177 lines
4.4 KiB
Django/Jinja
177 lines
4.4 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
{% if bind9_gateway_acl is defined and bind9_gateway_acl|length > 0 %}
|
|
{% for acl in bind9_gateway_acl %}
|
|
acl {{ acl.name }} {
|
|
{% for entry in acl.entries %}
|
|
{{ entry }};
|
|
{% endfor %}
|
|
};
|
|
{% endfor %}
|
|
{% else %}
|
|
acl local-net {
|
|
127.0.0.0/8;
|
|
172.16.0.0/12;
|
|
192.168.0.0/16;
|
|
10.0.0.0/8;
|
|
fc00::/7;
|
|
fe80::/10;
|
|
::1/128;
|
|
};
|
|
{% endif %}
|
|
|
|
options {
|
|
directory "/var/cache/bind";
|
|
|
|
// If there is a firewall between you and nameservers you want
|
|
// to talk to, you may need to fix the firewall to allow multiple
|
|
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
|
|
|
|
// If your ISP provided one or more IP addresses for stable
|
|
// nameservers, you probably want to use them as forwarders.
|
|
// Uncomment the following block, and insert the addresses replacing
|
|
// the all-0's placeholder.
|
|
|
|
// forwarders {
|
|
// 0.0.0.0;
|
|
// };
|
|
|
|
//========================================================================
|
|
// If BIND logs error messages about the root key being expired,
|
|
// you will need to update your keys. See https://www.isc.org/bind-keys
|
|
//========================================================================
|
|
dnssec-validation auto;
|
|
|
|
auth-nxdomain no; # conform to RFC1035
|
|
|
|
// version statement - inhibited for security
|
|
// (avoids hacking any known weaknesses)
|
|
version "not currently available";
|
|
|
|
// disables all zone transfer requests
|
|
{% if bind9_gateway_allow_transfer is defined and bind9_gateway_allow_transfer|length > 0 %}
|
|
allow-transfer {
|
|
{% for item in bind9_gateway_allow_transfer %}
|
|
{{ item }};
|
|
{% endfor %}
|
|
};
|
|
{% else %}
|
|
allow-transfer {"none";};
|
|
{% endif %}
|
|
{% if bind9_transfer_source is defined and bind9_transfer_source|length > 0 %}
|
|
transfer-source {{ bind9_transfer_source }} ;
|
|
{% endif %}
|
|
{% if bind9_notify_source is defined and bind9_notify_source|length > 0 %}
|
|
notify-source {{ bind9_notify_source }} ;
|
|
{% endif %}
|
|
|
|
{% if bind9_gateway_listen_on_v6 is defined and bind9_gateway_listen_on_v6|length > 0 %}
|
|
listen-on-v6 {
|
|
{% for item in bind9_gateway_listen_on_v6 %}
|
|
{{ item }};
|
|
{% endfor %}
|
|
};
|
|
{% else %}
|
|
listen-on-v6 { none; };
|
|
{% endif %}
|
|
{% if bind9_gateway_listen_on is defined and bind9_gateway_listen_on|length > 0 %}
|
|
listen-on {
|
|
{% for item in bind9_gateway_listen_on %}
|
|
{{ item }};
|
|
{% endfor %}
|
|
};
|
|
{% else %}
|
|
listen-on { any; };
|
|
{% endif %}
|
|
|
|
{% if bind9_gateway_allow_query is defined and bind9_gateway_allow_query|length > 0 %}
|
|
allow-query {
|
|
{% for item in bind9_gateway_allow_query %}
|
|
{{ item }};
|
|
{% endfor %}
|
|
};
|
|
{% else %}
|
|
allow-query {
|
|
any;
|
|
};
|
|
{% endif %}
|
|
{% if bind9_gateway_allow_query_cache is defined and bind9_gateway_allow_query_cache|length > 0 %}
|
|
allow-query-cache {
|
|
{% for item in bind9_gateway_allow_query_cache %}
|
|
{{ item }};
|
|
{% endfor %}
|
|
};
|
|
{% endif %}
|
|
|
|
// caching name services
|
|
{% if bind9_gateway_recursion is defined and bind9_gateway_recursion|bool %}
|
|
recursion {{ bind9_gateway_recursion }};
|
|
{% else %}
|
|
recursion yes;
|
|
{% endif %}
|
|
{% if bind9_gateway_allow_recursion is defined and bind9_gateway_allow_recursion|length > 0 %}
|
|
allow-recursion {
|
|
{% for item in bind9_gateway_allow_recursion %}
|
|
{{ item }};
|
|
{% endfor %}
|
|
};
|
|
{% else %}
|
|
allow-recursion {
|
|
local-net;
|
|
};
|
|
{% endif %}
|
|
|
|
};
|
|
|
|
logging {
|
|
channel simple_log {
|
|
file "/var/log/named/bind.log" versions 3 size 5m;
|
|
severity warning;
|
|
print-time yes;
|
|
print-severity yes;
|
|
print-category yes;
|
|
};
|
|
channel queries_log {
|
|
file "/var/log/named/query.log" versions 5 size 2m;
|
|
severity info;
|
|
print-time yes;
|
|
print-severity yes;
|
|
print-category no;
|
|
};
|
|
channel log_zone_transfers {
|
|
file "/var/log/named/axfr.log" versions 5 size 2m;
|
|
severity info;
|
|
print-time yes;
|
|
print-severity yes;
|
|
print-category yes;
|
|
};
|
|
channel dnssec_log {
|
|
file "/var/log/named/dnssec.log" versions 5 size 2m;
|
|
severity debug 3;
|
|
print-time yes;
|
|
print-severity yes;
|
|
print-category yes;
|
|
};
|
|
category resolver {
|
|
queries_log;
|
|
};
|
|
category queries {
|
|
queries_log;
|
|
};
|
|
category xfer-in {
|
|
log_zone_transfers;
|
|
};
|
|
category xfer-out {
|
|
log_zone_transfers;
|
|
};
|
|
category notify {
|
|
log_zone_transfers;
|
|
};
|
|
category dnssec {
|
|
dnssec_log;
|
|
};
|
|
category default{
|
|
simple_log;
|
|
};
|
|
};
|