opendev/system-config
Code Issues Proposed changes
6ada97cc6f
system-config/playbooks/roles/master-nameserver/templates/named.conf.j2
Ian Wienand f91fd5c9a8
bind9 : drop obsolete option for later versions 
dnssec-enable argument was made obsolete in 9.16 (focal) and removed
in 9.18.0 (jammy), so this fails on a Jammy host.  Template it in only
for earlier distros

Change-Id: I14983cc8eb5fd293052affefff31dac0a8dcb8f7
2023-03-09 16:37:32 +11:00

52 lines
1.2 KiB
Django/Jinja
Raw Blame History

include "/etc/bind/rndc.key";
include "/etc/bind/tsig.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/cache/bind";
recursion yes;
allow-query { any; };
{% if ansible_distribution_version is version('18.04', '<=') %}
dnssec-enable yes;
{% endif %}
dnssec-validation yes;
empty-zones-enable yes;
notify yes;
{% if 'address' in ansible_facts.default_ipv6
and 'scope' in ansible_facts.default_ipv6
and ansible_facts.default_ipv6.scope == 'global' %}
listen-on-v6 { {{ ansible_facts.default_ipv6.address }}; };
{% endif %}
allow-recursion { localnets; localhost; };
allow-transfer { key tsig; };
also-notify {
{% for host in dns_notify %}
{{ host }};
{% endfor %}
};
{% if 'address' in ansible_facts.default_ipv4 %}
listen-on { {{ ansible_facts.default_ipv4.address }}; };
{% endif %}
};
include "/etc/bind/zones.rfc1918";
{% for zone in dns_zones %}
zone {{ zone.name }} {
type master;
file "/var/lib/bind/zones/{{ zone.name }}/zone.db";
key-directory "/etc/bind/keys/{{ zone.name }}";
auto-dnssec maintain;
inline-signing yes;
};
{% endfor %}
View Git Blame Copy Permalink