bind: use local, ipv4 only name-caching resolver (fixes #1171)

3 files changed, 35 insertions, 0 deletions

diff --git a/puppet/modules/site_config/files/bind9 b/puppet/modules/site_config/files/bind9
new file mode 100644
index 00000000..50d8ed14
--- /dev/null
+++ b/puppet/modules/site_config/files/bind9
@@ -0,0 +1,8 @@
+# managed by puppet
+
+# run resolvconf?
+RESOLVCONF=no
+
+# startup options for the server
+OPTIONS="-u bind -4"
+
diff --git a/puppet/modules/site_config/files/named.options b/puppet/modules/site_config/files/named.options
new file mode 100644
index 00000000..47df6c5d
--- /dev/null
+++ b/puppet/modules/site_config/files/named.options
@@ -0,0 +1,6 @@
+options {
+        allow-query     { 127.0.0.1; };
+        allow-transfer  { none; };
+        listen-on        { 127.0.0.1; };
+};
+
diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp
index bd0539b9..b70dfa1c 100644
--- a/puppet/modules/site_config/manifests/resolvconf.pp
+++ b/puppet/modules/site_config/manifests/resolvconf.pp
@@ -1,8 +1,29 @@
 class site_config::resolvconf {
+
+  # bind9
   package { 'bind9':
     ensure => installed,
   }
 
+  service { 'bind9':
+    ensure => running,
+    require => Package['bind9'],
+  }
+
+  file { '/etc/default/bind9':
+    source    => 'puppet:///modules/site_config/bind9',
+    require => Package['bind9'],
+    notify  => Service['bind9'], 
+  }
+
+  file { '/etc/bind/named.options':
+    source => 'puppet:///modules/site_config/named.options',
+    require => Package['bind9'],
+    notify  => Service['bind9'], 
+  }
+
+
+
   $domain_hash = hiera('domain')
   $domain_public = $domain_hash['public']