cookbook 'pdns', '= 2.3.0'
pdns
(50) Versions
2.3.0
-
-
10.0.0
-
9.0.0
-
8.0.3
-
8.0.2
-
8.0.1
-
8.0.0
-
6.1.1
-
6.1.0
-
6.0.0
-
5.0.0
-
4.4.0
-
4.3.1
-
4.3.0
-
4.2.0
-
4.1.0
-
4.0.0
-
3.5.0
-
3.4.1
-
3.4.0
-
3.3.2
-
3.3.1
-
3.3.0
-
3.2.0
-
3.1.0
-
3.0.0
-
2.5.0
-
2.4.1
-
2.4.0
-
2.3.0
-
2.2.1
-
2.2.0
-
2.1.1
-
2.1.0
-
2.0.0
-
1.1.1
-
1.1.0
-
1.0.5
-
1.0.4
-
1.0.3
-
1.0.2
-
1.0.1
-
1.0.0
-
0.3.4
-
0.3.2
-
0.3.0
-
0.2.0
-
0.1.2
-
0.1.0
-
0.0.2
-
0.0.1
Follow14
- 10.0.0
- 9.0.0
- 8.0.3
- 8.0.2
- 8.0.1
- 8.0.0
- 6.1.1
- 6.1.0
- 6.0.0
- 5.0.0
- 4.4.0
- 4.3.1
- 4.3.0
- 4.2.0
- 4.1.0
- 4.0.0
- 3.5.0
- 3.4.1
- 3.4.0
- 3.3.2
- 3.3.1
- 3.3.0
- 3.2.0
- 3.1.0
- 3.0.0
- 2.5.0
- 2.4.1
- 2.4.0
- 2.3.0
- 2.2.1
- 2.2.0
- 2.1.1
- 2.1.0
- 2.0.0
- 1.1.1
- 1.1.0
- 1.0.5
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- 0.3.4
- 0.3.2
- 0.3.0
- 0.2.0
- 0.1.2
- 0.1.0
- 0.0.2
- 0.0.1
Installs/Configures PowerDNS Recursor and Authoritative server
cookbook 'pdns', '= 2.3.0', :supermarket
knife supermarket install pdns
knife supermarket download pdns
pdns Cookbook
Installs and configures PowerDNS (pdns). Sets up an authoritative by default and can set up an Authoritative Server with multiple backends.
Requirements
Platforms:
- Ubuntu (12.04, 14.04)
Required Cookbooks:
- build-essential (for source build)
- resolvconf (used in the server recipe for setting resolv.conf)
Suggested Cookbooks:
- mysql (for the MySQL backend)
- sqlite (for the SQLite backend)
- postgres (for the PostgreSQL backend)
Attributes
Depending on the type of server you are installing there are specific options you may want to set via attributes. Several attribute files handle settings of the different 'flavors' of a PowerDNS install, that is an authoritative server, a slave server or a recursor. Also there is two attribute files that handle the way PowerDNS should be installed: via a package or compiled by source.
The different combinations of install method and functionality are handled by the attributes 'build_method' and 'flavor' located in the default attributes file. You can set these attributes according to your needs.
