Puppet Class: dnsrecursor

Defined in:
modules/dnsrecursor/manifests/init.pp

Overview

Parameters:

  • listen_addresses (Array[Variant[Stdlib::IP::Address, Array[Stdlib::IP::Address]]]) (defaults to: [$::ipaddress])
  • allow_from_listen (Boolean) (defaults to: true)
  • allow_from (Array[Stdlib::IP::Address]) (defaults to: [])
  • allow_forward_zones (Boolean) (defaults to: true)
  • additional_forward_zones (String) (defaults to: '')
  • auth_zones (Optional[String]) (defaults to: undef)
  • lua_hooks (Optional[Variant[Stdlib::Unixpath, Array[Stdlib::Unixpath]]]) (defaults to: undef)
  • max_cache_entries (Integer[1]) (defaults to: 1000000)
  • max_negative_ttl (Integer[1]) (defaults to: 3600)
  • max_tcp_clients (Integer[1]) (defaults to: 128)
  • max_tcp_per_client (Integer[0]) (defaults to: 100)
  • client_tcp_timeout (Integer[1]) (defaults to: 2)
  • export_etc_hosts (Enum['no', 'off', 'yes']) (defaults to: 'off')
  • version_hostname (Boolean) (defaults to: false)
  • dnssec (Enum['off', 'log-fail', 'validate']) (defaults to: 'off')
  • threads (Integer[1]) (defaults to: 4)
  • log_common_errors (Enum['no', 'yes']) (defaults to: 'yes')
  • bind_service (Optional[String]) (defaults to: undef)
  • allow_edns_whitelist (Boolean) (defaults to: true)
  • allow_incoming_ecs (Boolean) (defaults to: false)
  • allow_qname_minimisation (Boolean) (defaults to: false)
  • allow_dot_to_auth (Boolean) (defaults to: false)
  • allow_edns_padding (Boolean) (defaults to: false)
  • edns_padding_mode (Optional[Enum['always', 'padded-queries-only']]) (defaults to: undef)
  • edns_padding_from (Optional[Stdlib::IP::Address]) (defaults to: undef)
  • do_ipv6 (Boolean) (defaults to: false)
  • enable_webserver (Boolean) (defaults to: false)
  • webserver_port (Optional[Stdlib::Port]) (defaults to: 8082)
  • webserver_log_level (Enum['none', 'normal', 'detailed']) (defaults to: 'none')
  • restart_service (Boolean) (defaults to: true)
  • api_allow_from (Array[Stdlib::IP::Address]) (defaults to: [])
  • query_local_address (Array[Stdlib::IP::Address::Nosubnet]) (defaults to: []) 


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
# File 'modules/dnsrecursor/manifests/init.pp', line 22

class dnsrecursor (
    Array[Variant[Stdlib::IP::Address, Array[Stdlib::IP::Address]]] $listen_addresses         = [$::ipaddress],
    Boolean                                                         $allow_from_listen        = true,
    Array[Stdlib::IP::Address]                                      $allow_from               = [],
    Boolean                                                         $allow_forward_zones      = true,
    String                                                          $additional_forward_zones = '',
    Optional[String]                                                $auth_zones               = undef,
    Optional[Variant[Stdlib::Unixpath, Array[Stdlib::Unixpath]]]    $lua_hooks                = undef,
    Integer[1]                                                      $max_cache_entries        = 1000000,
    Integer[1]                                                      $max_negative_ttl         = 3600,
    Integer[1]                                                      $max_tcp_clients          = 128,
    Integer[0]                                                      $max_tcp_per_client       = 100,   # 0 means unlimited
    Integer[1]                                                      $client_tcp_timeout       = 2,
    Enum['no', 'off', 'yes']                                        $export_etc_hosts         = 'off', # no and off are the same
    Boolean                                                         $version_hostname         = false,
    Enum['off', 'log-fail', 'validate']                             $dnssec                   = 'off', # T226088 T227415 - off until at least 4.1.x
    Integer[1]                                                      $threads                  = 4,
    Enum['no', 'yes']                                               $log_common_errors        = 'yes',
    Optional[String]                                                $bind_service             = undef,
    Boolean                                                         $allow_edns_whitelist     = true,
    Boolean                                                         $allow_incoming_ecs       = false,
    Boolean                                                         $allow_qname_minimisation = false,
    Boolean                                                         $allow_dot_to_auth        = false,
    Boolean                                                         $allow_edns_padding       = false,
    Optional[Enum['always', 'padded-queries-only']]                 $edns_padding_mode        = undef,
    Optional[Stdlib::IP::Address]                                   $edns_padding_from        = undef,
    Boolean                                                         $do_ipv6                  = false,
    Boolean                                                         $enable_webserver         = false,
    Optional[Stdlib::Port]                                          $webserver_port           = 8082,
    Enum['none', 'normal', 'detailed']                              $webserver_log_level      = 'none',
    Boolean                                                         $restart_service          = true,
    Array[Stdlib::IP::Address]                                      $api_allow_from           = [],
    Array[Stdlib::IP::Address::Nosubnet]                            $query_local_address      = [],
) {

    ensure_packages(['pdns-recursor'])

    include network::constants
    $wmf_authdns = [
        '208.80.154.238',
        '208.80.153.231',
        '198.35.27.27',
    ]
    $wmf_authdns_semi = join($wmf_authdns, ';')
    $forward_zones = "wmnet=${wmf_authdns_semi}, 10.in-addr.arpa=${wmf_authdns_semi}, 20.172.in-addr.arpa=${wmf_authdns_semi}, wikimedia.org=${wmf_authdns_semi}"

    $socket_dir = '/var/run/pdns-recursor/'
    $group = 'pdns'

    if $restart_service {
      $service = Service['pdns-recursor']
    } else {
      $service = undef
    }

    file { '/etc/powerdns/recursor.conf':
        ensure  => 'present',
        require => Package['pdns-recursor'],
        owner   => 'root',
        group   => $group,
        mode    => '0440',
        notify  => $service,
        content => template('dnsrecursor/recursor.conf.erb'),
    }

    if $lua_hooks != undef {
        file { '/etc/powerdns/recursorhooks.lua':
            ensure  => 'present',
            require => Package['pdns-recursor'],
            owner   => 'root',
            group   => $group,
            mode    => '0440',
            notify  => Service['pdns-recursor'],
            content => template('dnsrecursor/recursorhooks.lua.erb'),
        }
    }

    systemd::service { 'pdns-recursor':
        ensure   => present,
        override => true,
        restart  => true,
        content  => template('dnsrecursor/override.conf.erb'),
        require  => [
          Package['pdns-recursor'],
          File['/etc/powerdns/recursor.conf']
        ],
    }
}