From 88db7ec71c4520da694d6720aae995acab4c0cf3 Mon Sep 17 00:00:00 2001 From: Dave Thomas Date: Fri, 8 Aug 2014 14:09:44 -0700 Subject: [PATCH 1/8] or berks will complain repo does not contain a name attribute. While Chef does not strictly enforce this requirement, Ridley cannot continue without a valid metadata name entry --- metadata.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata.rb b/metadata.rb index 8ef079b..0e1ba69 100644 --- a/metadata.rb +++ b/metadata.rb @@ -1,3 +1,4 @@ +name "bind9" maintainer "Mike Adolphs" maintainer_email "mike@fooforge.com" license "Apache 2.0" From 1dd9c06d7fa1543eab8245e97296a5367bd360c5 Mon Sep 17 00:00:00 2001 From: Dave Thomas Date: Fri, 8 Aug 2014 17:24:52 -0700 Subject: [PATCH 2/8] WIP: apparmor on Ubuntu 14.04 is expecting logs to go to /var/log/named/bind.log --- recipes/default.rb | 2 +- templates/default/named.conf.options.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes/default.rb b/recipes/default.rb index 5c749ce..5c21830 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -25,7 +25,7 @@ action :install end -directory "/var/log/bind/" do +directory "/var/log/named/" do owner node[:bind9][:user] group node[:bind9][:user] mode 0755 diff --git a/templates/default/named.conf.options.erb b/templates/default/named.conf.options.erb index 1d536a9..6114a5f 100644 --- a/templates/default/named.conf.options.erb +++ b/templates/default/named.conf.options.erb @@ -41,7 +41,7 @@ options { logging { channel default_log { - file "/var/log/bind/bind.log" versions 5 size 128M; + file "/var/log/named/bind.log" versions 5 size 128M; print-time yes; print-severity yes; print-category yes; From 4229fb147d506fc7ad445c9e0d1b591f023b8c18 Mon Sep 17 00:00:00 2001 From: Dave Thomas Date: Thu, 14 Aug 2014 11:54:54 -0700 Subject: [PATCH 3/8] Improving the intelligence of RFC1035-conforming serial number generation --- Gemfile | 3 +++ attributes/default.rb | 1 + bin/zonefile_to_databag.rb | 42 ++++++++++++++++++++++++++++++++++++++ recipes/default.rb | 16 ++++++++++++++- 4 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 Gemfile create mode 100755 bin/zonefile_to_databag.rb diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..6fb63b3 --- /dev/null +++ b/Gemfile @@ -0,0 +1,3 @@ +source 'https://rubygems.org' + +gem 'zonefile' diff --git a/attributes/default.rb b/attributes/default.rb index e80690e..2b69441 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -26,3 +26,4 @@ default[:bind9][:data_path] = "/var/cache/bind" default[:bind9][:user] = "bind" end +default[:bind9][:serial_number] = 0 diff --git a/bin/zonefile_to_databag.rb b/bin/zonefile_to_databag.rb new file mode 100755 index 0000000..fd69fb4 --- /dev/null +++ b/bin/zonefile_to_databag.rb @@ -0,0 +1,42 @@ +#!/usr/bin/env ruby +require 'zonefile' +require 'optparse' + +options = {} +optparse = OptionParser.new do |opts| + opts.banner = "Usage: zonefile_to_databag.rb [options]" + + opts.on("-z", "--zonefile FILE", "Parse Zone File") do |v| + options[:zonefile] = v + end +end + +begin + optparse.parse! + if options[:zonefile].nil? + puts optparse + raise OptionParser::MissingArgument + end +end + + +zf = Zonefile.from_file(options[:zonefile]) +puts '; MX-Records' +zf.mx.each do |mx_record| + puts "Mail Exchagne with priority: #{mx_record[:pri]} --> #{mx_record[:host]}" +end + +# Show SOA TTL +puts "; Record Time To Live: #{zf.soa[:ttl]}" + +# Show A-Records +puts "; A Records:" +zf.a.each do |a_record| + + puts "{ \"type\": \"A\" , \"name\": \"#{a_record[:name]}\", \"ip\": \"#{a_record[:host]}\"}," +end + +puts "; CNAME Records:" +zf.cname.each do |cname_record| + puts "{ \"type\": \"CNAME\" , \"name\": \"#{cname_record[:name]}\", \"ip\": \"#{cname_record[:host]}\"}," +end diff --git a/recipes/default.rb b/recipes/default.rb index 5c21830..d876bb4 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -72,6 +72,19 @@ end end + # This cookbook documents yyyyMMddNN but attempts yyyyMMddhhmmss which is too long for BIND. Instead, let's wrap a 2 digit serial number in to the last 2 NN digits. + ruby_block "increment_serial_number" do + block do + current = node[:bind9][:serial_number].to_i + 1 + if current > 99 + current = 0 + end + node.set[:bind9][:serial_number] = current + end + action :nothing + end + + template "#{node[:bind9][:config_path]}/#{zone['domain']}" do source "#{node[:bind9][:config_path]}/#{zone['domain']}.erb" local true @@ -80,7 +93,7 @@ mode 0644 notifies :restart, resources(:service => "bind9") variables({ - :serial => Time.new.strftime("%Y%m%d%H%M%S") + :serial => Time.new.strftime("%Y%m%d") + node[:bind9][:serial_number].to_s.rjust(2, "0") }) action :nothing end @@ -99,6 +112,7 @@ :mail_exchange => zone['zone_info']['mail_exchange'], :records => zone['zone_info']['records'] }) + notifies :run, resources(:ruby_block => "increment_serial_number"), :immediately notifies :create, resources(:template => "#{node[:bind9][:config_path]}/#{zone['domain']}"), :immediately end end From 281cec7b5579d382e6546e6d9647c83d987d7502 Mon Sep 17 00:00:00 2001 From: Dave Thomas Date: Thu, 14 Aug 2014 18:16:49 -0700 Subject: [PATCH 4/8] For zonefile generator, made TTL generation smarter --- bin/zonefile_to_databag.