cookbook 'bind', '= 3.0.2'
bind
(42) Versions
3.0.2
-
Follow24
Installs/Configures ISC BIND
cookbook 'bind', '= 3.0.2', :supermarket
knife supermarket install bind
knife supermarket download bind
bind Cookbook
Description
A chef cookbook to manage BIND servers and zones.
Requirements
This cookbook follows the library pattern. To use the cookbook effectively you'll need a wrapper cookbook that uses the resources provided in this cookbook.
A default recipe is provided. It only provides a basic recursive name server.
Platforms
- CentOS/RHEL 7+
- Debian 9+
- Ubuntu 18.04+
Chef
- Chef 15.3+
Attributes
Most attributes have been removed in favour of custom resources. See the [MIGRATION.md](MIGRATION.md) document.
Resources
The following resources are provided:
- [bind_acl](documentation/bind_acl.md)
- [bind_config](documentation/bind_config.md)
- [bind_forward_zone](documentation/bind_forward_zone.md)
- [bind_key](documentation/bind_key.md)
- [bind_linked_zone](documentation/bind_linked_zone.md)
- [bind_logging_category](documentation/bind_logging_category.md)
- [bind_logging_channel](documentation/bind_logging_channel.md)
- [bind_primary_zone](documentation/bind_primary_zone.md)
- [bind_primary_zone_template](documentation/bind_primary_zone_template.md)
- [bind_secondary_zone](documentation/bind_secondary_zone.md)
- [bind_server](documentation/bind_server.md)
- [bind_service](documentation/bind_service.md)
- [bind_stub_zone](documentation/bind_stub_zone.md)
- [bind_view](documentation/bind_view.md)
Usage
Using custom resources leads to a quite flexible configuration, but requires a little bit more work in a wrapper cookbook to use. The following examples are presented here:
- Internal recursive nameserver
- Authoritative primary nameserver
- Authoritative secondary nameserver
- Using views for internal recursion and external authoritative name service
Internal recursive nameserver
bind_service 'default' do action [:create, :start] end bind_config 'default' do ipv6_listen true options [ 'check-names slave ignore', 'multi-master yes', 'provide-ixfr yes', 'recursive-clients 10000', 'request-ixfr yes', 'allow-notify { acl-dns-masters; acl-dns-slaves; }', 'allow-query { example-lan; localhost; }', 'allow-query-cache { example-lan; localhost; }', 'allow-recursion { example-lan; localhost; }', 'allow-transfer { acl-dns-masters; acl-dns-slaves; }', 'allow-update-forwarding { any; }', ] end bind_acl 'acl-dns-masters' do entries [ '! 10.1.1.1', '10/8' ] end bind_acl 'acl-dns-slaves' do entries [ 'acl-dns-masters' ] end bind_acl 'example-lan' do entries [ '10.2/16', '10.3.2/24', '10.4.3.2' ] end
Authoritative primary nameserver
There are two ways to create primary zone files with this cookbook. The first is by providing a complete zone file that is placed in the correct directory (and is added to the nameserver configuration by using the bind_primary_zone
resource). The second way is by using the bind_primary_zone_template
resource. To use this you need to provide an array of hashes containing the records you want to be added to the zone file.
The following example has both options shown. In a wrapper cookbook add the code below with appropriate modifications.
You'll need to configure the ACL entries (and names) for the example-lan and acl-dns-masters ACLs for your local configuration.
You will also need to arrange for the zone files to be placed in the configured location (which is OS dependent by default).
Resource style:
bind_service 'default' do action [:create, :start] end bind_config 'default' do ipv6_listen true options [ 'recursion no', 'allow-query { any; }', 'allow-transfer { external-private-interfaces; external-dns; }', 'allow-notify { external-private-interfaces; external-dns; localhost; }', 'listen-on-v6 { any; }' ] end bind_acl 'external-private-interfaces' do entries [ ] end bind_acl 'external-dns' do entries [ ] end cookbook_file '/var/named/primary/db.example.com' do owner 'named' group 'named' mode '0440' action :create end bind_primary_zone 'example.com' bind_primary_zone_template 'example.org' do soa serial: 100 default_ttl 200 records [ { type: 'NS', rdata: 'ns1.example.org.' }, { type: 'NS', rdata: 'ns2.example.org.' }, { type: 'MX', rdata: '10 mx1.example.org.' }, { type: 'MX', rdata: '20 mx1.example.org.' }, { owner: 'www', type: 'A', ttl: 20, rdata: '10.5.0.1' }, { owner: 'ns1', type: 'A', ttl: 20, rdata: '10.5.1.1' }, { owner: 'ns2', type: 'A', ttl: 20, rdata: '10.5.2.1' }, { owner: 'mx1', type: 'A', ttl: 20, rdata: '10.5.1.100' }, { owner: 'mx2', type: 'A', ttl: 20, rdata: '10.5.2.100' }, ] end
Authoritative secondary nameserver
In a wrapper cookbook add the code below with appropriate modifications.
