Hi,

I was just wrapping your cookbook, and i need to use the zone_name in one of my cookbooks. Could you push version 2.1.1 to chef supermarket?

Thx!

Hello,

I wish the support for dynamic primary zones, which means zones that can be updated via nsupdate.
The first draft is create only a zonefile if that zonefile not exists.

The logic for statistics-channel in attributes/default.rb suggests that true should allow the config to be enabled:

attributes/default.rb:default['bind']['statistics-channel'] = true

however in named.conf.erb the logic to include the directive is 'unless':

<% unless node['bind']['statistics-channel'] %>
statistics-channels {
  inet * port <%= node['bind']['statistics-port'] -%>;
};
<% end %>

Consequently the node['bind']['statistics-channel'] attribute has to be set to false for this to be included.

The 'unless' above should be changed to 'if'.

Hello,

I wish the support for stub zones.
maybe it is also a good Idea to support all the other zone types of bind:
http://www.zytrax.com/books/dns/ch7/zone.html#type

All of the other resources seem to work fine.

-----> Starting Kitchen (v1.15.0)
-----> Converging <default-ubuntu-1404>...
       Preparing files for transfer
       Preparing dna.json
       Resolving cookbook dependencies with Berkshelf 5.2.0...
       Removing non-cookbook files before transfer
       Preparing validation.pem
       Preparing client.rb
-----> Chef Omnibus installation detected (12.16)
       Transferring files to <default-ubuntu-1404>
       Starting Chef Client, version 12.16.42
       resolving cookbooks for run list: ["verifi_bind::default"]
       Synchronizing Cookbooks:
         - verifi_bind (0.1.0)
         - bind (2.2.0)
         - apt (5.1.0)
         - compat_resource (12.19.1)
       Installing Cookbook Gems:
       Compiling Cookbooks...
       [2018-05-08T22:20:09+00:00] WARN: Chef::Provider::AptRepository already exists!  Cannot create deprecation class for LWRP provider apt_repository from cookbook apt
       [2018-05-08T22:20:09+00:00] WARN: AptRepository already exists!  Deprecation class overwrites Custom resource apt_repository from cookbook apt

       ================================================================================
       Recipe Compile Error in /tmp/kitchen/cache/cookbooks/verifi_bind/recipes/default.rb
       ================================================================================

       NoMethodError
       -------------
       No resource or method named `bind_forwarder' for `Chef::Recipe "default"'

       Cookbook Trace:
       ---------------
         /tmp/kitchen/cache/cookbooks/verifi_bind/recipes/default.rb:27:in `from_file'

       Relevant File Content:
       ----------------------
       /tmp/kitchen/cache/cookbooks/verifi_bind/recipes/default.rb:

        20:
        21:  bind_acl 'internal-net' do
        22:    entries [
        23:      '10/8'
        24:    ]
        25:  end
        26:
        27>> bind_forwarder 'testing.com' do
        28:    forwarders [
        29:      '10.0.0.3',
        30:      '10.0.0.4'
        31:    ]
        32:  end 33:

       Platform:
       ---------
       x86_64-linux


       Running handlers:
       [2018-05-08T22:20:09+00:00] ERROR: Running exception handlers
       Running handlers complete
       [2018-05-08T22:20:09+00:00] ERROR: Exception handlers complete
       Chef Client failed. 0 resources updated in 01 seconds
       [2018-05-08T22:20:09+00:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
       [2018-05-08T22:20:09+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
       [2018-05-08T22:20:09+00:00] ERROR: No resource or method named `bind_forwarder' for `Chef::Recipe "default"'
       [2018-05-08T22:20:09+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Converge failed on instance <default-ubuntu-1404>.  Please see .kitchen/logs/default-ubuntu-1404.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration

I can't use this cookbook for the moment as I need to configure bind with internal and external views.

Any plan on implementing this feature ? Thanks a lot.

I need to use multiple ACLs for different purposes. I tried to use a list in bind['acl-role'] but that does not work.

