Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

bind (42) Versions 3.0.2

Installs/Configures ISC BIND

Policyfile
Berkshelf
Knife
cookbook 'bind', '= 3.0.2', :supermarket
cookbook 'bind', '= 3.0.2'
knife supermarket install bind
knife supermarket download bind
README
Dependencies
Changelog
Quality 100%

bind Cookbook

Cookbook Version
CI State
OpenCollective
OpenCollective
License

Description

A chef cookbook to manage BIND servers and zones.

Requirements

This cookbook follows the library pattern. To use the cookbook effectively you'll need a wrapper cookbook that uses the resources provided in this cookbook.

A default recipe is provided. It only provides a basic recursive name server.

Platforms

  • CentOS/RHEL 7+
  • Debian 9+
  • Ubuntu 18.04+

Chef

  • Chef 15.3+

Attributes

Most attributes have been removed in favour of custom resources. See the [MIGRATION.md](MIGRATION.md) document.

Resources

The following resources are provided:

  • [bind_acl](documentation/bind_acl.md)
  • [bind_config](documentation/bind_config.md)
  • [bind_forward_zone](documentation/bind_forward_zone.md)
  • [bind_key](documentation/bind_key.md)
  • [bind_linked_zone](documentation/bind_linked_zone.md)
  • [bind_logging_category](documentation/bind_logging_category.md)
  • [bind_logging_channel](documentation/bind_logging_channel.md)
  • [bind_primary_zone](documentation/bind_primary_zone.md)
  • [bind_primary_zone_template](documentation/bind_primary_zone_template.md)
  • [bind_secondary_zone](documentation/bind_secondary_zone.md)
  • [bind_server](documentation/bind_server.md)
  • [bind_service](documentation/bind_service.md)
  • [bind_stub_zone](documentation/bind_stub_zone.md)
  • [bind_view](documentation/bind_view.md)

Usage

Using custom resources leads to a quite flexible configuration, but requires a little bit more work in a wrapper cookbook to use. The following examples are presented here:

  • Internal recursive nameserver
  • Authoritative primary nameserver
  • Authoritative secondary nameserver
  • Using views for internal recursion and external authoritative name service

Internal recursive nameserver

bind_service 'default' do
  action [:create, :start]
end

bind_config 'default' do
  ipv6_listen true
  options [
    'check-names slave ignore',
    'multi-master yes',
    'provide-ixfr yes',
    'recursive-clients 10000',
    'request-ixfr yes',
    'allow-notify { acl-dns-masters; acl-dns-slaves; }',
    'allow-query { example-lan; localhost; }',
    'allow-query-cache { example-lan; localhost; }',
    'allow-recursion { example-lan; localhost; }',
    'allow-transfer { acl-dns-masters; acl-dns-slaves; }',
    'allow-update-forwarding { any; }',
  ]
end

bind_acl 'acl-dns-masters' do
  entries [
    '! 10.1.1.1',
    '10/8'
  ]
end

bind_acl 'acl-dns-slaves' do
  entries [
    'acl-dns-masters'
  ]
end

bind_acl 'example-lan' do
  entries [
    '10.2/16',
    '10.3.2/24',
    '10.4.3.2'
  ]
end

Authoritative primary nameserver

There are two ways to create primary zone files with this cookbook. The first is by providing a complete zone file that is placed in the correct directory (and is added to the nameserver configuration by using the bind_primary_zone resource). The second way is by using the bind_primary_zone_template resource. To use this you need to provide an array of hashes containing the records you want to be added to the zone file.

The following example has both options shown. In a wrapper cookbook add the code below with appropriate modifications.

You'll need to configure the ACL entries (and names) for the example-lan and acl-dns-masters ACLs for your local configuration.

You will also need to arrange for the zone files to be placed in the configured location (which is OS dependent by default).

Resource style:

bind_service 'default' do
  action [:create, :start]
end

bind_config 'default' do
  ipv6_listen true
  options [
    'recursion no',
    'allow-query { any; }',
    'allow-transfer { external-private-interfaces; external-dns; }',
    'allow-notify { external-private-interfaces; external-dns; localhost; }',
    'listen-on-v6 { any; }'
  ]
end

bind_acl 'external-private-interfaces' do
  entries [
  ]
end

bind_acl 'external-dns' do
  entries [
  ]
end

cookbook_file '/var/named/primary/db.example.com' do
  owner 'named'
  group 'named'
  mode '0440'
  action :create
end

bind_primary_zone 'example.com'

bind_primary_zone_template 'example.org' do
  soa serial: 100
  default_ttl 200
  records [
    { type: 'NS', rdata: 'ns1.example.org.' },
    { type: 'NS', rdata: 'ns2.example.org.' },
    { type: 'MX', rdata: '10 mx1.example.org.' },
    { type: 'MX', rdata: '20 mx1.example.org.' },
    { owner: 'www', type: 'A', ttl: 20, rdata: '10.5.0.1' },
    { owner: 'ns1', type: 'A', ttl: 20, rdata: '10.5.1.1' },
    { owner: 'ns2', type: 'A', ttl: 20, rdata: '10.5.2.1' },
    { owner: 'mx1', type: 'A', ttl: 20, rdata: '10.5.1.100' },
    { owner: 'mx2', type: 'A', ttl: 20, rdata: '10.5.2.100' },
  ]
end

Authoritative secondary nameserver

In a wrapper cookbook add the code below with appropriate modifications.

