openstack
/
tripleo-ansible
Code Issues Proposed changes

Merge "Designate: disable listening on IP version not in use" into stable/wallaby

This commit is contained in:
Zuul 2023-02-28 23:57:24 +00:00 committed by Gerrit Code Review
parent faaa3a5818 ca47520774
commit f0fd8786c4
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tripleo_ansible/roles/designate_bind_config/templates/options.conf.j2
View File

@ -2,10 +2,16 @@ options {
allow-new-zones yes;
directory "/var/named-persistent";
# The default for named is to listen on everything and it's controlled
# by different settings for different IP versions. If the objective is to
# restrict to listening on a given address, we need to explicitly turn
# listening *off* for the different IP version.
{% if tripleo_dns_listen_interfaces[0]|ipv4 %}
listen-on port 53 { {{ tripleo_dns_listen_interfaces[0] }}; };
listen-on-v6 { none; };
{% elif tripleo_dns_listen_interfaces[0]|ipv6 %}
listen-on-v6 port 53 { {{ tripleo_dns_listen_interfaces[0] }}; };
listen-on { none; };
{% endif %}
allow-notify { {{ tripleo_dns_listen_interfaces[0] }};{{ notify_sources|join(';') }}; };