@joyofhex you may like to add the following apparmor config in order to make chrooting work on Ubuntu 18.04:

$ cat ../templates/default/apparmor_usr.sbin.named.erb
<%= node['bind9']['chroot_dir'] %>/** rwm,
$

recipe:

bind_service 'default' do
chroot true
chroot_dir node['bind9']['chroot_dir']

and:

service 'bind9' do
end

service 'apparmor' do
end

template '/etc/apparmor.d/local/usr.sbin.named' do
source 'apparmor_usr.sbin.named.erb'
notifies :reload, 'service[apparmor]', :immediate
notifies :restart, 'service[bind9]', :delayed
end

Originally posted by @pavel-shvagirev in #31 (comment)

RFC1035 spec:

• maximum record length = 255
• maximum dotted quad length 63 characters (+ dot = 64 ; delimiter)

Per RFC, the maximum hostname length then can be 63, so update to the owner field should be a width of 63 + padding; call it 65 for safety.

Since we don't handle zone types differently (reverse vs forward), this padding looks funny on a reverse zone but eh; still nice to keep them all consistent anwyay...

#33 submitted to address this issue

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update sous-chefs/.github action to v3.1.1
• Update Actions (major) (actions/stale, actionshub/chef-install, actionshub/test-kitchen)

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Based on named options to logging into specific channels would be great to have this configurable

logging {
    channel default_file {
        file "/var/log/named/default.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel general_file {
        file "/var/log/named/general.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel database_file {
        file "/var/log/named/database.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel security_file {
        file "/var/log/named/security.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel config_file {
        file "/var/log/named/config.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel resolver_file {
        file "/var/log/named/resolver.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-in_file {
        file "/var/log/named/xfer-in.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-out_file {
        file "/var/log/named/xfer-out.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel notify_file {
        file "/var/log/named/notify.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel client_file {
        file "/var/log/named/client.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel unmatched_file {
        file "/var/log/named/unmatched.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel queries_file {
        file "/var/log/named/queries.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel network_file {
        file "/var/log/named/network.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel update_file {
        file "/var/log/named/update.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dispatch_file {
        file "/var/log/named/dispatch.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dnssec_file {
        file "/var/log/named/dnssec.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel lame-servers_file {
        file "/var/log/named/lame-servers.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };

    category default { default_file; };
    category general { general_file; };
    category database { database_file; };
    category security { security_file; };
    category config { config_file; };
    category resolver { resolver_file; };
    category xfer-in { xfer-in_file; };
    category xfer-out { xfer-out_file; };
    category notify { notify_file; };
    category client { client_file; };
    category unmatched { unmatched_file; };
    category queries { queries_file; };
    category network { network_file; };
    category update { update_file; };
    category dispatch { dispatch_file; };
    category dnssec { dnssec_file; };
    category lame-servers { lame-servers_file; };
};

Would it make sense maybe to put a resource that you attach to a zone resource ?

if i use manage_serial true in bind_primary_zone_template and update record in that zone, the serial is not counting up any longer.

I guess you have revert the line
the correct(old) was:
persisted_values = node.normal['bind']['zone'][new_resource.file_name]
the incorrect (new) is:
persisted_values = node.default['bind']['zone'][new_resource.file_name]

according to https://docs.chef.io/attributes/

A normal attribute is a setting that persists in the node object. A normal attribute has a higher attribute precedence than a default attribute.

When I specify just override['bind']['zones'] for my zones (i.e. not using the ['bind']['zones']['attribute'], databag, or ldap), the recipe fails with the error:

Recipe Compile Error in /var/chef/cache/cookbooks/bind/recipes/default.rb

TypeError

can't convert String into Integer

Cookbook Trace:

/var/chef/cache/cookbooks/bind/recipes/default.rb:95:in []' /var/chef/cache/cookbooks/bind/recipes/default.rb:95:infrom_file'

Relevant File Content:

/var/chef/cache/cookbooks/bind/recipes/default.rb:

88: # Include zones from external source if set.
89: if !node['bind']['zonesource'].nil?
90: include_recipe "bind::#{node['bind']['zonesource']}2zone"
91: else
92: Chef::Log.warn('No zonesource defined, assuming zone names are defined as override attributes.')
93: end
94:
95>> all_zones = node['bind']['zones']['attribute'] + node['bind']['zones']['databag'] + node['bind']['zones']['ldap']
96:
97: # Render a template with all our global BIND options and ACLs
98: template node['bind']['options_file'] do
99: owner node['bind']['user']
100: group node['bind']['group']
101: mode 00644
102: variables(
103: bind_acls: node['bind']['acls']
104: )

I've looked through the recipe but I don't see where it pulls from the array, even though it's listed in the README.md an example config as a valid way:

"Alternatively, you can just use an override['bind']['zones'] in a role or environment instead."

