# limitations under the License.
#
-include_recipe "networking"
-
-clients = search(:node, "roles:#{node[:bind][:clients]}")
-
-ipv4_clients = clients.collect do |client|
- client.ipaddresses(:family => :inet)
-end.flatten
-
-ipv6_clients = clients.collect do |client|
- client.ipaddresses(:family => :inet6)
-end.flatten
-
package "bind9"
-service_name = if node[:lsb][:release].to_f < 20.04
- "bind9"
- else
- "named"
- end
-
-service service_name do
+service "named" do
action [:enable, :start]
end
source "named.local.erb"
owner "root"
group "root"
- mode 0o644
- notifies :restart, "service[#{service_name}]"
+ mode "644"
+ notifies :restart, "service[named]"
end
template "/etc/bind/named.conf.options" do
source "named.options.erb"
owner "root"
group "root"
- mode 0o644
- variables :ipv4_clients => ipv4_clients, :ipv6_clients => ipv6_clients
- notifies :restart, "service[#{service_name}]"
+ mode "644"
+ notifies :restart, "service[named]"
end
template "/etc/bind/db.10" do
source "db.10.erb"
owner "root"
group "root"
- mode 0o644
- notifies :reload, "service[#{service_name}]"
+ mode "644"
+ notifies :reload, "service[named]"
end
firewall_rule "accept-dns-udp" do
action :accept
- source "net"
- dest "fw"
- proto "udp"
+ context :incoming
+ protocol :udp
dest_ports "domain"
- source_ports "-"
end
firewall_rule "accept-dns-tcp" do
action :accept
- source "net"
- dest "fw"
- proto "tcp:syn"
+ context :incoming
+ protocol :tcp
dest_ports "domain"
- source_ports "-"
end