 'root',
-        group   => $bind_group,
-        mode    => '0644',
-        content => template('bind/zone.conf.erb'),
-        notify  => Service['bind'],
-        require => Package['bind'],
+    if $in_view != '' {
+        file { "${::bind::confdir}/zones/geo/${name}.conf":
+          ensure  => present,
+          owner   => 'root',
+          group   => $bind_group,
+          mode    => '0644',
+          content => template('bind/zone.conf.erb'),
+          notify  => Exec['bind-config-test'],
+          require => Package['bind'],
+        }
+    } else {
+        file { "${::bind::confdir}/zones/${name}.conf":
+          ensure  => present,
+          owner   => 'root',
+          group   => $bind_group,
+          mode    => '0644',
+          content => template('bind/zone.conf.erb'),
+          notify  => Exec['bind-config-test'],
+          require => Package['bind'],
+        }
     }
 
     concat::fragment { "bind-zone-mapping-${name}":

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "inkblot-bind",
-  "version": "7.4.0",
+  "version": "7.4.0-a",
   "author": "inkblot",
   "license": "Apache-2.0",
   "summary": "ISC BIND name server",

templates/acl.erb

@@ -3,4 +3,15 @@ acl <%= @name %> {
 <%- Array(@addresses).each do |address| -%>
 	<%= address %>;
 <%- end -%>
+<%- if @geoip_type and @geoip_location and @geoip_type == 'city' -%>
+    geoip <%= @geoip_type %> "<%= @geoip_location %>";
+<%- elsif @geoip_type and @geoip_location -%>
+  <%- if @geoip_location.is_a?(Array) -%>
+    <%- Array(@geoip_location).each do |geo_loc| -%>
+    geoip <%= @geoip_type %> <%= geo_loc %>;
+    <%- end -%>
+  <%- else -%>
+    geoip <%= @geoip_type %> <%= @geoip_location %>;
+  <%- end -%>
+<%- end -%>
 };