REFERENCE.md

Reference

Table of Contents

Classes

• nsd: Configure NSD authoritative DNS server
• nsd::as112: helper class to configure an as112 server

Defined types

• nsd::file: define for creating nsd zone files
• nsd::remote: Configure a remote master server
• nsd::tsig: define for creating nsd zone files
• nsd::zone: define for creating nsd zones

Data types

• Nsd::Algo: Type for the Nsd algorithm
• Nsd::Rrltype: Type for the Nsd rrltype
• Nsd::Server: Type for the Nsd server
• Nsd::Zonemd_generate: Type for the Nsd zonemd_generate

Classes

nsd

Configure NSD authoritative DNS server

Parameters

The following parameters are available in the nsd class:

• tcp_timeout
• statistics
• chroot
• logfile
• difffile
• control_interface
• database
• default_tsig_name
• default_masters
• default_provide_xfrs
• enable
• slave_addresses
• zones
• files
• tsigs
• remotes
• server_template
• zones_template
• pattern_template
• gather_template
• includes_template
• puppetdb_server
• puppetdb_port
• ip_addresses
• includes
• ip_transparent
• reuseport
• debug_mode
• tcp_count
• tcp_query_count
• ipv4_edns_size
• ipv6_edns_size
• port
• username
• xfrd_reload_timeout
• verbosity
• hide_version
• version
• control_enable
• control_port
• logrotate_rotate
• logrotate_size
• rrl_enable
• rrl_size
• rrl_ratelimit
• rrl_slip
• rrl_whitelist
• rrl_ipv4_prefix_length
• rrl_ipv6_prefix_length
• rrl_whitelist_ratelimit
• identity
• nsid
• server_count
• pidfile
• zonesdir
• conf_dir
• zone_subdir
• conf_file
• xfrdfile
• server_key_file
• server_cert_file
• control_key_file
• control_cert_file
• package_name
• service_name
• restart_cmd
• logrotate_enable
• default_allow_axfr_fallback
• default_create_ixfr
• default_ixfr_size
• default_max_refresh_time
• default_min_refresh_time
• default_max_retry_time
• default_min_retry_time
• default_min_expire_time
• imports
• exports

tcp_timeout

Data type: Optional[Integer]

TCP timeout in seconds

Default value: undef

statistics

Data type: Optional[Integer]

Interval in seconds for statistics

Default value: undef

chroot

Data type: Optional[Stdlib::Unixpath]

Directory to chroot to

Default value: undef

logfile

Data type: Optional[Stdlib::Unixpath]

Path to the log file

Default value: undef

difffile

Data type: Optional[Stdlib::Unixpath]

Path to the differences file

Default value: undef

control_interface

Data type: Optional[Stdlib::IP::Address]

IP address for control interface

Default value: undef

database

Data type: Optional[Stdlib::Unixpath]

Path to the database file

Default value: undef

default_tsig_name

Data type: String

Default TSIG key name

Default value: 'NOKEY'

default_masters

Data type: Array[String]

List of default master servers

Default value: []

default_provide_xfrs

Data type: Array[String]

List of default servers to provide zone transfers

Default value: []

enable

Data type: Boolean

Whether to enable the service

Default value: true

slave_addresses

Data type: Hash

Hash of slave addresses

Default value: {}

zones

Data type: Hash

Hash of DNS zones

Default value: {}

files

Data type: Hash

Hash of files to manage

Default value: {}

tsigs

Data type: Hash

Hash of TSIG keys

Default value: {}

remotes

Data type: Hash

Hash of remote servers

Default value: {}

server_template

Data type: String

Template for server configuration

Default value: 'nsd/etc/nsd/nsd.server.conf.erb'

zones_template

Data type: String

Template for zones configuration

Default value: 'nsd/etc/nsd/nsd.zones.conf.erb'

pattern_template

Data type: String

Template for patterns configuration

Default value: 'nsd/etc/nsd/nsd.patterns.conf.erb'

gather_template

Data type: String

Template for gather configuration

Default value: 'nsd/etc/nsd/nsd.gather.conf.erb'

includes_template

Data type: String

Template for includes configuration

Default value: 'nsd/etc/nsd/nsd.includes.conf.erb'

puppetdb_server

Data type: Stdlib::IP::Address

IP address of the PuppetDB server

Default value: '127.0.0.1'

puppetdb_port

Data type: Stdlib::Port

Port of the PuppetDB server

Default value: 8080

ip_addresses

Data type: Array[Stdlib::IP::Address]

List of IP addresses

Default value: []

includes

Data type: Array[String[1]]

List of include files

Default value: []

ip_transparent

Data type: Boolean

Whether to enable IP transparency

Default value: false

reuseport

Data type: Boolean

Whether to enable SO_REUSEPORT

Default value: false

debug_mode

Data type: Boolean

Whether to enable debug mode

Default value: false

tcp_count

Data type: Integer

Number of TCP connections

Default value: 250

tcp_query_count

Data type: Integer

Number of TCP queries

Default value: 0

ipv4_edns_size

Data type: Integer[512,4096]

