I would like to configure a DNS (bind9) server. Why don’t use Puppet to do the job ?

Existing Puppet module

OK, have a look on Puppet forge to see what existing DNS modules already exist. This one : ajjhan/dns looks good (thanks Adam Jahn !).

Install git :

[root@puppetserver ~]# yum -y install git

Here are my Puppet modules directories :

[root@puppetserver ~]# puppet module list | egrep /
/etc/puppetlabs/code/environments/production/modules
/etc/puppetlabs/code/modules
/opt/puppetlabs/puppet/modules
/examples/standalone_manifests

I will install this module in “/etc/puppetlabs/code/modules” directory :

[root@puppetserver ~]# cd /etc/puppetlabs/code/modules
[root@puppetserver modules]# git clone git://github.com/ajjahn/puppet-dns.git dns

This module has been installed :

[root@puppetserver modules]# puppet module list | grep dns
├── ajjahn-dns (v2.0.3)

Puppet manifest

Here a manifest with some DNS zones definitions :

[root@puppetserver manifests]# cat manage_dns.pp
#
# This manifest all "bind9" packages, start "named" service, and configure zones as well
#
class easy::manage_dns {

# Puppet DNS module : git clone git://github.com/ajjahn/puppet-dns.git dns
  class { 'dns::server': }

  dns::server::options { '/etc/named/named.conf.options':
    forwarders => [ '192.168.1.1' , '8.8.8.8' , '8.8.4.4' ]
  }

# Forward zone
  dns::zone { 'argonay.wou':
    soa         => 'dns.argonay.wou',
    soa_email   => 'dns.argonay.wou',
    nameservers => ['dns'],
  }

# Reverse zone
  dns::zone { '1.168.192.IN-ADDR.ARPA':
    soa         => 'dns.argonay.wou',
    soa_email   => 'dns.argonay.wou',
    nameservers => ['dns'],
  }

# Define all "A" records :
  dns::record::a {
    'dns':
      zone => 'argonay.wou',
      data => ['192.168.0.209'],
      ptr  => true;
    'puppetserver':
      zone => 'argonay.wou',
      data => ['192.168.1.151'],
      ptr  => true;
    'nfsserver':
      zone => 'argonay.wou',
      data => ['192.168.1.152'],
      ptr  => true;
  }

# Define all "CNAME" records :
  dns::record::cname {
    'puppet':
      zone => 'argonay.wou',
      data => 'puppetserver.argonay.wou';
   'nfs':
      zone => 'argonay.wou',
      data => 'nfsserver.argonay.wou';
  }

}

Check syntax :

[root@puppetserver manifests]# puppet parser validate manage_dns.pp

Dry run :

[root@puppetserver manifests]# puppet apply --noop -e 'class { "easy::manage_dns": }'

Applying manifest

Hiera configuration :

[root@puppetserver manifests]# cat $(puppet config print hiera_config)
---
:backends:
  - yaml
:hierarchy:
  - "nodes/%{::trusted.certname}"
  - common

:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /etc/puppetlabs/code/environments/%{environment}/hieradata on *nix
# - %CommonAppData%\PuppetLabs\code\environments\%{environment}\hieradata on Windows
# When specifying a datadir, make sure the directory exists.
  :datadir:
[root@puppetserver manifests]# cat /etc/puppetlabs/code/environments/production/hieradata/nodes/dns.argonay.wou.yaml
---

# classes to execute :
classes :
  - 'easy::manage_dns'

On Puppet agent, ask Puppet server to execute this class :

[root@dns ~]# puppet agent -tv

bind9 configuration files are here :

/var/named
├── data
│   └── named.run
├── db.1.168.192.IN-ADDR.ARPA
├── db.1.168.192.IN-ADDR.ARPA.stage
├── db.argonay.wou
├── db.argonay.wou.stage
├── dynamic
│   ├── managed-keys.bind
│   └── managed-keys.bind.jnl
├── named.ca
├── named.empty
├── named.localhost
├── named.loopback
└── slaves

DNS tests

Edit “/etc/resolv.conf” file :

[root@dns ~]# cat /etc/resolv.conf
nameserver      192.168.1.209
domain          argonay.wou

“A” record :

[root@dns ~]# nslookup puppetserver
Server:         192.168.1.209
Address:        192.168.1.209#53

Name:   puppetserver.argonay.wou
Address: 192.168.1.151

“PTR” record :

[root@dns ~]# nslookup 192.168.1.151
Server:         192.168.1.209
Address:        192.168.1.209#53

151.1.168.192.in-addr.arpa      name = puppetserver.argonay.wou.

“CNAME” record :

[root@dns ~]# nslookup nfs
Server:         192.168.1.209
Address:        192.168.1.209#53

nfs.argonay.wou canonical name = nfsserver.argonay.wou.
Name:   nfsserver.argonay.wou
Address: 192.168.1.152

Forwareded requests :

[root@dns ~]# nslookup www.ibm.com
Server:         192.168.1.209
Address:        192.168.1.209#53

Non-authoritative answer:
www.ibm.com     canonical name = www.ibm.com.cs186.net.
www.ibm.com.cs186.net   canonical name = www.ibm.com.edgekey.net.
www.ibm.com.edgekey.net canonical name = www.ibm.com.edgekey.net.globalredir.akadns.net.
www.ibm.com.edgekey.net.globalredir.akadns.net  canonical name = e2874.x.akamaiedge.net.
Name:   e2874.x.akamaiedge.net
Address: 184.25.252.248

In details :

[root@dns ~]# dig NS www.ibm.com | awk -v RS= '/AUTHORITY SECTION:/ {if (first) print "";print;first=1}'
;; AUTHORITY SECTION:
x.akamaiedge.net.       585     IN      SOA     n0x.akamaiedge.net. hostmaster.akamai.com. 1480538536 1000 1000 1000 1800

So, “n0x.akamaiedge.net” is the DNS which knows the I.P. address of “www.ibm.com”

 

PDF24    Send article as PDF   

Leave a Reply

Your email address will not be published. Required fields are marked *


*