63 lines
1.3 KiB
Text
63 lines
1.3 KiB
Text
% for view_name, view_conf in views.items():
|
|
acl "${view_name}" {
|
|
${' '.join(f'{e};' for e in view_conf['acl'])}
|
|
};
|
|
% endfor
|
|
|
|
% for view_name, view_conf in views.items():
|
|
% for name, token in view_conf['keys'].items():
|
|
key "${name}" {
|
|
algorithm hmac-sha512;
|
|
secret "${token}";
|
|
};
|
|
% endfor
|
|
% endfor
|
|
|
|
% for view_name, view_conf in views.items():
|
|
view "${view_name}" {
|
|
match-clients {
|
|
% for rejected_client in view_conf['rejected_clients']:
|
|
! ${rejected_client};
|
|
% endfor
|
|
% for key in view_conf['keys']:
|
|
${key};
|
|
% endfor
|
|
${view_name};
|
|
};
|
|
|
|
% if view_conf['is_internal']:
|
|
recursion yes;
|
|
% else:
|
|
recursion no;
|
|
rate-limit {
|
|
responses-per-second 2;
|
|
window 25;
|
|
};
|
|
% endif
|
|
|
|
forward only;
|
|
forwarders {
|
|
1.1.1.1;
|
|
9.9.9.9;
|
|
8.8.8.8;
|
|
};
|
|
|
|
% for zone, conf in sorted(zones.items()):
|
|
<% if view_name not in conf.get('views', ['internal', 'external']): continue %>
|
|
zone "${zone}" {
|
|
type ${type};
|
|
% if type == 'slave':
|
|
masters { ${master_ip}; };
|
|
% endif
|
|
% if type == 'master' and zone in keys:
|
|
allow-update { key "${zone}"; };
|
|
% endif
|
|
file "/var/lib/bind/${view_name}/db.${zone}";
|
|
};
|
|
% endfor
|
|
|
|
include "/etc/bind/named.conf.default-zones";
|
|
include "/etc/bind/zones.rfc1918";
|
|
};
|
|
|
|
% endfor
|