//
// named.conf
//
{{ ansible_managed | comment('c') }}
{% for acl in bind_acls %}
acl "{{ acl.name }}" {
{% for match in acl.match_list %}
  {{ match }};
{% endfor %}
};

{% endfor %}
options {
  listen-on port 53 { {{ bind_listen_ipv4|join(';') }}; };
  listen-on-v6 port 53 { {{ bind_listen_ipv6|join(';') }}; };
  directory   "{{ bind_dir }}";
  dump-file   "{{ bind_dir }}/data/cache_dump.db";
  statistics-file "{{ bind_dir }}/data/named_stats.txt";
  memstatistics-file "{{ bind_dir }}/data/named_mem_stats.txt";
  allow-query     { {{ bind_allow_query|join(';') }}; };
{% if bind_acls|length != 0 %}
  allow-transfer  { {% for acl in bind_acls %}"{{ acl.name }}"; {% endfor %}};
{% endif %}
{% if bind_check_names is defined %}
  check-names  {{ bind_check_names }};
{% endif %}

  recursion {% if bind_recursion %}yes{% else %}no{% endif %};
  {% if bind_recursion %}allow-recursion { {{ bind_allow_recursion|join('; ') }}; };
  {% endif %}
{% if bind_forwarders|length > 0 %}forwarders { {{ bind_forwarders|join('; ') }}; };{% endif %}
  {% if bind_forward_only %}forward only;{% endif %}

  rrset-order { order {{ bind_rrset_order }}; };

  dnssec-enable {{ bind_dnssec_enable }};
  dnssec-validation {{ bind_dnssec_validation }};
  dnssec-lookaside auto;

  /* Path to ISC DLV key */
  bindkeys-file "/etc/named.iscdlv.key";

  managed-keys-directory "{{ bind_dir }}/dynamic";

  pid-file "/run/named/named.pid";
  session-keyfile "/run/named/session.key";

{% if bind_query_log is defined %}
  querylog yes;
{% endif %}
};

logging {
  channel default_debug {
    file "{{ bind_log }}";
    severity dynamic;
    print-time yes;
  };
{% if bind_query_log is defined %}
  channel querylog {
    file "{{ bind_query_log }}" versions 600 size 20m;
    severity dynamic;
    print-time yes;
  };
  category queries { querylog; };
{% endif %}
};

{% for file in bind_default_zone_files %}
include "{{ file }}";
{% endfor %}
{% for file in bind_extra_include_files %}
include "{{ file }}";
{% endfor %}

{% if bind_zone_domains is defined %}
{% for bind_zone in bind_zone_domains %}
zone "{{ bind_zone.name }}" IN {
  type master;
  file "{{ bind_zone_dir }}/{{ bind_zone.name }}";
  notify yes;
{% if bind_zone.also_notify is defined %}
  also-notify  { {{ bind_zone.also_notify|join(';') }}; };
{% endif %}
{% if bind_zone.allow_update is defined %}
  allow-update { {{ bind_zone.allow_update|join(';') }}; };
{% else %}
  allow-update { none; };
{% endif %}
{% if bind_zone.delegate is defined %}
  forwarders {};
{% endif %}
};

{% if bind_zone.networks is defined %}
{% for network in bind_zone.networks %}
zone "{{ ('.'.join(network.replace(network+'.','').split('.')[::-1])) }}.in-addr.arpa" IN {
  type master;
  file "{{ bind_zone_dir }}/{{ ('.'.join(network.replace(network+'.','').split('.')[::-1])) }}.in-addr.arpa";
  notify yes;
{% if bind_zone.also_notify is defined %}
  also-notify  { {{ bind_zone.also_notify|join(';') }}; };
{% endif %}
{% if bind_zone.allow_update is defined %}
  allow-update { {{ bind_zone.allow_update|join(';') }}; };
{% else %}
  allow-update { none; };
{% endif %}
};
{% endfor %}
{% endif %}

{% if bind_zone.ipv6_networks is defined %}
{% for network in bind_zone.ipv6_networks %}
zone "{{ (network | ipaddr('revdns'))[-(9+(network|regex_replace('^.*/','')|int)//2):] }}" IN {
  type master;
  file "{{ bind_zone_dir }}/{{ (network | ipaddr('revdns'))[-(9+(network|regex_replace('^.*/','')|int)//2):-1] }}";
  notify yes;
{% if bind_zone.also_notify is defined %}
  also-notify  { {{ bind_zone.also_notify|join(';') }}; };
{% endif %}
{% if bind_zone.allow_update is defined %}
  allow-update { {{ bind_zone.allow_update|join(';') }}; };
{% else %}
  allow-update { none; };
{% endif %}
};
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}