roles/named: Deploy BIND DNS server

The *named* role configures the BIND DNS server on managed nodes. It writes `/etc/named.conf`, using a template that supports most of the commonly-used options. The configuration can be augmented by other templates, etc. by specifying file paths in the `named_options_include` or `named_global_include` variables, both of which are lists.
2018-01-07 11:26:03 -06:00
parent ac354643c5
commit b493d81cfa
6 changed files with 172 additions and 0 deletions
--- a/roles/named/templates/named.sysconfig.j2
+++ b/roles/named/templates/named.sysconfig.j2
@@ -0,0 +1,21 @@
+# BIND named process options
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# OPTIONS="whatever"     --  These additional options will be passed to named
+#                            at startup. Don't add -t here, enable proper
+#                            -chroot.service unit file.
+#
+# NAMEDCONF=/etc/named/alternate.conf
+#                        --  Don't use -c to change configuration file.
+#                            Extend systemd named.service instead or use this
+#                            variable.
+#
+# DISABLE_ZONE_CHECKING  --  By default, service file calls named-checkzone
+#                            utility for every zone to ensure all zones are
+#                            valid before named starts. If you set this option
+#                            to 'yes' then service file doesn't perform those
+#                            checks.
+
+# Work around to make TSIG-GSS dynamic updates work. Kerberos replaying is
+# required in this scenario, but is rejected when a replay cache is used
+KRB5RCACHETYPE=none