Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rndc freeze|thaw #99

Open
FlorianSW opened this issue Feb 23, 2019 · 0 comments
Open

rndc freeze|thaw #99

FlorianSW opened this issue Feb 23, 2019 · 0 comments

Comments

@FlorianSW
Copy link

I'm using this module to manage some zones in my bind9 installation. Additionally I setup bind to allow dynamic updates (for letsencrypt). However, this adds a new complexity level when changing a zone file. To prevent the zonefile to get out of sync with the journal file of dynamic updates, I would like to freeze a/all zone files before updating one (or more) zone files (with rndc freeze) and unfreeze them after the zone files have changed (with rndc thaw).

For now I implemented this like that:

    exec { 'rndc freeze':
      command     => '/usr/sbin/rndc freeze',
      user        => root,
      group       => root,
    }

    exec { 'rndc thaw':
      command     => '/usr/sbin/rndc thaw',
      user        => root,
      group       => root,
      require     => File['/path/to/zones/zone1', '/path/to/zones/zone2'],
    }

    bind::server::file { [ 'zone1', 'zone2' ]:
      zonedir      => '/path/to/zones',
      source_base  => 'puppet:///modules/zones/',
    }

As you might see already, this has one main disadvantage: The freeze and thaw commands are executed at each puppet run, instead of only when the zone files get updated. This might not be a problem for the dynamic updates or the DNS server at all (exept from performance or maybe whatever), however it is unnecessary to execute these commands every half an hour (for the default time puppet runs).

So, this is a request to add a way in this module to freeze and unfreeze zones when they're updated.
FlorianSW added a commit to droidwiki/operations-puppet that referenced this issue Feb 23, 2019
@FlorianSW
Make sure that zone file updates does not break dynamic updates/named
5f3d9d9 
By freezing before and unfreezing after a zone file update, the zone configuration
and the dynamic update journal does not get out of sync anymore.

However, one disadvantage of this solution is, that the (un)freeze commands are run
at every puppet run. See also thias/puppet-bind#99
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@FlorianSW