EDNS buffer size for IPv4

Default value: 4096

ipv6_edns_size

Data type: Integer[512,4096]

EDNS buffer size for IPv6

Default value: 4096

port

Data type: Stdlib::Port

Port number for the DNS server

Default value: 53

username

Data type: String

Username to run the service as

Default value: 'nsd'

xfrd_reload_timeout

Data type: Integer

Timeout for XFRD reload

Default value: 1

verbosity

Data type: Integer[0,3]

Verbosity level

Default value: 0

hide_version

Data type: Boolean

Whether to hide the version

Default value: false

version

Data type: Optional[String]

Version string

Default value: undef

control_enable

Data type: Boolean

Whether to enable control interface

Default value: false

control_port

Data type: Stdlib::Port

Port number for control interface

Default value: 8952

logrotate_rotate

Data type: Integer

Number of log rotations

Default value: 5

logrotate_size

Data type: String

Size of log files for rotation

Default value: '100M'

rrl_enable

Data type: Boolean

Whether to enable Response Rate Limiting

Default value: true

rrl_size

Data type: Integer

Size of the RRL table

Default value: 1000000

rrl_ratelimit

Data type: Integer

Rate limit for RRL

Default value: 200

rrl_slip

Data type: Integer

Slip ratio for RRL

Default value: 2

rrl_whitelist

Data type: Array[String]

List of whitelisted IPs for RRL

Default value: []

rrl_ipv4_prefix_length

Data type: Integer[1,32]

IPv4 prefix length for RRL

Default value: 24

rrl_ipv6_prefix_length

Data type: Integer[1,128]

IPv6 prefix length for RRL

Default value: 64

rrl_whitelist_ratelimit

Data type: Integer

Rate limit for whitelisted IPs in RRL

Default value: 4000

identity

Data type: String

Identity string

Default value: $facts['networking']['fqdn']

nsid

Data type: String

NSID string

Default value: $facts['networking']['fqdn']

server_count

Data type: Integer[1,255]

Number of server instances

Default value: $facts['processors']['count']

pidfile

Data type: Stdlib::Unixpath

Path to the PID file

Default value: '/run/nsd/nsd.pid'

zonesdir

Data type: Stdlib::Unixpath

Directory for zone files

Default value: '/var/lib/nsd'

conf_dir

Data type: Stdlib::Unixpath

Directory for configuration files

Default value: '/etc/nsd'

zone_subdir

Data type: Stdlib::Unixpath

Subdirectory for zone files

Default value: "${zonesdir}/zone"

conf_file

Data type: Stdlib::Unixpath

Path to the main configuration file

Default value: "${conf_dir}/nsd.conf"

xfrdfile

Data type: Stdlib::Unixpath

Path to the XFRD state file

Default value: "${zonesdir}/xfrd.state"

server_key_file

Data type: Stdlib::Unixpath

Path to the server key file

Default value: "${conf_dir}/nsd_server.key"

server_cert_file

Data type: Stdlib::Unixpath

Path to the server certificate file

Default value: "${conf_dir}/nsd_server.pem"

control_key_file

Data type: Stdlib::Unixpath

Path to the control key file

Default value: "${conf_dir}/nsd_control.key"

control_cert_file

Data type: Stdlib::Unixpath

Path to the control certificate file

Default value: "${conf_dir}/nsd_control.pem"

package_name

Data type: String

Name of the package

Default value: 'nsd'

service_name

Data type: String

Name of the service

Default value: 'nsd'

restart_cmd

Data type: String

Command to restart the service

Default value: '/usr/sbin/nsd-control reconfig'

logrotate_enable

Data type: Boolean

Whether to enable log rotation

Default value: true

default_allow_axfr_fallback

Data type: Optional[Stdlib::Yes_no]

Default allow AXFR fallback

Default value: undef

default_create_ixfr

Data type: Optional[Stdlib::Yes_no]

Default create IXFR

Default value: undef

default_ixfr_size

Data type: Optional[Integer]

Default IXFR size

Default value: undef

default_max_refresh_time

Data type: Optional[Integer]

Maximum refresh interval for zones

Default value: undef

default_min_refresh_time

Data type: Optional[Integer]

Minimum refresh interval for zones

Default value: undef

default_max_retry_time

Data type: Optional[Integer]

Maximum retry interval for zones

Default value: undef

default_min_retry_time

Data type: Optional[Integer]

Minimum retry interval for zones

Default value: undef

default_min_expire_time

Data type: Optional[Integer]

Minimum expire interval for zones

Default value: undef

imports

Data type: Array[String]

List of import files

Default value: []

exports

Data type: Array[String]

