bundlewrap/bundles/bind/files/named.conf.local

% for view in views:
acl "${view['name']}" {
  ${' '.join(f'{e};' for e in view['acl'])}
};
% endfor

% for name, token in keys.items():
key "${name}" {
  algorithm hmac-sha512;
  secret "${token}";
};
% endfor

% for view in views:
view "${view['name']}" {
  match-clients { ${view['name']}; };

  % if view['is_internal']:
  recursion yes;
  % else:
  recursion no;
  rate-limit {
     responses-per-second 2;
     window 25;
  };
  % endif

  forward only;
  forwarders {
    1.1.1.1;
    9.9.9.9;
    8.8.8.8;
  };

  % for zone, conf in sorted(zones.items()):
  zone "${zone}" {
    type ${type};
    % if type == 'slave':
    masters { ${master_ip}; };
    % endif
    % if type == 'master':
    % for key in conf.get('keys', []):
    allow-update { key "${key}"; };
    % endfor
    % endif
    file "/var/lib/bind/${view['name']}/db.${zone}";
  };
  % endfor

  include "/etc/bind/named.conf.default-zones";
  include "/etc/bind/zones.rfc1918";
};

% endfor