Use native puppet-dns feature to inject some options
... instead of directly injecting options using concat::fragment. Change-Id: I53c6c677995a39f9cb888256c5f3451c7d92d447
This commit is contained in:
2 changed files with 11 additions and 4 deletions
@@ -24,9 +24,14 @@ class openstack_integration::bind {
allow_recursion => [],
listen_on_v6 => false,
additional_options => {
'listen-on' => "port 5322 { ${listen_on};}",
'listen-on-v6'=>"port 5322 { ${listen_on_v6}; }",
'auth-nxdomain'=>'no',
'listen-on' => "port 5322 { ${listen_on};}",
'listen-on-v6' =>"port 5322 { ${listen_on_v6}; }",
'auth-nxdomain' =>'no',
'allow-new-zones'=>'yes',
#RecommendedbyDesignatedocsasamitigationforpotentialcache
#poisoningattacks:
#https://docs.openstack.org/designate/latest/admin/production-guidelines.html#bind9-mitigation
'minimal-responses'=>'yes',
},
controls=>{
$bind_host => {
@@ -112,6 +112,8 @@ class openstack_integration::designate {
mdns_hosts => [$::openstack_integration::config::host],
rndc_config_file => '/etc/rndc.conf',
rndc_key_file => $::dns::params::rndckeypath,
manage_pool => true
manage_pool => true,
# Configure bind using openstack_integration::bind
configure_bind => false,
}
}
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.