opendev/system-config
Code Issues Proposed changes
2836f2714a
system-config/playbooks/roles/master-nameserver/templates/named.conf.j2
James E. Blair 90e6088881 Configure adns1.opendev.org server via ansible 
Change-Id: Ib4d3cd7501a276bff62e3bc0998d93c41f3ab185
2018-11-02 13:49:38 -07:00

50 lines
1.1 KiB
Django/Jinja
Raw Blame History

include "/etc/bind/rndc.key";
include "/etc/bind/tsig.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/cache/bind";
recursion yes;
allow-query { any; };
dnssec-enable yes;
dnssec-validation yes;
empty-zones-enable yes;
notify yes;
{% if 'address' in ansible_facts.default_ipv6
and 'scope' in ansible_facts.default_ipv6
and ansible_facts.default_ipv6.scope == 'global' %}
listen-on-v6 { {{ ansible_facts.default_ipv6.address }}; };
{% endif %}
allow-recursion { localnets; localhost; };
allow-transfer { key tsig; };
also-notify {
{% for host in dns_notify %}
{{ host }};
{% endfor %}
};
{% if 'address' in ansible_facts.default_ipv4 %}
listen-on { {{ ansible_facts.default_ipv4.address }}; };
{% endif %}
};
include "/etc/bind/zones.rfc1918";
{% for zone in dns_zones %}
zone {{ zone.name }} {
type master;
file "/var/lib/bind/zones/{{ zone.name }}/zone.db";
key-directory "/etc/bind/keys/{{ zone.name }}";
auto-dnssec maintain;
inline-signing yes;
};
{% endfor %}
View Git Blame Copy Permalink