default
Key | Type | Description | Default |
---|---|---|---|
node['pdns']['build_method'] |
String | Type of installation: 'package' or 'source' | package |
node['pdns']['flavor'] |
String | Functionality: 'resolver', 'authoritative', 'slave' | recursor |
node['pdns']['user'] |
String | User to setuid the pdns daemons | pdns |
node['pdns']['group'] |
String | Group to setuid the pdns daemons | pdns |
source
Key | Type | Description | Default |
---|---|---|---|
node['pdns']['source']['path'] |
String | The base path to setting up the source installation | /opt |
node['pdns']['source']['version'] |
String | Version of source server or resolver based on 'flavor' | 3.4.10 or 3.7.3 |
node['pdns']['source']['url'] |
String | URL to the PowerDNS Server Source Package | https://downloads.powerdns.com/releases/pdns-[recursor?]-[version].tar.bz2 |
package
Key | Type | Description | Default |
---|
authoritative
Key | Type | Description | Default |
---|---|---|---|
node['pdns']['authoritative']['backends'] |
Array | List of backends to build and configure or install with PowerDNS | [ 'bind' ] |
node['pdns']['authoritative']['config']['launch'] |
String | Backend that will be used when running PowerDNS | bind |
node['pdns']['authoritative']['config']['bind_config'] |
Array | Location of the bind zone file | /etc/powerdns/bind-backend.conf |
node['pdns']['authoritative']['config']['config_dir'] |
String | Location of configuration directory | /etc/powerdns |
node['pdns']['authoritative']['config']['setgid'] |
String | User to setuid the pdns daemons | pdns |
node['pdns']['authoritative']['config']['setuid'] |
String | Group to setuid the pdns daemons | pdns |
node['pdns']['authoritative']['config']['version_string'] |
String | What powerdns answers when queried for its version over DNS | powerdns |
node['pdns']['authoritative']['config']['allow_recursion'] |
Array | IP addresses that are authorized for recursion | [ '127.0.0.1' ] |
node['pdns']['authoritative']['config']['daemon'] |
Boolean | Operate as a daemon | true |
node['pdns']['authoritative']['config']['disable_axfr'] |
Boolean | Do not allow zone transfers | true |
node['pdns']['authoritative']['config']['guardian'] |
Boolean | Run within a guardian process | true |
node['pdns']['authoritative']['config']['default_ttl'] |
String | TTL to use when none is provided | 3600 |
slave
Key | Type | Description | Default |
---|---|---|---|
node['pdns']['slave']['backends'] |
Array | List of backends to build and configure or install with PowerDNS | [ 'bind' ] |
node['pdns']['slave']['config']['launch'] |
String | Backend that will be used when running PowerDNS | bind |
node['pdns']['slave']['config']['config_dir'] |
String | Location of configuration directory | /etc/powerdns |
node['pdns']['slave']['config']['setgid'] |
String | User to setuid the pdns daemons | pdns |
node['pdns']['slave']['config']['setuid'] |
String | Group to setuid the pdns daemons | pdns |
node['pdns']['slave']['config']['version_string'] |
String | What powerdns answers when queried for its version over DNS | powerdns |
node['pdns']['slave']['config']['master'] |
Boolean | Operate in master mode | false |
node['pdns']['slave']['config']['slave'] |
Boolean | Operate as a slave to a PowerDNS master server | true |
node['pdns']['authoritative']['config']['guardian'] |
Boolean | Run within a guardian process | true |
node['pdns']['slave']['config']['slave_cycle_interval'] |
String | Seconds slave checks of domains with unknown status | '60' |
node['pdns']['slave']['config']['disable_axfr'] |
Boolean | Do not allow zone transfers | true |
recursor
Key | Type | Description | Default |
---|---|---|---|
node['pdns']['recursor']['config_dir'] |
String | Location of configuration directory | /etc/powerdns |
node['pdns']['recursor']['config']['config_dir'] |
String | Location of configuration directory | /etc/powerdns |
node['pdns']['recursor']['config']['allow_from'] |
Array | Netmasks that are allowed to use the server | '127.0.0.0/8', '10.0.0.0/8', '192.168.0.0/16', '172.16.0.0/12', '::1/128', 'e80::/10' |
node['pdns']['recursor']['config']['auth_zones'] |
Array | Zones read from these files are served authoritatively | [ ] |
node['pdns']['recursor']['config']['forward_zones'] |
Array | Queries for zones listed here will be forwarded to the IP | [ ] |
node['pdns']['recursor']['config']['forward_zones_recurse'] |
Array | Add the recurse bit to the behavior of forward zones | [ ] |
node['pdns']['recursor']['config']['local_address'] |
Array | IP addresses to bind to | ['127.0.0.1'] |
node['pdns']['recursor']['config']['local_port'] |
String | Port to listen | '53' |
Further configurations
Every flavor has it's own attribute namespace for customizing it. More precisely
The ['pdns'][flavor]['config']
array directly maps to each
configuration directive in the configuration file. Of special note is
any configuration option that needs a hyphen (-
) should be defined
as an underscore (_
) and it will be converted at compilation time.
