cookbook 'bind9-ng', '~> 0.1.0'
bind9-ng (1) Versions 0.1.0 Follow1
Installs/Configures bind9-ng
cookbook 'bind9-ng', '~> 0.1.0', :supermarket
knife supermarket install bind9-ng
knife supermarket download bind9-ng
bind9-ng Cookbook
A cookbook to manage bind DNS servers, and zones
Support views,acl,master/slave using keys and many other options.
Here is a repo with my lab, it will give you some good idea of how to use this cookbooks check it out: https://github.com/ramakuka/bind9-Lab
Requirements
This is a 'library' cookbook, so in order to get the most out of it you will need to have a wrapper cookbook
Attributes
This cookbook relays on attributes defined in the wrapper cookbook.
Channel
node['bind9']['channel'] Will be used to configure the channels like rndc or statistics-channels.
the name of the channel should be specify as a hash and it will contain array of config parameters for example:
default['bind9']['channel']['controls'][1]['inet'] = "127.0.0.1"
default['bind9']['channel']['controls'][1]['port'] = "953"
default['bind9']['channel']['controls'][1]['allow'] = "any"
default['bind9']['channel']['controls'][1]['keys'] = "rndc-key"
Keys
node['bind9']['keys'] Will be used to configure the bind keys expample :
default['bind9']['keys']['rndc']['algorithm'] = "hmac-md5"
default['bind9']['keys']['rndc']['secret'] = "T8/uYW+mMHzpZLtMC4Vpdw=="
ATTENTION! since rndc is critical for bind operation (init script is using it to stop and reload the server) we generated a key and used it as default. PLEASE CHANEG THE KEY BEFORE USING IT!!! here is a link that explains how it can be done http://www.cyberciti.biz/faq/unix-linux-bind-named-configuring-tsig/
Logs
node['bind9']['log'] Will be used to configure the logs and has tow main parts.
the Default log parameter for all categories, it should be defined with attribute ['bind9']['log']['logdflt'][PARAMTER]
The defaults are:
default['bind9']['logdflt']['version'] = "versions 4 size 100m"
default['bind9']['logdflt']['severity'] = "dynamic"
default['bind9']['logdflt']['print-category'] = "yes"
default['bind9']['logdflt']['print-severity'] = "yes"
default['bind9']['logdflt']['print-time'] = "yes"
Changes in the logdflt section will affect all other channels unless the log channel will specify it.
The second part of the log attributes is the log channel. channel must have the following attribute
default['bind9']['log'][CHANNLE NAME]['channel']=
default['bind9']['log'][CHANNLE NAME]['logfile']=
here is an example
default['bind9']['log']['queries']['channel']= "queries_file"
default['bind9']['log']['queries']['logfile'] = "queries.log"
default['bind9']['log']['queries']['categorychannle'] = "null"
More information about bind logs can be found in here: http://www.zytrax.com/books/dns/ch7/logging.html
Options
node['bind9']['options'] Will be used for a configuration in the option section in bind. Attribute can be a key value pair when the key will be the option name and the value will be used as the value or an Array when the key will be used as the option name and the value will be set bind section for this option example
default['bind9']['options']['dnssec-validation'] = "auto" will be translate to dnssec-validation auto; in bind
default['bind9']['options']['listen-on'] = ['1.1.1.1','2.2.2.2'] will be translate to
listen-on {
1.1.1.1;
2.2.2.2;
};
keep in maind that if the value sould be quoted in bind the value should be quoted in the attribute as well, for example
default['bind9']['options']['directory'] = '"/var/named"' will translated to directory "/var/named"
Acl
node['bind9']['acl'] Is a hash of acls that contains an Array of ips
All ACLs will be inputted to named. conf.acl in the bind config directory.
for example :
node['bind9']['acl']= {
"interal" : ['10/8','192.168/16'],
"external" : ['any']
}
Views :
views can be used per domain , and should be defined on the provider
By default we asuume you have an ACL for every view - so the default match-clients acl will be the view name . if you want to define a differnat acl to a view use the attribute
node['bind9']['viewacl'][NAME OF THE VIEW] = ACLNAME
for example - by default view internal look like this
view "internal-view" {
match-clients { internal; };
.
.
DOMAINS
.
.
};
if you want to use office ACL for the view then you should set up node['bind9']['viewacl']['internal'] = 'office'
view "internal-view" {
match-clients { office; };
.
.
DOMAINS
.
.
};
How to use the cookbook
Just include the cookbook in your metadata set up the attribute and use the bind9_zone provider to create a new zone for example:
bind9_ng_zone "Domain name" do
email
nameserver
type
ip
view
end
The options are :
domain - Doman Name
ttl - The ttl value for the domain :default => 86400
email - Hosmaster Email to use for the SOA record
view - The view the domain should be included , leave empty if you don't want to use views
type - Type of domain right now we onlt support master and forward :default => "master"
ip - if type= forward the ip address of the forward dnss should be specify here
refresh - define SOA refresh default => 3600
retry - define SOA retry default => 900
expire - define SOA expire default => 604800
neg_ttl - define the neg_ttl default => 3600
nameserver NS record for the domain
mailserver - define the mailserver that will be used by the zone
hosts - A hash of hosts and ip address that will configure for the domain
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.1.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 failed this metric
FC034: Unused template variables: bind9-ng/templates/default/named.conf.erb:1
FC043: Prefer new notification syntax: bind9-ng/providers/reverse.rb:21
FC043: Prefer new notification syntax: bind9-ng/providers/reverse.rb:37
FC043: Prefer new notification syntax: bind9-ng/providers/zone.rb:35
FC043: Prefer new notification syntax: bind9-ng/providers/zone.rb:51
FC064: Ensure issues_url is set in metadata: bind9-ng/metadata.rb:1
FC065: Ensure source_url is set in metadata: bind9-ng/metadata.rb:1
FC066: Ensure chef_version is set in metadata: bind9-ng/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 failed this metric
FC034: Unused template variables: bind9-ng/templates/default/named.conf.erb:1
FC043: Prefer new notification syntax: bind9-ng/providers/reverse.rb:21
FC043: Prefer new notification syntax: bind9-ng/providers/reverse.rb:37
FC043: Prefer new notification syntax: bind9-ng/providers/zone.rb:35
FC043: Prefer new notification syntax: bind9-ng/providers/zone.rb:51
FC064: Ensure issues_url is set in metadata: bind9-ng/metadata.rb:1
FC065: Ensure source_url is set in metadata: bind9-ng/metadata.rb:1
FC066: Ensure chef_version is set in metadata: bind9-ng/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
FC043: Prefer new notification syntax: bind9-ng/providers/reverse.rb:21
FC043: Prefer new notification syntax: bind9-ng/providers/reverse.rb:37
FC043: Prefer new notification syntax: bind9-ng/providers/zone.rb:35
FC043: Prefer new notification syntax: bind9-ng/providers/zone.rb:51
FC064: Ensure issues_url is set in metadata: bind9-ng/metadata.rb:1
FC065: Ensure source_url is set in metadata: bind9-ng/metadata.rb:1
FC066: Ensure chef_version is set in metadata: bind9-ng/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
