ACLs are unusable with allow_transfer #164

damluk · 2020-05-01T15:11:05Z

The following beaker test fails on Debian 10 and probably other distros, even though it might encode a desirable setup:

diff --git a/spec/acceptance/dns_spec.rb b/spec/acceptance/dns_spec.rb
index 50f6729..8ddc748 100644
--- a/spec/acceptance/dns_spec.rb
+++ b/spec/acceptance/dns_spec.rb
@@ -14,12 +14,15 @@ describe 'Scenario: install bind' do
 
   let(:pp) do
     <<-EOS
-    include dns
+    class { 'dns':
+      acls => { 'trusted' => ['10.0.0.0/24'] },
+    }
 
     dns::zone { 'example.com':
       soa     => 'ns1.example.com',
       soaip   => '192.0.2.1',
       soaipv6 => '2001:db8::1',
+      allow_transfer => ['"trusted"'],
     }
     EOS
   end

The error is due to named-checkconf:

Error: Execution of '/usr/sbin/named-checkconf /etc/bind/zones.conf20200501-1763-1xd9g1x' returned 1: /etc/bind/zones.conf20200501-1763-1xd9g1x:7: undefined ACL 'trusted'

Interestingly there are other ACL-capable clauses that do not care about undefinedness in the same config file.

The best solution I can come up with, is to place acl, view and zone definitions into the same config file.

The text was updated successfully, but these errors were encountered:

ekohl · 2020-05-12T14:46:23Z

Looks like this problem is not limited to Debian 10.

ekohl mentioned this issue May 12, 2020

Add an acceptance test with allow_transfer #168

Draft

coreone mentioned this issue Oct 29, 2020

Allow configuration checks to be turned off #178

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ACLs are unusable with allow_transfer #164

ACLs are unusable with allow_transfer #164

damluk commented May 1, 2020

ekohl commented May 12, 2020

ACLs are unusable with allow_transfer #164

ACLs are unusable with allow_transfer #164

Comments

damluk commented May 1, 2020

ekohl commented May 12, 2020