Additional configuration parameters

README.md

@@ -283,6 +283,33 @@ bind::view { 'ns':
 }
 ```
 
+View declaration can include `response-policy` clause configuration. Each zone included in `response-policy` can have
+specific options set or global options from view will be used:
+
+```
+bind::view { 'internet':
+    ...
+    'response_policy' => {
+        'zones' => {
+            'dontlike' => {
+                'policy'         => 'drop',
+                'recursive-only' => true,
+                'max-policy-ttl' => 3600,
+                'log'            => false,
+            },
+            ...
+        },
+        'recursive-only'     => true,
+        'max-policy-ttl'     => 6000,
+        'break-dnssec'       => false,
+        'min-ns-dots'        => 5,
+        'qname-wait-recurse' => true,
+        'nsip-wait-recurse'  => frue,
+    }
+    ...
+}
+```
+
 ## Resources
 
 ### `resource_record`

manifests/init.pp

@@ -13,6 +13,8 @@
     $tkey_gssapi_credential               = undef,
     $tkey_domain                          = undef,
     $chroot                               = false,
+    $listen_on                            = undef,
+    $query_source                         = undef,
     $chroot_class                         = $::bind::defaults::chroot_class,
     $chroot_dir                           = $::bind::defaults::chroot_dir,
     # NOTE: we need to be able to override this parameter when declaring class,

manifests/view.pp

@@ -19,6 +19,7 @@
     $empty_zones                  = '',
     $order                        = '10',
     $minimal_responses            = false,
+    $response_policy              = {},
 ) {
     $confdir = $::bind::confdir
     $default_zones_include = $::bind::default_zones_include

manifests/zone.pp

@@ -2,24 +2,26 @@
 
 define bind::zone (
     $zone_type,
-    $domain          = '',
-    $dynamic         = true,
-    $masters         = '',
-    $transfer_source = '',
-    $notify_source   = '',
-    $allow_updates   = '',
-    $update_policies = '',
-    $allow_transfers = '',
-    $dnssec          = false,
-    $nsec3_salt      = '',
-    $key_directory   = '',
-    $ns_notify       = true,
-    $also_notify     = '',
-    $allow_notify    = '',
-    $forwarders      = '',
-    $forward         = '',
-    $source          = '',
-    $forwarders_port = 53,
+    $domain           = '',
+    $dynamic          = true,
+    $masters          = '',
+    $transfer_source  = '',
+    $notify_source    = '',
+    $allow_updates    = '',
+    $update_policies  = '',
+    $allow_transfers  = '',
+    $dnssec           = false,
+    $nsec3_salt       = '',
+    $key_directory    = '',
+    $ns_notify        = true,
+    $also_notify      = '',
+    $allow_notify     = '',
+    $forwarders       = '',
+    $forward          = '',
+    $source           = '',
+    $forwarders_port  = 53,
+    $allow_query      = '',
+    $server_addresses = '',
 ) {
     # where there is a zone, there is a server
     include ::bind
@@ -81,6 +83,10 @@
         fail("source may only be provided for bind::zone resources with zone_type 'master' or 'hint'")
     }
 
+    unless !($server_addresses != '' and $zone_type != 'static-stub') {
+        fail("server_addresses may only be provided for bind::zone resources with zone_type 'static-stub'")
+    }
+
     $zone_file_mode = $zone_type ? {
         'master' => $dynamic ? {
             true  => 'init',