You'll need to configure the ACL entries (and names) for the example-lan and acl-dns-masters ACLs for your local configuration.
bind_service 'default' do action [:create, :start] end bind_config 'default' do ipv6_listen true options [ 'recursion no', 'allow-query { any; }', 'allow-transfer { external-private-interfaces; external-dns; }', 'allow-notify { external-private-interfaces; external-dns; localhost; }', 'listen-on-v6 { any; }' ] end bind_acl 'acl-dns-masters' do entries [ '! 10.1.1.1', '10/8' ] end bind_acl 'acl-dns-slaves' do entries [ 'acl-dns-masters' ] end bind_acl 'example-lan' do entries [ '10.2/16', '10.3.2/24', '10.4.3.2' ] end bind_secondary_zone 'example.com' do primaries %w(192.0.2.10 192.0.2.11 192.0.2.12) end bind_secondary_zone 'example.org' do primaries %w(192.0.2.10 192.0.2.11 192.0.2.12) end
Using views for internal recursion and external authoritative name service
Using the bind_view
resource allows you to configure one or more views in the configuration. When using bind_view
you will need to tell the zone resources which view they should be configured in. If this is omitted the zone will be configured in the bind_config
property default_view
(which defaults to default
).
bind_service 'default' bind_config 'default' do default_view 'external' end bind_view 'internal' do match_clients ['10.0.0.0/8'] options [ 'recursion yes' ] end bind_primary_zone 'internal-example.com' do view 'internal' zone_name 'example.com' end bind_primary_zone 'secret.example.com' do view 'internal' end bind_view 'external' do options [ 'recursion no' ] end bind_primary_zone 'example.com'
Nameserver in chroot mode
The bind_service
and bind_config
resources can accept a boolean true
or false
for chroot
, declaring whether or not to install the BIND server in a chroot manner. If one provider declares this value, the other must match or the converge will fail. Currently all supported platforms except Ubuntu 16.04 LTS are supported with chrooted configuration. By default, this is set to false
bind_service 'default' do chroot true action :create end bind_config 'default' do chroot true options [ 'recursion no', 'allow-transfer { internal-dns; }' ] end
Maintainers
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.
Contributors
This project exists thanks to all the people who contribute.
Backers
Thank you to all our backers!
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
bind Cookbook CHANGELOG
This file is used to list changes made in each version of the bind cookbook.
3.0.2 - 2021-10-13
- Convert
node['platform_version']
to a float for correct comparison
3.0.1 - 2021-10-13
- Include
BindCookbook::Helpers
viaaction_class
inbind_config
- Add
CHEF_PRODUCT_NAME
variable for settingproduct_name
3.0.0 - 2021-10-11
- Sous Chefs adoption
- Restart
bind_service
immediately when usingdelayed_action :create
- Enable resource
unified_mode
for Chef 17 compatibility - Add
create_if_missing
toprimary_zone_template
- Workaround upstream issue as described in https://bugs.debian.org/983216
- Update named.ca to latest upstream version
- Cookstyle fixes
- Switch to using an InSpec profile for reusable testing
- Fix issues with chroot on Debian and Ubuntu systems
- Install dnsutils package on Debian-based systems to get dig binary
- Remove sysvinit support
- Fix AppArmor permissions for
bind_logging_channel
when files are used
2.3.1 - 2020-01-23
- #58: Multiple statistices channel support - bmhughes
- #59: fix bug in additional config files directive - ramereth
2.3.0 - 2019-10-21
- Update supported OS and Chef clients.
- Support chroot on ubuntu 18.
- Add
bind_stub_zone
resource. - Add
controls
,per_view_additional_config
, andadditional_config_files
tobind_config
resource.
2.2.1 - 2018-10-08
- Add support for in-view directive using
bind_linked_zone
resource.
2.2.0 - 2018-03-08
- Add
bind_logging_channel
andbind_logging_category
custom resources. - Add
bind_view
custom resource. - Add
:create_if_missing
action tobind_primary_zone
resource.
