summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah <micah@leap.se>2016-07-05 11:43:59 -0400
committerMicah <micah@leap.se>2016-07-05 15:10:58 -0400
commit2cfcb6d073973025f73f37183a0fa21570a922df (patch)
tree2f4f177d12cba94d3c93ca6c95290a6b446091bb
parent428f5c4f839650dac8898746ff395fcf50b658bb (diff)
set domain-secure to internal domain.
Without this set, dnssec will fail validation for internal domains, which should not be validated Change-Id: I8589332598fe97ad5218dd23825ac77af2d8def6
-rw-r--r--puppet/modules/site_config/manifests/caching_resolver.pp19
1 files changed, 11 insertions, 8 deletions
diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp
index 2b08ab4c..4da13d9c 100644
--- a/puppet/modules/site_config/manifests/caching_resolver.pp
+++ b/puppet/modules/site_config/manifests/caching_resolver.pp
@@ -1,6 +1,8 @@
# deploy local caching resolver
class site_config::caching_resolver {
tag 'leap_base'
+ $domain = hiera('domain')
+ $internal_domain = $domain['internal_suffix']
# We need to make sure Package['bind9'] isn't installed because when it is, it
# keeps unbound from running. Some base debian installs will install bind9,
@@ -17,14 +19,15 @@ class site_config::caching_resolver {
require => Package['bind9'],
settings => {
server => {
- verbosity => '1',
- interface => [ '127.0.0.1', '::1' ],
- port => '53',
- hide-identity => 'yes',
- hide-version => 'yes',
- harden-glue => 'yes',
- access-control => [ '127.0.0.0/8 allow', '::1 allow' ],
- module-config => '"validator iterator"'
+ verbosity => '1',
+ interface => [ '127.0.0.1', '::1' ],
+ port => '53',
+ hide-identity => 'yes',
+ hide-version => 'yes',
+ harden-glue => 'yes',
+ access-control => [ '127.0.0.0/8 allow', '::1 allow' ],
+ module-config => '"validator iterator"',
+ domain-insecure => $internal_domain
}
}
}