Accueil Explorer Aide
Connexion
ldn
/
puppet
2
0
Fork 0
Fichiers Tickets 1 Pull Requests 0
Parcourir la source

[dns] Recursive and TLS proxy

Gabriel Corona il y a 8 ans
Parent
a22c963cb6
commit
792079bad6
6 fichiers modifiés avec 189 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 5 0
      files/dns/recursive/bind/named.conf
  2. 72 0
      files/dns/recursive/bind/named.conf.options
  3. 25 0
      files/dns/tls_proxy/dns.conf
  4. 11 0
      files/dns/tls_proxy/stunnel
  5. 28 0
      manifests/dns/recursive.pp
  6. 48 0
      manifests/dns/tls_proxy.pp

+ 5 - 0
files/dns/recursive/bind/named.conf
Voir le fichier 

@@ -0,0 +1,5 @@
 
+// MANAGED BY PUPPET
 
+// Module:: dns::recursive
 
+// File:: dns/files/recursive/bind/named.conf
 
+
 
+include "/etc/bind/named.conf.options";

+ 72 - 0
files/dns/recursive/bind/named.conf.options
Voir le fichier 

@@ -0,0 +1,72 @@
 
+// MANAGED BY PUPPET
 
+// Module:: dns::recursive
 
+// File:: dns/files/recursive/bind/named.conf.options
 
+
 
+logging {
 
+  // Send named messages to syslog
 
+  channel syslog {
 
+    syslog local2;
 
+    severity error;
 
+  };
 
+  // Send security related messages to separate file
 
+  channel security {
 
+    file "/var/log/named/security.log" versions 3 size 2m;
 
+    print-time yes;
 
+    // http://www.zytrax.com/books/dns/ch7/logging.html
 
+    // Please do not set this value above error!
 
+    // For privacy reasons...
 
+    severity error;
 
+    print-severity yes;
 
+    print-category yes;
 
+  };
 
+  // Aiguillage
 
+  category default { syslog; };
 
+  category general { syslog; };
 
+  category security { security; syslog; };
 
+  category config { syslog; };
 
+  category resolver { security; };
 
+  category xfer-in { security; };
 
+  category xfer-out { security; };
 
+  category notify { security; };
 
+  category client { security; };
 
+  category network { security; };
 
+  category update { security; };
 
+  category queries { security; };
 
+  category lame-servers { security; };
 
+};
 
+
 
+options {
 
+
 
+  directory "/var/cache/bind";
 
+  version "42";
 
+
 
+  pid-file "/var/run/named/named.pid";
 
+
 
+  // Stats
 
+  statistics-file "/var/named/named.stats";
 
+  memstatistics-file "/var/named/named.memstats";
 
+  // Not yet implemented in BIND9
 
+  //statistics-interval 30;
 
+  dump-file "/var/backups/named.dump";
 
+  zone-statistics yes;
 
+
 
+  notify no;
 
+  interface-interval 0;
 
+
 
+  minimal-responses yes;
 
+  dnssec-validation auto;
 
+  auth-nxdomain no;
 
+
 
+  recursion yes;
 
+  recursive-clients 20;
 
+
 
+  listen-on { any; };
 
+  listen-on port 9000 { any; };
 
+  listen-on-v6 { any; };
 
+  listen-on-v6 port 9000 { any; };
 
+  allow-query { any; };
 
+
 
+  # Limite la taille des réponses sur UDP à 1460 octets
 
+  # Tronque la réponse au-delà, le client reviendra sur TCP
 
+  max-udp-size 1460;
 
+};

Fichier diff supprimé car celui-ci est trop grand
+ 25 - 0
files/dns/tls_proxy/dns.conf


+ 11 - 0
files/dns/tls_proxy/stunnel
Voir le fichier 

@@ -0,0 +1,11 @@
 
+# /etc/default/stunnel
 
+# Julien LEMOINE <speedblue@debian.org>
 
+# September 2003
 
+
 
+# Change to one to enable stunnel automatic startup
 
+ENABLED=1
 
+FILES="/etc/stunnel/*.conf"
 
+OPTIONS=""
 
+
 
+# Change to one to enable ppp restart scripts
 
+PPP_RESTART=0

+ 28 - 0
manifests/dns/recursive.pp
Voir le fichier 

@@ -0,0 +1,28 @@
 
+# Module:: public
 
+# Manifest:: dns/autoritaire.pp
 
+#
 
+# Author:: Julien Vaubourg (<julien@vaubourg.com>)
 
+# Date:: 2013-09-21 13:36:02 +0200
 
+# Maintainer:: Julien Vaubourg (<julien@vaubourg.com>)
 
+#
 
+# Class:: public::dns::recursive inherits public::dns
 
+#
 
+#
 
+class public::dns::recursive {
 
+
 
+  include '::bind'
 
+
 
+  bind::server::file { [
 
+    'named.conf',
 
+
 
+    # from named.conf
 
+    'named.conf.options',
 
+
 
+  ]:
 
+    zonedir     => '/etc/bind/',
 
+    owner       => 'bind',
 
+    group       => 'bind',
 
+    source_base => 'puppet:///modules/public/dns/recursive/bind/',
 
+  }
 
+
 
+}

+ 48 - 0
manifests/dns/tls_proxy.pp
Voir le fichier 

@@ -0,0 +1,48 @@
 
+# Module:: public
 
+# Manifest:: dns/tls_proxy.pp
 
+#
 
+# Author:: Gabriel Corona (<gabriel.corona@enst-bretagne.fr>)
 
+# Date:: 2015-02-16 00:16:42 +0200
 
+# Maintainer:: Gabriel Corona (<gabriel.corona@enst-bretagne.fr>)
 
+#
 
+# Class:: public::dns::tls_proxy inherits public::dns
 
+#
 
+#
 
+class public::dns::tls_proxy {
 
+
 
+  # Mot this into a stunnel module:
 
+  ensure_packages(['stunnel4'])
 
+
 
+  service{'stunnel4':
 
+    ensure => running,
 
+    enable => true,
 
+  }
 
+
 
+  Package['stunnel4'] ->
 
+  file{'/etc/default/stunnel4':
 
+    ensure => present,
 
+    owner  => 'root',
 
+    group  => 'root',
 
+    mode   => 'u=r,go=r',
 
+    source => 'puppet:///modules/public/dns/tls_proxy/stunnel'
 
+  } ~> Service['stunnel4']
 
+
 
+  Package['stunnel4'] ->
 
+  file{'/etc/stunnel/dns.conf':
 
+    ensure => present,
 
+    owner  => 'root',
 
+    group  => 'root',
 
+    mode   => 'u=r,go=r',
 
+    source => 'puppet:///modules/public/dns/tls_proxy/dns.conf'
 
+  } ~> Service['stunnel4']
 
+
 
+  Package['stunnel4'] ->
 
+  file{'/etc/stunnel/dns.pem':
 
+    ensure  => file,
 
+    source  => "puppet:///private/dns.pem",
 
+    owner   => 'root',
 
+    group   => 'root',
 
+    mode    => '0640';
 
+  } ~> Service['stunnel4']
 
+
 
+}