2.1.1 - 2017-12-01
- According to RFC1035, FQDN length max is 255 characters, and each label (dot delimited) is 63 characters. Setting first column width to 65 characters
2.1.0 - 2017-12-01
- Add support for chrooted install
- Chroot Supported platforms: CentOS/RedHat 6.x+, Debian 8.x+, Ubuntu 14.04 LTS
- Chroot Incompatible platforms: Ubuntu 16.04 LTS ubuntu/+source/bind9/+bug/1630025
- Updated rndc call to be compliant with current auto-configuration standards
- Updated file paths using
::File,join()
method - Delayed all template creation to avoid file busy conflicts
- Added
.kitchen.dokken.yml
for faster testing with kitchen-dokken - Added support for env var
CHEF_VERSION
to affect kitchen-dokken chef-client version - Supports chef-client version 12.21.26 and 13.6.4
2.0.1 - 2017-11-17
- Add
manage_serial
option tobind_primary_zone_template
resource
2.0.0 - 2017-11-07
- Migrate to using custom resources. See MIGRATION.md for details on migrating from v1.x.
1.3.0 - 2017-04-17
- Change default for statistics channel to be false, and add an attribute to set the bind address.
1.2.0 - 2015-01-02
- Add server clause.
- See documentation for reference.
- Add bind forwardzones attribute.
1.1.4 - 2014-11-19
- Restore previous default for querylog size and amount
- Correct quoting for log file rotation
- Minor rubocop corrections
1.1.3 - 2014-10-08
- Added
log_file_size
attribute.
1.1.1 - 2014-08-13
- Added array for
domainzones
attribute
1.1.0 - 2014-05-25
- Add named-checkconf sanity checking
- Add thor/scmversion
- Update specs
1.0.3 - 2014-03-17
- Update documentation
1.0.2 - 2014-02-18
- Stub file for service tests
1.0.1 - 2014-02-16
- Add delayed timing to service reload
- Fix a minor issue with
rndc.key
on CentOS 6.x
1.0.0 - 2014-02-13
Clearing out backlog of issues.
- Add standalone logging support, to
named.options
file. #4 - Revert incorrect
/etc/named.conf
location for EL6. - Graceful handling for lack of data_bags. #7
- Added documentation for standalone logging support. #8
- Added statistics-channel support. #9
- Updated kitchen and build files.
- Added bats tests.
- Removed minitests/Added chefspec
BREAKING CHANGE
- Removed
etc_cookbook_files
andetc_template_files
in favor of simplerbind['included_files']
attribute
Explanation:
You could, for examplem, drop off other static files or templates in your sysconf directory. Then include these files in your named.conf by overriding this attribute.
0.2.0 - 2013-05-30
This is the first cookbook, I have validated with @fnichol re-write of test-kitchen. It took about 3-4 minutes to validate this cookbook across 4 platforms.
I identified two RHEL 5, and one Ubuntu, recipe bugs which nobody including myself has caught. I cannot overstate, how much time this has saved me. If you have not tried the test-kitchen re-write, do yourself the favor and start working with it now.
- Add test-kitchen/Berkshelf skeleton files
- Platform-specific fixes
- Correct location of
/etc/named.conf
on RHEL 5 - Added
conf_file
andoptions_file
are attributes - Refactor service actions, and config file rendering
- Enabled usage of search also on chef-solo via @fabn
- Various Ubuntu platform fixes via @fabn
- Added apt recipe to pass test-kitchen
- Correct location of
0.1.1 - 2013-04-15
- Pass zone array to template with
uniq
andsort
0.1.0 - 2013-03-26
- Add bind zones attributes for "role (attribute)", "ldap", and "databag" sources.
0.0.9 - 2013-03-25
- ldap host incorrectly being scoped as
node.default
0.0.8 - 2013-03-25
- Change node scope to
node.default
for Chef 11
0.0.7 - 2013-01-24
- Update root nameserver D
0.0.6 - 2012-08-01
- Move masters keyword to slave block
0.0.4 - 2012-01-05
- Clean up and public release
0.0.2 - 2011-04-22
- Initial prototype for internal use
Collaborator Number Metric
3.0.2 passed this metric
Contributing File Metric
3.0.2 passed this metric
Foodcritic Metric
3.0.2 passed this metric
No Binaries Metric
3.0.2 passed this metric
Testing File Metric
3.0.2 passed this metric
Version Tag Metric
3.0.2 passed this metric
3.0.2 passed this metric
3.0.2 passed this metric
Foodcritic Metric
3.0.2 passed this metric
No Binaries Metric
3.0.2 passed this metric
Testing File Metric
3.0.2 passed this metric
Version Tag Metric
3.0.2 passed this metric
3.0.2 passed this metric
3.0.2 passed this metric
Testing File Metric
3.0.2 passed this metric
Version Tag Metric
3.0.2 passed this metric
3.0.2 passed this metric
3.0.2 passed this metric