From cc6041ef52dc060dfd6439709b1ea2f64578b77e Mon Sep 17 00:00:00 2001
From: Valentin Samir <samir@crans.org>
Date: Thu, 1 Nov 2012 18:06:35 +0100
Subject: [PATCH] [bind] ajout de la validation dnssec

Ignore-this: 7b95172a7151d8afb3875992248e5b3a

darcs-hash:20121101170635-3a55a-bd99f5e9f354cd835956e1a4b9ff625e574633e9.gz
---
 Bundler/bind.xml                   |  1 +
 Metadata/groups.xml                |  2 ++
 Python/etc/bind/named.conf         | 23 +++++++++++++++++++++++
 Python/etc/bind/named.conf.options |  6 +++++-
 Python/etc/bind/rndc.key           |  2 +-
 5 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 Python/etc/bind/named.conf

diff --git a/Bundler/bind.xml b/Bundler/bind.xml
index 0a56345..ed770c2 100644
--- a/Bundler/bind.xml
+++ b/Bundler/bind.xml
@@ -1,5 +1,6 @@
 <Bundle name="bind">
   <ConfigFile name="/etc/bind/rndc.key"/>
+  <ConfigFile name="/etc/bind/named.conf"/>
   <ConfigFile name="/etc/bind/named.conf.local"/>
   <ConfigFile name="/etc/bind/named.conf.options"/>
   <Group name="dns-primary">
diff --git a/Metadata/groups.xml b/Metadata/groups.xml
index 0be7198..fea27f1 100644
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@@ -30,6 +30,7 @@
      profile="true">
     <Group name="crans-squeeze"/>
     <Group name="dns-secondary"/>
+    <Group name="dnssec-validation"/>
     <Group name="main-ftp-server"/>
 <!-- <Group name="ups-monitor"/> -->
     <Group name="debian-mirror"/>
@@ -50,6 +51,7 @@
     <Group name="radius-server"/>
     <Group name="db-replicat"/>
     <Group name="dns-primary"/>
+    <Group name="dnssec-validation"/>
 <!-- <Group name="ups-monitor"/> -->
     <Group name="vlan-radin"/>
     <Group name="vlan-accueil" />
diff --git a/Python/etc/bind/named.conf b/Python/etc/bind/named.conf
new file mode 100644
index 0000000..43fc2a0
--- /dev/null
+++ b/Python/etc/bind/named.conf
@@ -0,0 +1,23 @@
+# -*- mode: python; encoding: utf-8 -*-
+
+info["owner"] = "root"
+info["group"] = "bind"
+info["perms"] = 0644
+
+comment_start = "//"
+
+header("Conf de base de Bind9")
+
+@// This is the primary configuration file for the BIND DNS server named.
+@//
+@// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
+@// structure of BIND configuration files in Debian, *BEFORE* you customize
+@// this configuration file.
+@//
+@// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+
+if has("dnssec-validation"):
+    @include "/etc/bind/bind.keys";
+@include "/etc/bind/named.conf.options";
+@include "/etc/bind/named.conf.local";
diff --git a/Python/etc/bind/named.conf.options b/Python/etc/bind/named.conf.options
index bb10011..c3eb570 100644
--- a/Python/etc/bind/named.conf.options
+++ b/Python/etc/bind/named.conf.options
@@ -52,5 +52,9 @@ if not has("dns-secondary-no-forward"):
     @    // traitement automatique pour la connexion de secours
     @    // (ligne decommentee automatiquement en mode secours)
     @//  forwarders { 138.231.136.14; } ; #POUR SECOURS
-@};
 
+if has("dnssec-validation"):
+    @    dnssec-enable yes;
+    @    dnssec-validation yes;
+
+@};
diff --git a/Python/etc/bind/rndc.key b/Python/etc/bind/rndc.key
index e5e18e4..6840977 100644
--- a/Python/etc/bind/rndc.key
+++ b/Python/etc/bind/rndc.key
@@ -1,6 +1,6 @@
 include("secrets")
 
-info["owner"] = "root"
+info["owner"] = "bind"
 info["group"] = "bind"
 info["perms"] = 0640