% for view_name, view_conf in views.items():
acl "${view_name}" {
  ${' '.join(f'{e};' for e in view_conf['acl'])}
};
% endfor

% for view_name, view_conf in views.items():
% for name, token in view_conf['keys'].items():
key "${name}" {
  algorithm hmac-sha512;
  secret "${token}";
};
% endfor
% endfor

% for view_name, view_conf in views.items():
view "${view_name}" {
  match-clients {
    % for rejected_client in view_conf['rejected_clients']:
    ! ${rejected_client};
    % endfor
    % for key in view_conf['keys']:
    ${key};
    % endfor
    ${view_name};
  };

  % if view_conf['is_internal']:
  recursion yes;
  % else:
  recursion no;
  rate-limit {
     responses-per-second 2;
     window 25;
  };
  % endif

  forward only;
  forwarders {
    1.1.1.1;
    9.9.9.9;
    8.8.8.8;
  };

  % for zone, conf in sorted(zones.items()):
  <% if view_name not in conf.get('views', ['internal', 'external']): continue %>
  zone "${zone}" {
    type ${type};
    % if type == 'slave':
    masters { ${master_ip}; };
    % endif
    % if type == 'master' and zone in keys:
    allow-update { key "${zone}"; };
    % endif
    file "/var/lib/bind/${view_name}/db.${zone}";
  };
  % endfor

  include "/etc/bind/named.conf.default-zones";
  include "/etc/bind/zones.rfc1918";
};

% endfor