thias
rndc freeze|thaw
I'm using this module to manage some zones in my bind9 installation. Additionally I setup bind to allow dynamic updates (for letsencrypt). However, this adds a new complexity level when changing a zone file. To prevent the zonefile to get out of sync with the journal file of dynamic updates, I would like to freeze a/all zone files before updating one (or more) zone files (with rndc freeze) and unfreeze them after the zone files have changed (with rndc thaw).
For now I implemented this like that:
exec { 'rndc freeze':
command => '/usr/sbin/rndc freeze',
user => root,
group => root,
}
exec { 'rndc thaw':
command => '/usr/sbin/rndc thaw',
user => root,
group => root,
require => File['/path/to/zones/zone1', '/path/to/zones/zone2'],
}
bind::server::file { [ 'zone1', 'zone2' ]:
zonedir => '/path/to/zones',
source_base => 'puppet:///modules/zones/',
}
As you might see already, this has one main disadvantage: The freeze and thaw commands are executed at each puppet run, instead of only when the zone files get updated. This might not be a problem for the dynamic updates or the DNS server at all (exept from performance or maybe whatever), however it is unnecessary to execute these commands every half an hour (for the default time puppet runs).
So, this is a request to add a way in this module to freeze and unfreeze zones when they're updated.
