bundlewrap/bundles/bind/files/named.conf.local

# KEYS

% for view_name, view_conf in views.items():
% for key_name, key_conf in sorted(view_conf['keys'].items()):
key "${key_name}" {
  algorithm hmac-sha512;
  secret "${key_conf['token']}";
};
% endfor
% endfor

# ACLS

% for acl_name, acl_content in acls.items():
acl "${acl_name}" {
  % for ac in sorted(acl_content, key=lambda e: (not e.startswith('!'), not e.startswith('key'), e)):
  ${ac};
  % endfor
};
% endfor

# VIEWS

% for view_name, view_conf in views.items():
view "${view_name}" {
  match-clients {
    ${view_name};
  };

  % if view_conf['is_internal']:
  recursion yes;
  include "/etc/bind/zones.rfc1918";
  % else:
  recursion no;
  rate-limit {
     responses-per-second 2;
     window 25;
  };
  % endif

  forward only;
  forwarders {
    1.1.1.1;
    9.9.9.9;
    8.8.8.8;
  };

  % for zone_name, zone_conf in sorted(view_conf['zones'].items()):
  zone "${zone_name}" {
    % if type == 'slave' and zone_conf.get('allow_update', []):
    type slave;
    masters { ${master_ip}; };
    % else:
    type master;
    % if zone_conf.get('allow_update', []):
    allow-update {
    % for allow_update in zone_conf['allow_update']:
      ${allow_update};
    % endfor
    };
    % endif
    % endif
    file "/var/lib/bind/${view_name}/${zone_name}";
  };
  % endfor
};

% endfor