For example, if you want the version-string setting to be changed for your
authoritative server, you'll want to define it like so:
default['pdns']['authoritative']['config']['version_string'] = 'awesomedns'
Another thing to note is boolean values are mapped to 'yes' and 'no'
respectively. If you want to remove a value, simply set it to 'nil' or do not
define the attribute entirely.
Usage
Add the default recipe and set the right attributes ('flavor' and 'install_method') to install and configure PowerDNS as your needs. The default behavior is installing a recursor by package.
To set up a recursor, simply put recipe[pdns::default]
in the run list. Modify the attributes via a role or on the node directly as required for the local configuration.
To set up an authoritative server, put recipe[pdns::default]
in the node's run list and set the attribute node['pdns']['flavor']
to 'authoritative'. Modify node['pdns']['authoritative']['backend']
attribute in order to install one or more backends, the default backend is bind. Choose between 'package' and 'source' installs in the node['pdns']['install_method']
attribute. Further tune your server configuration with node['pdns']['authoritative']['config']
.
To set up an slave server, add recipe[pdns::default]
to you run list and set the attribute node['pdns']['flavor']
to 'slave'. Choose between 'package', 'source' with the node['pdns']['install_method']
attribute. Tune your server specific configuration with node['pdns']['slave']['config']
.
Notes
- Currently this cookbook just provides minimal bind backend configuration and leaves to the user how to provision and manage the bind zone file required by the backend (see https://doc.powerdns.com/md/authoritative/backend-bind/). Also, take a look at
test/fixtures
where a example bind zone file is located for testing. - For PostgreSQL backend a recipe for creating the database schema and user is provided, it is also used for testing.
- Ubuntu has an specific database configuration when using their packges for backends, it's located here:
/etc/powerdns/pdns.d/
- It is not possible to install both an authoritative server and a recursor on the same machine using the flavor attribute.
Backends and flavors
There are several combinations of backends and flavors available, currently a few of them have been tested, more or less the ones that represented in .kitchen.yml
file, specifically:
- Authoritative / bind backend (package and source)
- Authoritative / PostgreSQL backend (package and source)
- Authoritative / pipe backend (package and source)
- Resolver (package and source)
- Slave (package and source)
TODO
- Add MySQL backend
- Add SQLite backend
- Use ubuntu
/etc/powerdns/pdns.d/
for configuring PowerDNS.
License & Authors
- Author:: Joshua Timberman (joshua@chef.io)
- Author:: Aaron Kalin (aaron.kalin@dnsimple.com)
- Author:: Jacobo GarcĂa (jacobo.garcia@dnsimple.com)
- Author:: Anthony Eden (anthony.eden@dnsimple.com)
Copyright:: 2010-2014, Chef Software, Inc & 2014-2016 Aetrion, LLC. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependent cookbooks
build-essential >= 0.0.0 |
resolvconf >= 0.0.0 |
database >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
2.3.0 / 2016-09-09
Warning
- In PowerDNS 3.4.10 the default for any-to-tcp has been changed to 'yes'
Bug fixes
- Update authoritative to 3.4.10 to fix PowerDNS Security Advisory 2016-01
- https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
- Crafted queries can cause unexpected backend load
- update source_url and issues_url
Enhancements
- Add a new Rakefile for testing
- Clean up docs a little
2.2.1 / 2016-03-03
Bug Fixes
- Resolved an issue where pdns install would run over and over again due to a bad path.
