Puppet Class: dnsrecursor

Defined in:
modules/dnsrecursor/manifests/init.pp

Overview

Parameters:

  • listen_addresses (Any) (defaults to: [$::ipaddress])
  • allow_from (Any) (defaults to: [])
  • additional_forward_zones (Any) (defaults to: '')
  • auth_zones (Any) (defaults to: undef)
  • lua_hooks (Any) (defaults to: undef)
  • max_cache_entries (Any) (defaults to: 1000000)
  • max_negative_ttl (Any) (defaults to: 3600)
  • max_tcp_clients (Any) (defaults to: 128)
  • max_tcp_per_client (Any) (defaults to: 100)
  • client_tcp_timeout (Any) (defaults to: 2)
  • export_etc_hosts (Any) (defaults to: 'off')
  • version_hostname (Any) (defaults to: false)
  • dnssec (Any) (defaults to: 'off')
  • threads (Any) (defaults to: 4)
  • log_common_errors (Any) (defaults to: 'yes')
  • bind_service (Any) (defaults to: undef)
  • allow_from_listen (Any) (defaults to: true)
  • allow_forward_zones (Any) (defaults to: true)
  • allow_edns_whitelist (Any) (defaults to: true)
  • allow_incoming_ecs (Any) (defaults to: false)
  • allow_qname_minimisation (Any) (defaults to: false)
  • enable_pdns43 (Any) (defaults to: false)


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# File 'modules/dnsrecursor/manifests/init.pp', line 9

class dnsrecursor(
    $listen_addresses         = [$::ipaddress],
    $allow_from               = [],
    $additional_forward_zones = '',
    $auth_zones               = undef,
    $lua_hooks                = undef,
    $max_cache_entries        = 1000000,
    $max_negative_ttl         = 3600,
    $max_tcp_clients          = 128,
    $max_tcp_per_client       = 100,
    $client_tcp_timeout       = 2,
    $export_etc_hosts         = 'off',
    $version_hostname         = false,
    $dnssec                   = 'off', # T226088 T227415 - off until at least 4.1.x
    $threads                  = 4,
    $log_common_errors        = 'yes',
    $bind_service             = undef,
    $allow_from_listen        = true,
    $allow_forward_zones      = true,
    $allow_edns_whitelist     = true,
    $allow_incoming_ecs       = false,
    $allow_qname_minimisation = false,
    $enable_pdns43            = false, # enable pdns-recursor 4.3.3, used by wikidough
) {

    include ::network::constants
    $wmf_authdns = [
        '208.80.154.238',
        '208.80.153.231',
        '91.198.174.239',
    ]
    $wmf_authdns_semi = join($wmf_authdns, ';')
    $forward_zones = "wmnet=${wmf_authdns_semi}, 10.in-addr.arpa=${wmf_authdns_semi}"

    # systemd unit fragment to raise ulimits and other things
    $sysd_dir = '/etc/systemd/system/pdns-recursor.service.d'
    $sysd_frag = "${sysd_dir}/override.conf"

    file { $sysd_dir:
        ensure => directory,
        mode   => '0555',
        owner  => 'root',
        group  => 'root',
    }

    file { $sysd_frag:
        ensure  => present,
        mode    => '0444',
        owner   => 'root',
        group   => 'root',
        content => template('dnsrecursor/override.conf.erb'),
    }

    exec { "systemd reload for ${sysd_frag}":
        refreshonly => true,
        command     => '/bin/systemctl daemon-reload',
        subscribe   => File[$sysd_frag],
        before      => Service['pdns-recursor'],
    }

    if os_version('debian == buster') and $enable_pdns43 {
        apt::package_from_component { 'pdns-recursor':
            component => 'component/pdns-recursor',
        }
    } else {
        package { 'pdns-recursor':
            ensure => 'present',
        }
    }

    file { '/etc/powerdns/recursor.conf':
        ensure  => 'present',
        require => Package['pdns-recursor'],
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        notify  => Service['pdns-recursor'],
        content => template('dnsrecursor/recursor.conf.erb'),
    }

    if $lua_hooks {
        file { '/etc/powerdns/recursorhooks.lua':
            ensure  => 'present',
            require => Package['pdns-recursor'],
            owner   => 'root',
            group   => 'root',
            mode    => '0444',
            notify  => Service['pdns-recursor'],
            content => template('dnsrecursor/recursorhooks.lua.erb'),
        }
    }

    service { 'pdns-recursor':
        ensure    => 'running',
        require   => [Package['pdns-recursor'],
                      File['/etc/powerdns/recursor.conf']
        ],
        subscribe => File['/etc/powerdns/recursor.conf'],
        pattern   => 'pdns_recursor',
        hasstatus => false,
    }
}