An example role for an internal split-horizon BIND server for example.com, might look like so:
override_attributes "bind" => {
"zones" => [
"example.com",
"example.org"
],

For reference, my role is:

{
"name": "stage_bind_master",
"description": "",
"json_class": "Chef::Role",
"default_attributes": {
},
"override_attributes": {
"bind": {
"zones": [
"vpc.stage.internal"
],
"zonetype": "master",
"options": [
"allow-query { any; };",
"check-names ignore;",
"alow-update { 10.6.0.0/16; };",
"allow-update-forwarding { any; };",
"allow-transfer { 10.6.0.0/16; };",
"allow-recursion { 10.6.0.0/16; };",
"allow-query { any; };"
]
}
},
"chef_type": "role",
"run_list": [
"recipe[bind]"
],
"env_run_lists": {
}
}

Or am I just doing this wrong?

I have been able to use your cookbook to create a bind (named) dns server on centos 6.7 using the default options. However, i'm having difficulty creating a custom zone. Can anyone assist with a attribute/default.rb wrapper for this cookbook? What i want is to create a dns server to answer for hosts in subdomain.xyz.com and send any other queries for xyz.com dns requests to the parent dns server. i also want to enable dynamic updates.

I get an error about can't find file when trying to set bind.zones.attribute to subdomain. Do I need to add a file to files/default/.....?

================================================================================
23:09:10.144 10.3.30.150 Error executing action run on resource 'execute[named-checkconf]'
23:09:10.144 10.3.30.150 ================================================================================
23:09:10.144 10.3.30.150
23:09:10.144 10.3.30.150 Mixlib::ShellOut::ShellCommandFailed
23:09:10.144 10.3.30.150 ------------------------------------
23:09:10.145 10.3.30.150 Expected process to exit with [0], but received '1'
23:09:10.145 10.3.30.150 ---- Begin output of /usr/sbin/named-checkconf -z /etc/named.conf ----
23:09:10.145 10.3.30.150 STDOUT: zone localhost.localdomain/IN: loaded serial 0
23:09:10.145 10.3.30.150 zone localhost/IN: loaded serial 0
23:09:10.145 10.3.30.150 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
23:09:10.146 10.3.30.150 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
23:09:10.146 10.3.30.150 zone 0.in-addr.arpa/IN: loaded serial 0
23:09:10.146 10.3.30.150 zone bind/IN: loading from master file master/db.bind failed: file not found
23:09:10.146 10.3.30.150 zone bind/IN: not loaded due to errors.
23:09:10.146 10.3.30.150 zone subdomain.xyz.com/IN: loading from master file master/db.subdomain.xyz.com failed: file not found
23:09:10.146 10.3.30.150 zone subdomain.xyz.com/IN: not loaded due to errors.
23:09:10.147 10.3.30.150 STDERR: _default/bind/in: file not found
23:09:10.147 10.3.30.150 _default/subdomain.xyz.com/in: file not found
23:09:10.147 10.3.30.150 ---- End output of /usr/sbin/named-checkconf -z /etc/named.conf ----
23:09:10.147 10.3.30.150 Ran /usr/sbin/named-checkconf -z /etc/named.conf returned 1

BIND doesn't need to restart, and causes service disturbance when restarted vs reloaded (i.e. if something breaks in a restart, you're down, however in a reload if you break, you just don't load the change but at least you're still up).

1. Add (I've done this in my own branch thus far...)

action :reload do
  service new_resource.service_name do
    action :reload
  end
end

2. Address when to reload vs restart. Zone changes should be a reload. Zone additions and deletions can technically also be an rndc command, specifically rndc reconfig, however it won't reload existing zones (you still need rndc reload. We can also be more targeted on the reload to do rndc reload <ZONE> and if this cookbook is supporting views (not sure that it is), then we'd add the view context to resulting in rndc reload <ZONE> <VIEW>. I haven't made updates for this but as referenced above, I've done number 1.