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/bin/zonefile_to_databag.rb b/bin/zonefile_to_databag.rb index fd69fb4..1c956e7 100755 --- a/bin/zonefile_to_databag.rb +++ b/bin/zonefile_to_databag.rb @@ -32,8 +32,11 @@ # Show A-Records puts "; A Records:" zf.a.each do |a_record| - - puts "{ \"type\": \"A\" , \"name\": \"#{a_record[:name]}\", \"ip\": \"#{a_record[:host]}\"}," + ttl_text = '' + if !a_record[:ttl].nil? and a_record[:ttl] != '' and a_record[:ttl] != zf.ttl + ttl_text = "\"ttl\": \"#{a_record[:ttl]}\", " + end + puts "{ \"type\": \"A\", #{ttl_text}\"name\": \"#{a_record[:name]}\", \"ip\": \"#{a_record[:host]}\"}," end puts "; CNAME Records:" From 7866caf9aa815143648feadef6c280b93c20047e Mon Sep 17 00:00:00 2001 From: Dave Thomas Date: Mon, 18 Aug 2014 15:05:12 -0700 Subject: [PATCH 5/8] My version of ohai does not find searches matching "domain:" but does with "fqdn:*" --- recipes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes/default.rb b/recipes/default.rb index d876bb4..648f65b 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -62,7 +62,7 @@ search(:zones).each do |zone| unless zone['autodomain'].nil? || zone['autodomain'] == '' - search(:node, "domain:#{zone['autodomain']}").each do |host| + search(:node, "fqdn:#{zone['autodomain']}").each do |host| next if host['ipaddress'] == '' || host['ipaddress'].nil? zone['zone_info']['records'].push( { "name" => host['hostname'], From f6dbe4f3fac66c62e6e9528ad53b45100475868c Mon Sep 17 00:00:00 2001 From: Dave Thomas Date: Mon, 18 Aug 2014 16:58:36 -0700 Subject: [PATCH 6/8] log fqdn attempt and use wildcard --- metadata.rb | 2 +- recipes/default.rb | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/metadata.rb b/metadata.rb index 0e1ba69..9abfb9d 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,7 +4,7 @@ license "Apache 2.0" description "Installs/Configures bind9" long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version "0.1.9" +version "0.1.10" %w{ ubuntu debian centos }.each do |os| supports os diff --git a/recipes/default.rb b/recipes/default.rb index 648f65b..e2467ff 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -62,7 +62,8 @@ search(:zones).each do |zone| unless zone['autodomain'].nil? || zone['autodomain'] == '' - search(:node, "fqdn:#{zone['autodomain']}").each do |host| + log "fqdn:*.#{zone['autodomain']}" + search(:node, "fqdn:*.#{zone['autodomain']}").each do |host| next if host['ipaddress'] == '' || host['ipaddress'].nil? zone['zone_info']['records'].push( { "name" => host['hostname'], From 265d98369eb31cc69c4a4cd68168f0a2675da0bc Mon Sep 17 00:00:00 2001 From: Dave Thomas Date: Mon, 18 Aug 2014 18:14:23 -0700 Subject: [PATCH 7/8] add apex capability to SOA to permit subdomains --- recipes/default.rb | 1 + templates/default/zonefile.erb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/recipes/default.rb b/recipes/default.rb index e2467ff..5291dd6 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -107,6 +107,7 @@ variables({ :domain => zone['domain'], :soa => zone['zone_info']['soa'], + :soa_apex => zone['zone_info'].has_key?('soa_apex') ? zone['zone_info']['soa_apex'] : '@', :contact => zone['zone_info']['contact'], :global_ttl => zone['zone_info']['global_ttl'], :nameserver => zone['zone_info']['nameserver'], diff --git a/templates/default/zonefile.erb b/templates/default/zonefile.erb index 5861fd3..94e94f7 100644 --- a/templates/default/zonefile.erb +++ b/templates/default/zonefile.erb @@ -1,5 +1,5 @@ $TTL <%= @global_ttl %> -@ IN SOA <%= @soa %> <%= @contact %> ( +<%= @soa_apex %> IN SOA <%= @soa %> <%= @contact %> ( <%%= @serial %> ; serial [yyyyMMddNN] 4H ; refresh 30M ; retry From bd5fd656e240d6473395bfcc16eabe317e14f71c Mon Sep 17 00:00:00 2001 From: Dave Thomas Date: Mon, 25 Aug 2014 14:50:46 -0700 Subject: [PATCH 8/8] Add transfer-format and dump superfluous logging --- templates/default/named.conf.options.erb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/default/named.conf.options.erb b/templates/default/named.conf.options.erb index 6114a5f..71a1bd9 100644 --- a/templates/default/named.conf.options.erb +++ b/templates/default/named.conf.options.erb @@ -37,6 +37,8 @@ options { <% if node[:bind9][:enable_ipv6] %> listen-on-v6 { any; }; <% end %> + + transfer-format many-answers; }; logging { @@ -49,4 +51,5 @@ logging { category default { default_log; }; category general { default_log; }; + category lame-servers { null; }; };