puppet-bind icon indicating copy to clipboard operation
puppet-bind copied to clipboard

Published 20 hours ago verified publisher icon thias

BIND does not load configuration due to rmeoved dnssec-enable and dnssec-lookaside options

Open Southparkfan opened this issue 2 years ago • 1 comments

As of v9.16.0, the options dnssec-enable and dnssec-lookaside are deprecated (see https://serverfault.com/questions/1105487/if-dnssec-enable-is-obsolete-and-must-be-removed-what-is-the-alternative-when). As of v9.18.0, the options have been removed from BIND. However, this puppet module sets those variables in any case, hence bind refuses to load its configuration file on Ubuntu >= 22.04 and Debian >= 11 systems, and it would emit deprecation warnings on Ubuntu 20.04 and Debian 10.

I had to use a local hack to fix the module:

diff --git a/templates/named.conf.erb b/templates/named.conf.erb
index 621e689..df828df 100644
--- a/templates/named.conf.erb
+++ b/templates/named.conf.erb
@@ -93,9 +93,9 @@ options {
 <% end -%>
 
 <% end -%>
-    dnssec-enable <%= @dnssec_enable %>;
+#    dnssec-enable <%= @dnssec_enable %>;
     dnssec-validation <%= @dnssec_validation %>;
-    dnssec-lookaside <%= @dnssec_lookaside %>;
+#    dnssec-lookaside <%= @dnssec_lookaside %>;

Southparkfan avatar Nov 17 '23 13:11 Southparkfan

@thias I will fork and create a fix for this, how often do you merge PRs?

deligatedgeek avatar Mar 07 '24 17:03 deligatedgeek