You'll need to configure the ACL entries (and names) for the example-lan and acl-dns-masters ACLs for your local configuration.

bind_service 'default' do
  action [:create, :start]
end

bind_config 'default' do
  ipv6_listen true
  options [
    'recursion no',
    'allow-query { any; }',
    'allow-transfer { external-private-interfaces; external-dns; }',
    'allow-notify { external-private-interfaces; external-dns; localhost; }',
    'listen-on-v6 { any; }'
  ]
end

bind_acl 'acl-dns-masters' do
  entries [
    '! 10.1.1.1',
    '10/8'
  ]
end

bind_acl 'acl-dns-slaves' do
  entries [
    'acl-dns-masters'
  ]
end

bind_acl 'example-lan' do
  entries [
    '10.2/16',
    '10.3.2/24',
    '10.4.3.2'
  ]
end

bind_secondary_zone 'example.com' do
  primaries %w(192.0.2.10 192.0.2.11 192.0.2.12)
end

bind_secondary_zone 'example.org' do
  primaries %w(192.0.2.10 192.0.2.11 192.0.2.12)
end

Using views for internal recursion and external authoritative name service

Using the bind_view resource allows you to configure one or more views in the configuration. When using bind_view you will need to tell the zone resources which view they should be configured in. If this is omitted the zone will be configured in the bind_config property default_view (which defaults to default).

bind_service 'default'

bind_config 'default' do
  default_view 'external'
end

bind_view 'internal' do
  match_clients ['10.0.0.0/8']
  options [
    'recursion yes'
  ]
end

bind_primary_zone 'internal-example.com' do
  view 'internal'
  zone_name 'example.com'
end

bind_primary_zone 'secret.example.com' do
  view 'internal'
end

bind_view 'external' do
  options [
    'recursion no'
  ]
end

bind_primary_zone 'example.com'

Nameserver in chroot mode

The bind_service and bind_config resources can accept a boolean true or false for chroot, declaring whether or not to install the BIND server in a chroot manner. If one provider declares this value, the other must match or the converge will fail. Currently all supported platforms except Ubuntu 16.04 LTS are supported with chrooted configuration. By default, this is set to false

bind_service 'default' do
  chroot true
  action :create
end

bind_config 'default' do
  chroot true
  options [
    'recursion no',
    'allow-transfer { internal-dns; }'
  ]
end

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

https://opencollective.com/sous-chefs#backers

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.

https://opencollective.com/sous-chefs/sponsor/0/website
https://opencollective.com/sous-chefs/sponsor/1/website
https://opencollective.com/sous-chefs/sponsor/2/website
https://opencollective.com/sous-chefs/sponsor/3/website
https://opencollective.com/sous-chefs/sponsor/4/website
https://opencollective.com/sous-chefs/sponsor/5/website
https://opencollective.com/sous-chefs/sponsor/6/website
https://opencollective.com/sous-chefs/sponsor/7/website
https://opencollective.com/sous-chefs/sponsor/8/website
https://opencollective.com/sous-chefs/sponsor/9/website

bind Cookbook CHANGELOG

This file is used to list changes made in each version of the bind cookbook.

3.0.2 - 2021-10-13

  • Convert node['platform_version'] to a float for correct comparison

3.0.1 - 2021-10-13

  • Include BindCookbook::Helpers via action_class in bind_config
  • Add CHEF_PRODUCT_NAME variable for setting product_name

3.0.0 - 2021-10-11

  • Sous Chefs adoption
  • Restart bind_service immediately when using delayed_action :create
  • Enable resource unified_mode for Chef 17 compatibility
  • Add create_if_missing to primary_zone_template
  • Workaround upstream issue as described in https://bugs.debian.org/983216
  • Update named.ca to latest upstream version
  • Cookstyle fixes
  • Switch to using an InSpec profile for reusable testing
  • Fix issues with chroot on Debian and Ubuntu systems
  • Install dnsutils package on Debian-based systems to get dig binary
  • Remove sysvinit support
  • Fix AppArmor permissions for bind_logging_channel when files are used

2.3.1 - 2020-01-23

  • #58: Multiple statistices channel support - bmhughes
  • #59: fix bug in additional config files directive - ramereth

2.3.0 - 2019-10-21

  • Update supported OS and Chef clients.
  • Support chroot on ubuntu 18.
  • Add bind_stub_zone resource.
  • Add controls, per_view_additional_config, and additional_config_files to bind_config resource.

