diff options
author | Micah <micah@leap.se> | 2016-07-05 11:43:59 -0400 |
---|---|---|
committer | Micah <micah@leap.se> | 2016-07-05 15:10:58 -0400 |
commit | 2cfcb6d073973025f73f37183a0fa21570a922df (patch) | |
tree | 2f4f177d12cba94d3c93ca6c95290a6b446091bb /puppet | |
parent | 428f5c4f839650dac8898746ff395fcf50b658bb (diff) |
set domain-secure to internal domain.
Without this set, dnssec will fail validation for internal domains,
which should not be validated
Change-Id: I8589332598fe97ad5218dd23825ac77af2d8def6
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/modules/site_config/manifests/caching_resolver.pp | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index 2b08ab4c..4da13d9c 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -1,6 +1,8 @@ # deploy local caching resolver class site_config::caching_resolver { tag 'leap_base' + $domain = hiera('domain') + $internal_domain = $domain['internal_suffix'] # We need to make sure Package['bind9'] isn't installed because when it is, it # keeps unbound from running. Some base debian installs will install bind9, @@ -17,14 +19,15 @@ class site_config::caching_resolver { require => Package['bind9'], settings => { server => { - verbosity => '1', - interface => [ '127.0.0.1', '::1' ], - port => '53', - hide-identity => 'yes', - hide-version => 'yes', - harden-glue => 'yes', - access-control => [ '127.0.0.0/8 allow', '::1 allow' ], - module-config => '"validator iterator"' + verbosity => '1', + interface => [ '127.0.0.1', '::1' ], + port => '53', + hide-identity => 'yes', + hide-version => 'yes', + harden-glue => 'yes', + access-control => [ '127.0.0.0/8 allow', '::1 allow' ], + module-config => '"validator iterator"', + domain-insecure => $internal_domain } } } |