dns/templates/master_etc_named.conf.j2

132 lines
3.7 KiB
Plaintext
Raw Normal View History

2019-04-16 14:53:34 +00:00
//
// named.conf
//
{{ ansible_managed | comment('c') }}
{% for acl in bind_acls %}
acl "{{ acl.name }}" {
{% for match in acl.match_list %}
{{ match }};
{% endfor %}
};
{% endfor %}
options {
listen-on port 53 { {{ bind_listen_ipv4|join(';') }}; };
listen-on-v6 port 53 { {{ bind_listen_ipv6|join(';') }}; };
directory "{{ bind_dir }}";
dump-file "{{ bind_dir }}/data/cache_dump.db";
statistics-file "{{ bind_dir }}/data/named_stats.txt";
memstatistics-file "{{ bind_dir }}/data/named_mem_stats.txt";
allow-query { {{ bind_allow_query|join(';') }}; };
{% if bind_acls|length != 0 %}
allow-transfer { {% for acl in bind_acls %}"{{ acl.name }}"; {% endfor %}};
{% endif %}
{% if bind_check_names is defined %}
check-names {{ bind_check_names }};
{% endif %}
recursion {% if bind_recursion %}yes{% else %}no{% endif %};
{% if bind_recursion %}allow-recursion { {{ bind_allow_recursion|join('; ') }}; };
{% endif %}
{% if bind_forwarders|length > 0 %}forwarders { {{ bind_forwarders|join('; ') }}; };{% endif %}
{% if bind_forward_only %}forward only;{% endif %}
rrset-order { order {{ bind_rrset_order }}; };
dnssec-enable {{ bind_dnssec_enable }};
dnssec-validation {{ bind_dnssec_validation }};
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "{{ bind_dir }}/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
{% if bind_query_log is defined %}
querylog yes;
{% endif %}
};
logging {
channel default_debug {
file "{{ bind_log }}";
severity dynamic;
print-time yes;
};
{% if bind_query_log is defined %}
channel querylog {
file "{{ bind_query_log }}" versions 600 size 20m;
severity dynamic;
print-time yes;
};
category queries { querylog; };
{% endif %}
};
{% for file in bind_default_zone_files %}
include "{{ file }}";
{% endfor %}
{% for file in bind_extra_include_files %}
include "{{ file }}";
{% endfor %}
{% if bind_zone_domains is defined %}
{% for bind_zone in bind_zone_domains %}
zone "{{ bind_zone.name }}" IN {
type master;
file "{{ bind_zone_dir }}/{{ bind_zone.name }}";
notify yes;
{% if bind_zone.also_notify is defined %}
also-notify { {{ bind_zone.also_notify|join(';') }}; };
{% endif %}
{% if bind_zone.allow_update is defined %}
allow-update { {{ bind_zone.allow_update|join(';') }}; };
{% else %}
allow-update { none; };
{% endif %}
{% if bind_zone.delegate is defined %}
forwarders {};
{% endif %}
};
{% if bind_zone.networks is defined %}
{% for network in bind_zone.networks %}
zone "{{ ('.'.join(network.replace(network+'.','').split('.')[::-1])) }}.in-addr.arpa" IN {
type master;
file "{{ bind_zone_dir }}/{{ ('.'.join(network.replace(network+'.','').split('.')[::-1])) }}.in-addr.arpa";
notify yes;
{% if bind_zone.also_notify is defined %}
also-notify { {{ bind_zone.also_notify|join(';') }}; };
{% endif %}
{% if bind_zone.allow_update is defined %}
allow-update { {{ bind_zone.allow_update|join(';') }}; };
{% else %}
allow-update { none; };
{% endif %}
};
{% endfor %}
{% endif %}
{% if bind_zone.ipv6_networks is defined %}
{% for network in bind_zone.ipv6_networks %}
zone "{{ (network | ipaddr('revdns'))[-(9+(network|regex_replace('^.*/','')|int)//2):] }}" IN {
type master;
file "{{ bind_zone_dir }}/{{ (network | ipaddr('revdns'))[-(9+(network|regex_replace('^.*/','')|int)//2):-1] }}";
notify yes;
{% if bind_zone.also_notify is defined %}
also-notify { {{ bind_zone.also_notify|join(';') }}; };
{% endif %}
{% if bind_zone.allow_update is defined %}
allow-update { {{ bind_zone.allow_update|join(';') }}; };
{% else %}
allow-update { none; };
{% endif %}
};
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}