[Crowbar] using external dns forwarders

Byron Pezan BPezan at secureworks.com
Fri Jan 13 13:06:23 CST 2012

i was unable to get external dns forwarders to work when just editing and re-applying the dns proposal.  upon further investigation i found that the proposal modified the file /etc/bind/named.conf.options to include the forwarders, but bind is configured to use /etc/named.conf.local and as such doesn't know anything about the named.conf.options file.  in addition, the named.conf.options file references /var/cache/bind, which doesn't exist, instead of /etc/bind.  i was able to work through this with some minor modifications to the bind recipe and the named.conf.options template.  granted i'm using the Dell RA and not the latest version from github, but after perusing the github code, i think this bug might still exist.

here are my notes for anyone interested.
Enable external DNS server:

1 - Modify the bind9 recipe to add the include directive to /etc/bind/named.conf.local (/opt/dell/barclamps/dns/chef/cookbooks/bind9/recipes/default.rb):
[root at pvd1lab3b1-a01 recipes]# diff -u default.rb.org default.rb
--- default.rb.org	2012-01-03 23:59:31.000000000 +0000
+++ default.rb	2012-01-04 21:10:31.000000000 +0000
@@ -97,6 +97,7 @@
     rm -f boot.cacheonly conf.cacheonly db.127.0.0 named.boot dns.hosts
     sed -i 's/"db/"\\/etc\\/bind\\/db/' named.conf.local
     grep zone named.conf.local | grep -v "zone \\".\\"" | grep -v "0.0.127" > named.conf.new
+    echo 'include "/etc/bind/named.conf.options";' >> named.conf.new
     mv named.conf.new named.conf.local
     cp * /etc/bind

2 - Edit the named.conf.options template to point to the correct directory for includes (/opt/dell/barclamps/dns/chef/cookbooks/bind9/templates/default/named.conf.options.erb):
[root at admin01 default]# diff -u named.conf.options.erb.org named.conf.options.erb
--- named.conf.options.erb.org  2011-12-23 16:46:35.000000000 +0000
+++ named.conf.options.erb      2011-12-23 16:46:42.000000000 +0000
@@ -1,5 +1,5 @@
 options {
-       directory "/var/cache/bind";
+       directory "/etc/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple

3 - If modified after crowbar was install you will need to run the barclamp install script for changes to take affect
/opt/dell/bin/barclamp_install.rb /opt/dell/barclamps/dns

4 - Edit the dns barclamp proposal and add the server ip to the forwarders attribute, save then apply:
"forwarders": [

5 - Update the timestamp on one of the bind config files to trigger the modifications to the recipe above:
# touch /etc/bind/hosts

6 - Run the chef client to make your changes live:
# chef-client