List of export files

Default value: []

nsd::as112

helper class to configure an as112 server

Defined types

nsd::file

define for creating nsd zone files

Parameters

The following parameters are available in the nsd::file defined type:

• ensure
• owner
• group
• mode
• source
• content
• content_template

ensure

Data type: String

the ensure value for the file

Default value: 'present'

owner

Data type: String

the owner of the file

Default value: 'root'

group

Data type: String

the group of the file

Default value: 'nsd'

mode

Data type: Stdlib::Filemode

the mode of the file

Default value: '0640'

source

Data type: Optional[Stdlib::Filesource]

the source of the file

Default value: undef

content

Data type: Optional[String]

the content of the file

Default value: undef

content_template

Data type: Optional[String]

the template to use for the content

Default value: undef

nsd::remote

Configure a remote master server

Parameters

The following parameters are available in the nsd::remote defined type:

• address4
• address6
• tsig
• tsig_name
• port

address4

Data type: Optional[Stdlib::IP::Address]

the IPv4 address of the remote server

Default value: undef

address6

Data type: Optional[Stdlib::IP::Address]

the IPv6 address of the remote server

Default value: undef

tsig

Data type: Optional[String]

the name of the tsig key to use

Default value: undef

tsig_name

Data type: Optional[String]

the name of the tsig key to use

Default value: undef

port

Data type: Stdlib::Port

the port to connect to

Default value: 53

nsd::tsig

define for creating nsd zone files

Parameters

The following parameters are available in the nsd::tsig defined type:

• data
• algo
• template
• key_name

data

Data type: String

the data for the tsig key

algo

Data type: Nsd::Algo

the algorithm to use

Default value: 'hmac-sha256'

template

Data type: String

the template to use for the key

Default value: 'nsd/etc/nsd/nsd.key.conf.erb'

key_name

Data type: Optional[String]

the name of the key

Default value: undef

nsd::zone

define for creating nsd zones

Parameters

The following parameters are available in the nsd::zone defined type:

• masters
• provide_xfrs
• allow_notify_additions
• send_notify_additions
• zonefile
• zone_dir
• rrl_whitelist
• zonemd_verify
• zonemd_generate
• allow_axfr_fallback
• create_ixfr
• ixfr_size
• max_refresh_time
• min_refresh_time
• max_retry_time
• min_retry_time
• min_expire_time

masters

Data type: Array[String]

the list of master servers for the zone

Default value: []

provide_xfrs

Data type: Array[String]

the list of servers to provide xfrs to

Default value: []

allow_notify_additions

Data type: Array[String]

the list of servers to allow notify additions from

Default value: []

send_notify_additions

Data type: Array[String]

the list of servers to send notify additions to

Default value: []

zonefile

Data type: Optional[String]

the zone file to use

Default value: undef

zone_dir

Data type: Optional[Stdlib::Unixpath]

the directory to store the zone file in

Default value: undef

rrl_whitelist

Data type: Array[Nsd::Rrltype]

the list of rrl whitelist entries

Default value: []

zonemd_verify

Data type: Optional[Enum['on','off']]

whether to verify zonemd records

Default value: undef

zonemd_generate

Data type: Optional[Nsd::Zonemd_generate]

whether to generate zonemd records

Default value: undef

allow_axfr_fallback

Data type: Optional[Stdlib::Yes_no]

whether to allow axfr fallback

Default value: undef

create_ixfr

Data type: Optional[Stdlib::Yes_no]

whether to create ixfr files

Default value: undef

ixfr_size

Data type: Optional[Integer]

the size of the ixfr files

Default value: undef

max_refresh_time

Data type: Optional[Integer]

Maximum refresh interval for zones

Default value: undef

min_refresh_time

Data type: Optional[Integer]

Minimum refresh interval for zones

Default value: undef

max_retry_time

Data type: Optional[Integer]

Maximum retry interval for zones

Default value: undef

min_retry_time

Data type: Optional[Integer]

Minimum retry interval for zones

Default value: undef

min_expire_time

Data type: Optional[Integer]

Minimum expire interval for zones

Default value: undef

Data types

Nsd::Algo

Type for the Nsd algorithm

Alias of Enum[hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, hmac-md5]

Nsd::Rrltype

Type for the Nsd rrltype

Alias of Enum[nxdomain, error, referral, any, rrsig, wildcard, nodata, dnskey, positive, all]

Nsd::Server

Type for the Nsd server

Alias of

Struct[{
    address4          => Optional[Variant[Tea::Ipv4, Tea::Ipv4_cidr]],
    address6          => Optional[Variant[Tea::Ipv6, Tea::Ipv6_cidr]],
    fetch_tsig_name   => Optional[String],
    provide_tsig_name => Optional[String],
}]

Nsd::Zonemd_generate

Type for the Nsd zonemd_generate

Alias of Enum[none, zonemd-sha384, zonemd-sha512, remove]