--- Systemd::Service[pdns-recursor].orig
+++ Systemd::Service[pdns-recursor]
@@
- require => ['Package[pdns-recursor]', 'File[/etc/powerdns/recursor.d/wikimedia-common.yml]']
+ require => ['Package[pdns-recursor]', 'File[/etc/powerdns/recursor.yml]']
File[/etc/powerdns/recursor.d/wikimedia-common.yml]
- Parameters differences:
--- File[/etc/powerdns/recursor.d/wikimedia-common.yml].orig
+++ File[/etc/powerdns/recursor.d/wikimedia-common.yml]
- mode => 0440
- owner => root
- group => pdns
- ensure => present
- require => Package[pdns-recursor]
- notify => Service[pdns-recursor]
- Content differences:
--- /etc/powerdns/recursor.d/wikimedia-common.yml.orig
+++ /etc/powerdns/recursor.d/wikimedia-common.yml
@@ -1,137 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-# This file is managed by puppet -- DO NOT edit locally!
-# https://doc.powerdns.com/recursor/yamlsettings.html
-
-dnssec:
- validation: off
-incoming:
- allow_from:
- - 208.80.152.0/22
- - 2620:0:860::/46
- - 198.35.26.0/23
- - 185.71.138.0/24
- - 2001:67c:930::/48
- - 2a02:ec80::/32
- - 2001:df2:e500::/48
- - 103.102.166.0/24
- - 185.15.58.0/24
- - 185.15.59.0/24
- - 195.200.68.0/24
- - 10.0.0.0/8
- - 127.0.0.0/8
- - ::1/128
- listen:
- - 195.200.68.37
- - 2a02:ec80:700:2:195:200:68:37
- - 10.3.0.1
- max_tcp_clients: 128
- max_tcp_per_client: 100
- pdns_distributes_queries: false
- port: 53
- reuseport: true
- tcp_timeout: 2
-logging:
- common_errors: false
- quiet: true
- trace: off
-outgoing:
- dont_query:
- - 127.0.0.0/8
- - 10.0.0.0/8
- - 100.64.0.0/10
- - 169.254.0.0/16
- - 192.168.0.0/16
- - 172.16.0.0/12
- - ::1/128
- - fc00::/7
- - fe80::/10
- - 0.0.0.0/8
- - 192.0.0.0/24
- - 192.0.2.0/24
- - 198.51.100.0/24
- - 203.0.113.0/24
- - 240.0.0.0/4
- - ::/96
- - ::ffff:0:0/96
- - 100::/64
- - 2001:db8::/32
- - !10.64.0.0/16
- - !10.192.0.0/18
-recordcache:
- max_entries: 1000000
- max_negative_ttl: 3600
-recursor:
- config_dir: /etc/powerdns/
- daemon: true
- export_etc_hosts: false
- extended_resolution_errors: true
-# forward_zones format: "<zone_name1>=<IP1>;<IP2>;..., <zone_name2>=<IP3>;<IP4>;..., ..."
- forward_zones:
- - zone: wmnet
- recurse: false
- forwarders:
- - 208.80.154.238
- - 2620:0:861:53::1
- - 208.80.153.231
- - 2620:0:860:53::1
- - 198.35.27.27
- - 2a02:ec80:53::1
- - zone: 10.in-addr.arpa
- recurse: false
- forwarders:
- - 208.80.154.238
- - 2620:0:861:53::1
- - 208.80.153.231
- - 2620:0:860:53::1
- - 198.35.27.27
- - 2a02:ec80:53::1
- - zone: 20.172.in-addr.arpa
- recurse: false
- forwarders:
- - 208.80.154.238
- - 2620:0:861:53::1
- - 208.80.153.231
- - 2620:0:860:53::1
- - 198.35.27.27
- - 2a02:ec80:53::1
- - zone: wikimedia.org
- recurse: false
- forwarders:
- - 208.80.154.238
- - 2620:0:861:53::1
- - 208.80.153.231
- - 2620:0:860:53::1
- - 198.35.27.27
- - 2a02:ec80:53::1
- hint_file: /usr/share/dns/root.hints
- max_mthreads: 2048
-# QNAME minimisation support was added in pdns 4.3.0.
- qname_minimization: false
- security_poll_suffix: ''
- setgid: pdns
- setuid: pdns
- socket_dir: /var/run/pdns-recursor/
- stats_ringbuffer_entries: 1000
- threads: 24
- version_string: dns7002
-webservice:
- webserver: true
- address: 195.200.68.37
- allow_from:
- - 208.80.152.0/22
- - 2620:0:860::/46
- - 198.35.26.0/23
- - 185.71.138.0/24
- - 2001:67c:930::/48
- - 2a02:ec80::/32
- - 2001:df2:e500::/48
- - 103.102.166.0/24
- - 185.15.58.0/24
- - 185.15.59.0/24
- - 195.200.68.0/24
- - 10.0.0.0/8
- - 127.0.0.0/8
- - ::1/128
- loglevel: none
- port: 9199
-
- File[/etc/powerdns/recursor.yml]
- Parameters differences:
--- File[/etc/powerdns/recursor.yml].orig
+++ File[/etc/powerdns/recursor.yml]
+ mode => 0440
+ owner => root
+ group => pdns
+ ensure => present
+ require => Package[pdns-recursor]
+ notify => Service[pdns-recursor]
- Content differences:
--- /etc/powerdns/recursor.yml.orig
+++ /etc/powerdns/recursor.yml
@@ -0,0 +1,137 @@
+# SPDX-License-Identifier: Apache-2.0
+# This file is managed by puppet -- DO NOT edit locally!
