search

thias / puppet-bind

Puppet BIND DNS server module
Other
26 stars 108 forks source link

BIND does not load configuration due to rmeoved dnssec-enable and dnssec-lookaside options #117

Open Southparkfan opened 7 months ago

Southparkfan commented 7 months ago

As of v9.16.0, the options dnssec-enable and dnssec-lookaside are deprecated (see https://serverfault.com/questions/1105487/if-dnssec-enable-is-obsolete-and-must-be-removed-what-is-the-alternative-when). As of v9.18.0, the options have been removed from BIND. However, this puppet module sets those variables in any case, hence bind refuses to load its configuration file on Ubuntu >= 22.04 and Debian >= 11 systems, and it would emit deprecation warnings on Ubuntu 20.04 and Debian 10.

I had to use a local hack to fix the module:

diff --git a/templates/named.conf.erb b/templates/named.conf.erb
index 621e689..df828df 100644
--- a/templates/named.conf.erb
+++ b/templates/named.conf.erb
@@ -93,9 +93,9 @@ options {
 <% end -%>

 <% end -%>
-    dnssec-enable <%= @dnssec_enable %>;
+#    dnssec-enable <%= @dnssec_enable %>;
     dnssec-validation <%= @dnssec_validation %>;
-    dnssec-lookaside <%= @dnssec_lookaside %>;
+#    dnssec-lookaside <%= @dnssec_lookaside %>;
deligatedgeek commented 4 months ago

@thias I will fork and create a fix for this, how often do you merge PRs?