[bind] ajout de la validation dnssec

Ignore-this: 7b95172a7151d8afb3875992248e5b3a darcs-hash:20121101170635-3a55a-bd99f5e9f354cd835956e1a4b9ff625e574633e9.gz
2012-11-01 18:06:35 +01:00 · 2012-11-01 18:06:35 +01:00 · cc6041ef52
commit cc6041ef52
parent 616dcac16b
5 changed files with 32 additions and 2 deletions
--- a/Bundler/bind.xml
+++ b/Bundler/bind.xml
@ -1,5 +1,6 @@
 <Bundle name="bind">
  <ConfigFile name="/etc/bind/rndc.key"/>
+  <ConfigFile name="/etc/bind/named.conf"/>
  <ConfigFile name="/etc/bind/named.conf.local"/>
  <ConfigFile name="/etc/bind/named.conf.options"/>
  <Group name="dns-primary">
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@ -30,6 +30,7 @@
     profile="true">
    <Group name="crans-squeeze"/>
    <Group name="dns-secondary"/>
+    <Group name="dnssec-validation"/>
    <Group name="main-ftp-server"/>
 <!-- <Group name="ups-monitor"/> -->
    <Group name="debian-mirror"/>
@ -50,6 +51,7 @@
    <Group name="radius-server"/>
    <Group name="db-replicat"/>
    <Group name="dns-primary"/>
+    <Group name="dnssec-validation"/>
 <!-- <Group name="ups-monitor"/> -->
    <Group name="vlan-radin"/>
    <Group name="vlan-accueil" />
--- a/Python/etc/bind/named.conf
+++ b/Python/etc/bind/named.conf
@ -0,0 +1,23 @@
+# -*- mode: python; encoding: utf-8 -*-
+
+info["owner"] = "root"
+info["group"] = "bind"
+info["perms"] = 0644
+
+comment_start = "//"
+
+header("Conf de base de Bind9")
+
+@// This is the primary configuration file for the BIND DNS server named.
+@//
+@// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
+@// structure of BIND configuration files in Debian, *BEFORE* you customize
+@// this configuration file.
+@//
+@// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+
+if has("dnssec-validation"):
+    @include "/etc/bind/bind.keys";
+@include "/etc/bind/named.conf.options";
+@include "/etc/bind/named.conf.local";
--- a/Python/etc/bind/named.conf.options
+++ b/Python/etc/bind/named.conf.options
@ -52,5 +52,9 @@ if not has("dns-secondary-no-forward"):
    @    // traitement automatique pour la connexion de secours
    @    // (ligne decommentee automatiquement en mode secours)
    @//  forwarders { 138.231.136.14; } ; #POUR SECOURS
-@};

+if has("dnssec-validation"):
+    @    dnssec-enable yes;
+    @    dnssec-validation yes;
+
+@};
--- a/Python/etc/bind/rndc.key
+++ b/Python/etc/bind/rndc.key
@ -1,6 +1,6 @@
 include("secrets")

-info["owner"] = "root"
+info["owner"] = "bind"
 info["group"] = "bind"
 info["perms"] = 0640