diff --git a/NEWS b/NEWS
index ee76e0e6e6f626b8a1449ca92882751870cd3c4d..2f0e4ac099c7265ebb41e0a74f72e9f62be49f44 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,8 @@
+release/004.055 (2015-10-08)
+
+ [dns] Rewrite base::dns so that it uses dnsmasq on jessie
+ systems. (adamhl)
+
release/004.054 (2015-09-14)
[systemd] New class to allow systemd daemon reloads. (adamhl)
diff --git a/files/dns/etc/dnsmasq.d/stanford-dnscache.conf b/files/dns/etc/dnsmasq.d/stanford-dnscache.conf
new file mode 100644
index 0000000000000000000000000000000000000000..fd1ef71c770d28213481febb6970f4d3c05d050d
--- /dev/null
+++ b/files/dns/etc/dnsmasq.d/stanford-dnscache.conf
@@ -0,0 +1,8 @@
+# Listen only on the local address
+listen-address=127.0.0.1
+
+# really bind only the interfaces it is listening on
+bind-interfaces
+
+# Cache up to 10000 addresses
+cache-size=10000
diff --git a/manifests/dns.pp b/manifests/dns.pp
index a79b27bf835a9ea5f5930dd7b97c2c74538d1a23..9887d905f931764262e5977a7cb2cbbedbd3db1c 100644
--- a/manifests/dns.pp
+++ b/manifests/dns.pp
@@ -4,8 +4,8 @@
# resolv.conf file. This is helpful in DHCP environments.
# To enable, use Hiera to set base::dns::no_resolv_conf to "true".
-# If you use a DNS cache, you can change base::dns::dns_cache in Hiera to true,
-# and 127.0.0.1 will be set as the first nameserver.
+# If you use a DNS cache, you can change base::dns::dns_cache in Hiera to
+# true, and 127.0.0.1 will be set as the first nameserver.
# If the system's primary interface's IP address is in a known Livermore
# network, then the Livermore DNS will be added above the standard DNS servers.
diff --git a/manifests/dns/cache.pp b/manifests/dns/cache.pp
index c06ce71d975d05d4d4908218071fdf54e80c5faa..6ff6934e4c4ac15d83cc2b1557830012d7a63640 100644
--- a/manifests/dns/cache.pp
+++ b/manifests/dns/cache.pp
@@ -1,7 +1,11 @@
# This class adds a reference to a local DNS caching server.
class base::dns::cache inherits base::dns {
- include base::daemontools,
- base::dns::cache_packages
+ include base::dns::cache_packages
+
+ # We need daemontools for wheezy servers.
+ if ($::lsbdistcodename == 'wheezy') {
+ include base::daemontools
+ }
Base::Dns::Resolv_conf[$::fqdn_lc] { dns_cache => true }
}
diff --git a/manifests/dns/cache_packages.pp b/manifests/dns/cache_packages.pp
index f78562c1b2b430c6f60e410c1c4f0385774cfc34..7b3becac6585b6ec48dce73a2cfc579e04da305b 100644
--- a/manifests/dns/cache_packages.pp
+++ b/manifests/dns/cache_packages.pp
@@ -1,14 +1,42 @@
+# This class only works with Debian.
+
class base::dns::cache_packages {
- # Stanford package for DNS caching.
- package { 'stanford-dnscache':
- ensure => present,
- notify => Exec['chown dnslog:dnslog /var/log/dnscache'],
+
+ if ($::osfamily != 'Debian') {
+ fail 'base::dns::cache_packages only works with Debian'
}
- # This is required because ownership is wrong on reinstall of packages
- # but not on initial install.
- exec {'chown dnslog:dnslog /var/log/dnscache':
- command => 'chown -R dnslog:dnslog /var/log/dnscache',
- refreshonly => true,
+ # We use stanford-dnscache for wheezy and dnsmasq for jessie and later.
+ if ($::lsbdistcodename == 'wheezy') {
+ # WHEEZY
+ # Stanford package for DNS caching.
+ package { 'stanford-dnscache':
+ ensure => present,
+ notify => Exec['chown dnslog:dnslog /var/log/dnscache'],
+ }
+
+ # This is required because ownership is wrong on reinstall of packages
+ # but not on initial install.
+ exec {'chown dnslog:dnslog /var/log/dnscache':
+ command => 'chown -R dnslog:dnslog /var/log/dnscache',
+ refreshonly => true,
+ }
+ } else {
+ # JESSIE and beyond
+ package { 'dnsmasq':
+ ensure => present,
+ }
+
+ file {'/etc/dnsmasq.d/stanford-dnscache.conf':
+ source => 'puppet:///modules/base/dns/etc/dnsmasq.d/stanford-dnscache.conf',
+ require => Package['dnsmasq'],
+ notify => Service['dnsmasq'],
+ }
+
+ # Define the service and make sure it runs.
+ service { 'dnsmasq':
+ ensure => 'running',
+ require => Package['dnsmasq'],
+ }
}
}