Make sure that zone file updates does not break dynamic updates/named

By freezing before and unfreezing after a zone file update, the zone configuration and the dynamic update journal does not get out of sync anymore. However, one disadvantage of this solution is, that the (un)freeze commands are run at every puppet run. See also thias/puppet-bind#99
droidwiki · Feb 23, 2019 · 5f3d9d9 · 5f3d9d9
1 parent fffc392
commit 5f3d9d9
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/modules/role/files/dns/go2tech.de b/modules/role/files/dns/go2tech.de
@@ -1,5 +1,5 @@
 @       IN      SOA     root-dns.go2tech.de. admin.go2tech.de. (
-                     2019021601         ; Serial
+                     2019022312         ; Serial
                           28800         ; Refresh
                            7200         ; Retry
                         1209600         ; Expire

diff --git a/modules/role/manifests/dns.pp b/modules/role/manifests/dns.pp
@@ -115,9 +115,22 @@
   }
 
   if $type == 'master' {
+    exec { 'rndc freeze':
+      command     => '/usr/sbin/rndc freeze',
+      user        => root,
+      group       => root,
+    }
+
+    exec { 'rndc thaw':
+      command     => '/usr/sbin/rndc thaw',
+      user        => root,
+      group       => root,
+      require     => File['/var/lib/bind/zones/go2tech.de', '/var/lib/bind/zones/droidwiki.org', '/var/lib/bind/zones/droid.wiki', '/var/lib/bind/zones/droid-wiki.org'],
+    }
+
     bind::server::file { [ 'go2tech.de', 'droidwiki.org', 'droid.wiki', 'droid-wiki.org' ]:
-      zonedir     => '/var/lib/bind/zones',
-      source_base => 'puppet:///modules/role/dns/',
+      zonedir      => '/var/lib/bind/zones',
+      source_base  => 'puppet:///modules/role/dns/',
     }
 
     file { '/etc/bind/rfc2136_letsencrypt.ini':