+# https://doc.powerdns.com/recursor/yamlsettings.html
+
+dnssec:
+ validation: off
+incoming:
+ allow_from:
+ - 208.80.152.0/22
+ - 2620:0:860::/46
+ - 198.35.26.0/23
+ - 185.71.138.0/24
+ - 2001:67c:930::/48
+ - 2a02:ec80::/32
+ - 2001:df2:e500::/48
+ - 103.102.166.0/24
+ - 185.15.58.0/24
+ - 185.15.59.0/24
+ - 195.200.68.0/24
+ - 10.0.0.0/8
+ - 127.0.0.0/8
+ - ::1/128
+ listen:
+ - 195.200.68.37
+ - 2a02:ec80:700:2:195:200:68:37
+ - 10.3.0.1
+ max_tcp_clients: 128
+ max_tcp_per_client: 100
+ pdns_distributes_queries: false
+ port: 53
+ reuseport: true
+ tcp_timeout: 2
+logging:
+ common_errors: false
+ quiet: true
+ trace: off
+outgoing:
+ dont_query:
+ - 127.0.0.0/8
+ - 10.0.0.0/8
+ - 100.64.0.0/10
+ - 169.254.0.0/16
+ - 192.168.0.0/16
+ - 172.16.0.0/12
+ - ::1/128
+ - fc00::/7
+ - fe80::/10
+ - 0.0.0.0/8
+ - 192.0.0.0/24
+ - 192.0.2.0/24
+ - 198.51.100.0/24
+ - 203.0.113.0/24
+ - 240.0.0.0/4
+ - ::/96
+ - ::ffff:0:0/96
+ - 100::/64
+ - 2001:db8::/32
+ - !10.64.0.0/16
+ - !10.192.0.0/18
+recordcache:
+ max_entries: 1000000
+ max_negative_ttl: 3600
+recursor:
+ config_dir: /etc/powerdns/
+ daemon: true
+ export_etc_hosts: false
+ extended_resolution_errors: true
+# forward_zones format: "<zone_name1>=<IP1>;<IP2>;..., <zone_name2>=<IP3>;<IP4>;..., ..."
+ forward_zones:
+ - zone: wmnet
+ recurse: false
+ forwarders:
+ - 208.80.154.238
+ - 2620:0:861:53::1
+ - 208.80.153.231
+ - 2620:0:860:53::1
+ - 198.35.27.27
+ - 2a02:ec80:53::1
+ - zone: 10.in-addr.arpa
+ recurse: false
+ forwarders:
+ - 208.80.154.238
+ - 2620:0:861:53::1
+ - 208.80.153.231
+ - 2620:0:860:53::1
+ - 198.35.27.27
+ - 2a02:ec80:53::1
+ - zone: 20.172.in-addr.arpa
+ recurse: false
+ forwarders:
+ - 208.80.154.238
+ - 2620:0:861:53::1
+ - 208.80.153.231
+ - 2620:0:860:53::1
+ - 198.35.27.27
+ - 2a02:ec80:53::1
+ - zone: wikimedia.org
+ recurse: false
+ forwarders:
+ - 208.80.154.238
+ - 2620:0:861:53::1
+ - 208.80.153.231
+ - 2620:0:860:53::1
+ - 198.35.27.27
+ - 2a02:ec80:53::1
+ hint_file: /usr/share/dns/root.hints
+ max_mthreads: 2048
+# QNAME minimisation support was added in pdns 4.3.0.
+ qname_minimization: false
+ security_poll_suffix: ''
+ setgid: pdns
+ setuid: pdns
+ socket_dir: /var/run/pdns-recursor/
+ stats_ringbuffer_entries: 1000
+ threads: 24
+ version_string: dns7002
+webservice:
+ webserver: true
+ address: 195.200.68.37
+ allow_from:
+ - 208.80.152.0/22
+ - 2620:0:860::/46
+ - 198.35.26.0/23
+ - 185.71.138.0/24
+ - 2001:67c:930::/48
+ - 2a02:ec80::/32
+ - 2001:df2:e500::/48
+ - 103.102.166.0/24
+ - 185.15.58.0/24
+ - 185.15.59.0/24
+ - 195.200.68.0/24
+ - 10.0.0.0/8
+ - 127.0.0.0/8
+ - ::1/128
+ loglevel: none
+ port: 9199
+
Relevant files