I'm looking at the bind cookbook, and noting that it's possible to load broken data bags that prevent BIND from starting, restarting, or reloading successfully. On more recent versions of bind, it's certainly possible to run '/usr/sbin/named-coneckconf -z /etc/named.conf >/dev/null' to quietly run a load of all master zones and verify the current configuration.

But I'm having trouble fitting the changes in to occur only after all the data bags and config files are loaded. I'm looking at something like this:

bash "named-checkconf" do
code <<-EOH
/usr/sbin/named-checkconf -z #{node[:bind][:config_file]} >/dev/null
EOH
only_if { ::File.exists?("/usr/sbin/named-checkconf") }
action :nothing
end

But I'm not finding the right way to call it before the bind restarts.

Hi cookbook-bind maintainers,

I have used your cookbook with a wrapper around it to successfully do everything I want to do with it except actually write out the zone files. As I understand, this is left as something of an exrecise for the reader (at least until the pending merge occurs which incorporates zone file templating.

The issue is that I need to insert custom logic prior to named-checkconf being called; it also has to happen after the directories are created.

I suppose I could pilfer the minimum amount of logic necessary from the default.rb recipe to create the directories, then deliver the files to the correct location on disk, then execute the default recipe in full.

Is there another approach you would recommend? Apologies for creating an issue, but I could not determine an alternative method of contacting you.

Thanks in advance for your help,
Joseph Hammerman

After I have fixed the issues of #2, I can successfully install the server. I am trying to build a cache name server that also serves internal addresses.

I have master zone which points to a zone file at master/db.xxxx - how do I have master/db.xxxx populated with my zone data?

Also, does there need to be a corresponding reverse zone file and entry?

I am using a data bag rather than LDAP.

(I admit to being a novice user of bind so my understanding of how this works may be wrong)

Looks like I'm unable to get this cookbook to support bind-chroot on CentOS 7.x. The single-use implementation of the sysconfdir and vardir elements mean you can't set the right context in the named.options file for includes or other related settings.

I've tried

bind_service 'default' do
  action [:create]
  package_name 'bind-chroot'
  service_name 'named-chroot'
  sysconfdir '/var/named/chroot/etc/named'
  vardir '/var/named/chroot/var/named'
end

bind_config 'default' do
  ipv6_listen false
  conf_file '/var/named/chroot/etc/named.conf'
  options bind_opts
  options_file '/var/named/chroot/etc/named/named.options'
  query_log node['my_dns']['config']['query']['log']['path']
  query_log_max_size node['my_dns']['config']['query']['log']['max_size']
  query_log_options node['my_dns']['config']['query']['log']['options']
  query_log_versions node['my_dns']['config']['query']['log']['versions']
  statistics_channel node['my_dns']['config']['statistics_channel']
end

However that would require a directory structure of:
/var/named/chroot/etc/named/var/named/chroot/etc/named.conf for named.conf instead of /var/named/chroot/etc/named.conf
/var/named/chroot/var/named/chroot/etc/named/named.options for named.options instead of /var/named/chroot/etc/named/named.options

It would seem the best course of action is to allow some base-directory setting for chroot enabled environments to allow the difference between sysconfdir/vardir with and without chroot context

I have a number of issues using your recipe on Ubuntu 12.04.

1. Service name is bind9 not named
2. User and group should be bind not named
3. named.conf is installed to /etc/ rather than /etc/bind/

May I ask, what is the motive for maintaining the VERSION file not as part of the repo? If I am to use this cookbook unmodified I would need fork it locally to add the VERSION file if using librarrian / berkshelf. Would it be easier to add it to the repo? Is there a reason why you prefer to let users of the cookbook maintain the version themselves?

Incidentally the rescue syntax in metadata.rb https://github.com/atomic-penguin/cookbook-bind/blob/master/metadata.rb#L6 does not appear to work with Chef (11.0.11-1.el6) as the version when uploaded is 0.0.0 . Perhaps it is not supported in this version though.