propellor spin

author: Joey Hess <joeyh@joeyh.name> 2015-01-04 15:00:40 -0400
committer: Joey Hess <joeyh@joeyh.name> 2015-01-04 15:00:40 -0400
commit: ad984e74e4c85f0305d9ce8255ac8909038be82d (patch)
tree: 295822144a2a8f73b9d57f42a06ead4b972e25e5 /src/Propellor/Property/Dns.hs
parent: a6ccfcb18973db44a5c09cf4e4cac7a1b0ebd58c (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs
index e9c7c769..b5c97d35 100644
--- a/src/Propellor/Property/Dns.hs
+++ b/src/Propellor/Property/Dns.hs
@@ -126,15 +126,14 @@ cleanupPrimary zonefile domain = check (doesFileExist zonefile) $
 --
 -- The 'Recurrance' controls how frequently the signature
 -- should be regenerated, using a new random salt, to prevent
--- zone walking attacks. `Daily` is a reasonable choice.
+-- zone walking attacks. `Weekly Nothing` is a reasonable choice.
 signedPrimary :: Recurrance -> [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> RevertableProperty
 signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup
   where
-	-- TODO enable dnssec options.
-	-- 	dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
 	setup = combineProperties ("dns primary for " ++ domain ++ " (signed)")
 		[ setupPrimary zonefile signedZoneFile hosts domain soa rs'
 		, toProp (zoneSigned domain zonefile)
+		, forceZoneSigned domain zonefile `period` recurrance
 		]
 		`onChange` Service.reloaded "bind9"
author	Joey Hess <joeyh@joeyh.name>	2015-01-04 15:00:40 -0400
committer	Joey Hess <joeyh@joeyh.name>	2015-01-04 15:00:40 -0400
commit	ad984e74e4c85f0305d9ce8255ac8909038be82d (patch)
tree	295822144a2a8f73b9d57f42a06ead4b972e25e5 /src/Propellor/Property/Dns.hs
parent	a6ccfcb18973db44a5c09cf4e4cac7a1b0ebd58c (diff)