2.2.0 / 2016-03-03
Enhancements
- We have eliminated the node attributes from the attributes folder to make this cookbook more wrapper pattern friendly. Remember kids, don't put node attributes in your attributes folder, everyone will have a bad time. :(
Cleanup
- Added some basic rubocop rules that we're starting to use with DNSimple cookbook. Nothing intense, but should help get things looking spiffy :+1:
- Made sure to comply with foodcritic, the ultimate yelp reviewer of the Chef Supermarket.
2.1.1 / 2016-03-03
Bug Fixes
- Renamed some ambiguous variables that might be causing a bug in certain circumstances.
Cleanup
- Updated some copyrights and trimmed a bunch of whitespace
2.1.0 / 2016-01-11
Enhancements
- Added bind as backend option and made it default
Cleanup
- Some spelling mistakes in the README were corrected
2.0.0 / 2015-12-23
Enhancements
- Adds the capability of installing a recursor from source
- Adds the capability of installing a recursor with pipe backend (source and package install).
- Updating documentation.
Cleanup
- Major code refactor
Breaking changes
- Resolver no longer uses a separated template for configuration and it uses the same attribute (flavor) to decide the functionality, so it is not possible to install a resolver and an authoritative on the same machine anymore.
- Only authoritative servers install or compile backends now.
1.1.1 / 2015-12-23
Enhancements
- Creating schema, grants and users for postgres backend.
Bug Fixes
- Handling the URL for downloading the source gracefully using lazy evaluation since this provoked a malformed URL string when concatenated with the version on source recipe.
1.1.0 / 2015-12-10
Enhancements
- Recursor is now the default behavior
- Using bind as a default backend per recommendation on irc channel
- Adding a new slave PowerDNS server configuration
- Refactor of authoritative part
- Refactor of build related code
- Expanded documentation
1.0.5 / 2015-11-10
Security
- Updating to 3.4.7 addressing PowerDNS Security Advisory 2015-03. More information about this CVE can be found here: http://www.openwall.com/lists/oss-security/2015/11/09/3
1.0.4 / 2015-09-02
Security
- Updating to 3.4.6 addressing PowerDNS Security Advisory 2015-02. More information about this CVE can be found here: http://www.openwall.com/lists/oss-security/2015/09/02/5
1.0.3 / 2015-05-04
Bug Fixes
- Executing bootstrap command on every pdns compilation run
1.0.2 / 2015-05-04
Security
- Updating to version 3.4.4 of authoritative powerdns server in order to address PowerDNS Security Advisory 2015-01: Label decompression bug can cause crashes or CPU spikes.
Bug Fixes
- Allowing pdns_server to automatically upgrade in source installs
1.0.1 / 2014-12-17
Bug Fixes
- Adding missing configuration bits for authoritative_package recipe
1.0.0 / 2014-12-15
Breaking Changes
There have been major changes to the recipes and attributes of this
cookbook in the first of many efforts to stabilize and modernize everything.
Please review the updated README and take special note of the install type
and backend attributes to suit your configuration.We plan to eventually migrate the recipes over to LWRP's to make this
cookbook easier to wrap and extend.
0.3.4 / 2014-07-15
Testing
- Testing Updates
Bug Fixes
- Fixed missing build-essential include
0.3.3 / 2014-07-15
Bug Fixes
- Not actually sure what happened here
0.3.2 / 2014-07-14
Bug Fixes
- Remove incorrect search domains
0.3.0 / 2014-02-21
Bug Fixes
- DNS should install the sqlite gem (needs build-essentials) and use the correct pdns template filename [COOK-978]
0.2.0 / 2013-08-28
Improvements
- Add source recipe [COOK-3106]
0.1.2 / 2013-05-07
Bug Fixes
- pdns cookbook has foodcritic failures [COOK-2986]
Improvements
- Configure a PowerDNS server [COOK-2604]
0.1.0
Initial Release
- Fixes for centos/rhel boxen and pdns::recursor cookbook [COOK-1080]
Collaborator Number Metric
2.3.0 passed this metric
Foodcritic Metric
2.3.0 passed this metric
2.3.0 passed this metric
2.3.0 passed this metric