2.2.1 - 2018-10-08

  • Add support for in-view directive using bind_linked_zone resource.

2.2.0 - 2018-03-08

  • Add bind_logging_channel and bind_logging_category custom resources.
  • Add bind_view custom resource.
  • Add :create_if_missing action to bind_primary_zone resource.

2.1.1 - 2017-12-01

  • According to RFC1035, FQDN length max is 255 characters, and each label (dot delimited) is 63 characters. Setting first column width to 65 characters

2.1.0 - 2017-12-01

  • Add support for chrooted install
  • Chroot Supported platforms: CentOS/RedHat 6.x+, Debian 8.x+, Ubuntu 14.04 LTS
  • Chroot Incompatible platforms: Ubuntu 16.04 LTS ubuntu/+source/bind9/+bug/1630025
  • Updated rndc call to be compliant with current auto-configuration standards
  • Updated file paths using ::File,join() method
  • Delayed all template creation to avoid file busy conflicts
  • Added .kitchen.dokken.yml for faster testing with kitchen-dokken
  • Added support for env var CHEF_VERSION to affect kitchen-dokken chef-client version
  • Supports chef-client version 12.21.26 and 13.6.4

2.0.1 - 2017-11-17

  • Add manage_serial option to bind_primary_zone_template resource

2.0.0 - 2017-11-07

  • Migrate to using custom resources. See MIGRATION.md for details on migrating from v1.x.

1.3.0 - 2017-04-17

  • Change default for statistics channel to be false, and add an attribute to set the bind address.

1.2.0 - 2015-01-02

  • Add server clause.
  • Add bind forwardzones attribute.

1.1.4 - 2014-11-19

  • Restore previous default for querylog size and amount
  • Correct quoting for log file rotation
  • Minor rubocop corrections

1.1.3 - 2014-10-08

  • Added log_file_size attribute.

1.1.1 - 2014-08-13

  • Added array for domainzones attribute

1.1.0 - 2014-05-25

  • Add named-checkconf sanity checking
  • Add thor/scmversion
  • Update specs

1.0.3 - 2014-03-17

  • Update documentation

1.0.2 - 2014-02-18

  • Stub file for service tests

1.0.1 - 2014-02-16

  • Add delayed timing to service reload
  • Fix a minor issue with rndc.key on CentOS 6.x

1.0.0 - 2014-02-13

Clearing out backlog of issues.

  • Add standalone logging support, to named.options file. #4
  • Revert incorrect /etc/named.conf location for EL6.
  • Graceful handling for lack of data_bags. #7
  • Added documentation for standalone logging support. #8
  • Added statistics-channel support. #9
  • Updated kitchen and build files.
  • Added bats tests.
  • Removed minitests/Added chefspec

BREAKING CHANGE

  • Removed etc_cookbook_files and etc_template_files in favor of simpler bind['included_files'] attribute

Explanation:

You could, for examplem, drop off other static files or templates in your sysconf directory. Then include these files in your named.conf by overriding this attribute.

0.2.0 - 2013-05-30

This is the first cookbook, I have validated with @fnichol re-write of test-kitchen. It took about 3-4 minutes to validate this cookbook across 4 platforms.

I identified two RHEL 5, and one Ubuntu, recipe bugs which nobody including myself has caught. I cannot overstate, how much time this has saved me. If you have not tried the test-kitchen re-write, do yourself the favor and start working with it now.

  • Add test-kitchen/Berkshelf skeleton files
  • Platform-specific fixes
    • Correct location of /etc/named.conf on RHEL 5
    • Added conf_file and options_file are attributes
    • Refactor service actions, and config file rendering
    • Enabled usage of search also on chef-solo via @fabn
    • Various Ubuntu platform fixes via @fabn
    • Added apt recipe to pass test-kitchen

0.1.1 - 2013-04-15

  • Pass zone array to template with uniq and sort

0.1.0 - 2013-03-26

  • Add bind zones attributes for "role (attribute)", "ldap", and "databag" sources.

0.0.9 - 2013-03-25

  • ldap host incorrectly being scoped as node.default

0.0.8 - 2013-03-25

  • Change node scope to node.default for Chef 11

0.0.7 - 2013-01-24

  • Update root nameserver D

0.0.6 - 2012-08-01

  • Move masters keyword to slave block

0.0.4 - 2012-01-05

  • Clean up and public release

0.0.2 - 2011-04-22

  • Initial prototype for internal use

Collaborator Number Metric
            

3.0.2 passed this metric

Contributing File Metric
            

3.0.2 passed this metric

Foodcritic Metric
            

3.0.2 passed this metric

No Binaries Metric
            

3.0.2 passed this metric

Testing File Metric
            

3.0.2 passed this metric

Version Tag Metric
            

3.0.2 passed this metric