- Add custom view options support.
- Add per-zone
allow_transferfor primary zones.
-
Log file names defined with
bind::logging::channel_filecan now also be relative file names. In this case the names are relative to the directory defined usingbind::logdir. -
The new class parameter
custom_configsallows to add custom configuration files that are included in the main config.
- The path to the checkzone program has been fixed on Debian-13.
- The main class supports a new optional parameter logdir to manage the log directory.
- Add support for Debian-13 Trixie.
- Add support for Response Policy Zones (RPZ).
- Drop support for Debian-10 Buster.
- Drop support for Puppet; add support for OpenVox.
- Add class parameters to manage most settings using Hiera.
- Add support for ED25519 & ED448 keys to the dnssec_key type.
- Add support for Debian-12, Ubuntu-22.04 and Ubuntu-24.04
- Drop support for Puppet 6
- Require Stdlib 9.x
- Add support for Puppet 8
- Add support for Concat 9.x
- Add support for Concat 8.x
- The directory for DNSSEC keys managed internally by Bind (e.g. using inline-signing) has been changed from
/etc/bind/keysto/var/lib/bind/keys. This is necessary to manage the keys when Bind is running on a host where AppArmor is enabled. Copy all keys managed by Bind from/etc/bind/keysto/var/lib/bind/keysbefore updating this module!
- The defined type
bind::logging::channel_filehas a new parametermodeto set the file mode of the log file. The default value for the parameter is0640. - A new boolean parameter
append_viewhas been added to the defined typesbind::zone::primaryandbind::zone::secondary. The file name of the zone file includes the view name if you set this parameter totrue. Enable this if you have the same zone in different views to prevent zones in different views to reference the same zone file.
- The defined type parameter
dnssechas been renamed todnssec_enableto match the main class parameter. - All DNSSEC related zone parameters have been made optional. The config parameter
dnssec-enablehas been made obsolete with Bind 9.16 so that is no longer a prerequisite to activate other config options in the template. Make sure your Puppet code defines all parameters for your DNSSEC enabled primary zones. - A primary zone using dynamic updates can now have a
contentorsourceparameter. The content of the zone file is created if the file does not exist. Subsequent puppet runs will not update the zone file as long as dynamic updates are used and the parameterupdate_policyis set for the zone.
- A syntax error with the in-view option has been fixed.
- The path to the
named-checkzonebinary is a class option now.
- The default for
root_hints_enablehas been changed fromtruetofalse. Normally a root hints file is no longer used since Bind includes an internal list of root name servers.
- Fix path of options file on Debian-11.
- The class
bind::rate_limithas been removed. All rate limit settings can be configured using the main classbind.
- Implement
update-policyfor primary zones to manage dynamic zones.
- Drop Debian 9 support
- Add defined type
bind::dnssec_policy.
- Add explicit class parameter
dnssec_lookaside. - Add explicit class parameter
dnssec_validation. - The parameters
dnssec_enableanddnssec_lookasideare obsolete with Bind 9.16.0 or later. They will be removed from the configuration file when a applicable Bind version is detected.
- Allow stdlib 8.0.0
- Implement
custom_optionsparameter to set unusual configuration options that are not implemented in the main class.
- Implement
purge,prepublish,revokeandretireparameters fordnssec_keytype. - Implement user defined logfile mode for defined type
bind::logging::channel_file.
Initial release