templates/named.conf.erb

@@ -48,6 +48,16 @@ options {
 <%- if @tkey_domain -%>
         tkey-domain "<%= @tkey_domain %>";
 <%- end -%>
+<%- if @listen_on and @listen_on != '' -%>
+	listen-on {
+<%- Array(@listen_on).each do |listen_on_address| -%>
+		<%= listen_on_address %>;
+<%- end -%>
+	};
+<%- end -%>
+<%- if @query_source and @query_source != '' -%>
+	query-source address <%= @query_source %>;
+<%- end -%>
 };
 <%- if @include_local -%>
 

templates/view.erb

@@ -96,7 +96,48 @@ view "<%= @name %>" {
 	notify-source <%= @notify_source %>;
 <%- end -%>
 <%- if @include_default_zones and @default_zones_include -%>
-	include "<%= @default_zones_include %>";
+<%-   Array(@default_zones_include).each do |zone| -%>
+	include "<%= zone %>";
+<%-   end -%>
+<%- end -%>
+<%- if @response_policy.has_key?('zones') -%>
+	response-policy {
+<%-   @response_policy['zones'].each do |rpz_zone_name,rpz_zone| -%>
+		zone <%= "\"#{rpz_zone_name}\"" -%>
+<%-     if @rpz_zone -%>
+<%-       if rpz_zone.has_key?('policy') and rpz_zone['policy'] != '' -%>
+<%= "\n" %>			policy <%= rpz_zone['policy'] -%>
+<%-       end -%>
+<%-       if rpz_zone.has_key?('recursive_only') and rpz_zone['recursive_only'] != '' -%>
+<%= "\n" %>			recursive-only <%= rpz_zone['recursive_only'] ? 'yes' : 'no' -%>
+<%-       end -%>
+<%-       if rpz_zone.has_key?('max_policy_ttl') and rpz_zone['max_policy_ttl'] != '' -%>
+<%= "\n" %>			max-policy-ttl <%= rpz_zone['max_policy_ttl'] -%>
+<%-       end -%>
+<%-       if rpz_zone.has_key?('log') and rpz_zone['log'] != '' -%>
+<%= "\n" %>			log <%= rpz_zone['log'] ? 'yes' : 'no' -%>
+<%-       end -%>
+<%-     end -%>;
+<%-   end -%>
+		}
+<%-     if @response_policy.has_key?('recursive_only') and @response_policy['recursive_only'] != '' -%>
+		recursive-only <%= @response_policy['recursive_only'] ? 'yes' : 'no' -%>
+<%-     end -%>
+<%-     if @response_policy.has_key?('max_policy_ttl') and @response_policy['max_policy_ttl'] != '' -%>
+<%= "\n" %>		max-policy-ttl <%= @response_policy['max_policy_ttl'] -%>
+<%-     end -%>
+<%-     if @response_policy.has_key?('break_dnssec') and @response_policy['break_dnssec'] != '' -%>
+<%= "\n" %>		break-dnssec <%= @response_policy['break_dnssec'] ? 'yes' : 'no' -%>
+<%-     end -%>
+<%-     if @response_policy.has_key?('min_ns_dots') and @response_policy['min_ns_dots'] != '' -%>
+<%= "\n" %>		min-ns-dots <%= @response_policy['min_ns_dots'] -%>
+<%-     end -%>
+<%-     if @response_policy.has_key?('qname_wait_recurse') and @response_policy['qname_wait_recurse'] != '' -%>
+<%= "\n" %>		qname-wait-recurse <%= @response_policy['qname_wait_recurse'] ? 'yes' : 'no' -%>
+<%-     end -%>
+<%-     if @response_policy.has_key?('nsip_wait_recurse') and @response_policy['nsip_wait_recurse'] != '' -%>
+<%= "\n" %>		nsip-wait-recurse <%= @response_policy['nsip_wait_recurse'] ? 'yes' : 'no' -%>
+<%-     end -%>;
 <%- end -%>
 
 <%- Array(@zones).each do |zone| -%>

templates/zone.conf.erb

@@ -80,4 +80,18 @@ zone "<%= @_domain %>" {
 <%-   end -%>
 	};
 <%- end -%>
+<%- if @allow_query and @allow_query != '' -%>
+	allow-query {
+<%-   Array(@allow_query).each do |query_client| -%>
+		<%= query_client %>;
+<%-   end -%>
+	};
+<%- end -%>
+<%- if @zone_type == 'static-stub' and @server_addresses != '' -%>
+	server-addresses {
+<%-   Array(@server_addresses).each do |server| -%>
+		<%= server %>;
+<%-   end -%>
+	};
+<%- end -%>
 };