From ad984e74e4c85f0305d9ce8255ac8909038be82d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 4 Jan 2015 15:00:40 -0400 Subject: propellor spin --- src/Propellor/Property/Dns.hs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs index e9c7c769..b5c97d35 100644 --- a/src/Propellor/Property/Dns.hs +++ b/src/Propellor/Property/Dns.hs @@ -126,15 +126,14 @@ cleanupPrimary zonefile domain = check (doesFileExist zonefile) $ -- -- The 'Recurrance' controls how frequently the signature -- should be regenerated, using a new random salt, to prevent --- zone walking attacks. `Daily` is a reasonable choice. +-- zone walking attacks. `Weekly Nothing` is a reasonable choice. signedPrimary :: Recurrance -> [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> RevertableProperty signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup where - -- TODO enable dnssec options. - -- dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; setup = combineProperties ("dns primary for " ++ domain ++ " (signed)") [ setupPrimary zonefile signedZoneFile hosts domain soa rs' , toProp (zoneSigned domain zonefile) + , forceZoneSigned domain zonefile `period` recurrance ] `onChange` Service.reloaded "bind9" -- cgit v1.2.3