commit 20a43d06bd08f4f1019ba8907649aae1b9e84f39 Author: Daniel Akulenok Date: Thu Aug 4 12:41:40 2022 +0200 Move all of the role here diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..c46a694 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,35 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: required + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +#notifications: +# webhooks: https://galaxy.ansible.com/api/v1/notifications/ + +env: +- distribution: debian + version: bullseye +- distribution: ubuntu + version: jammy \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..f9a108e --- /dev/null +++ b/README.md @@ -0,0 +1,544 @@ +bind9 +===== + +A feature-complete ansible role for installing and configuring bind9. The purpose of this role is to fully template out the entire official bind9 configuration file format. + +What the role does: +- Fully configures named.conf +- Checks that the config is valid +- Loads the config into bind + +What the role does not do: +- Manage your zones and records +- Maintain every aspect of bind (rndc config, etc) +- Auto-generate and manage your secrets + + +Bugs +---- +Or, as I call them "happy accidents". + +* If you need a variable to be 0 or null, you need to define it as `var: '0'` or `var: 'null'`, otherwise jinja will assume you want it to be empty/null. Normal integers would be defined as `var: 1`, letting jinja type it as an integer. +* If a named configuration option has the name 'key' or 'keys', it will be referenced as 'keyname' or 'keylist' respectively. key/keys are reserved values in most languages. + +Role Variables +-------------- + +bind configuration is set through the various bind9_*_config parameters. These are, in order of precedence: +1. bind9_default_config +2. bind9_group_config +3. bind9_leaf_config +4. bind9_host_config + +All these configuration parameters are merged in a way where each successing config supercedes the previous one at a config-file level. To illustrate: + +``` +bind9_default_config: + - name: named.conf.options + options: + recursion: true + +bind9_group_config: + - name: named.conf.options + options: + recursion: false + notify: primary-only + - name: named.conf.local + zone: + - name: "." + type: mirror + +bind9_leaf_config: + - name: named.conf.local + zone: + - name: "." + type: hint + file: /etc/share/dns/root.hints +``` +The resulting precedence and overwriting of variables will result in the following bind9_config passed to the configuration generator: + +``` +bind9_config: + - name: named.conf.options + options: + recursion: false + - name: named.conf.local + zone: + - name: "." + type: hint + file: /etc/share/dns/root.hints +``` + +The `named.conf.options` block in `bind9_default_config` got completely overwritten by the `bind9_group_config`, and the `bind9_leaf_config` completely overwrote `named.conf.local`, however, `named.conf.options` was left intact after merging with `bind9_leaf_config`. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). + +``` + options: + forwarders: + - 1.1.1.1 + - 1.0.0.1 + fetches_per_server: 200 fail + prefetch: 4 10 + version: none + hostname: l33t.h4x0r + avoid_v4_udp_ports: + - "range 5132 5232" + - "range 1337 31337" + servfail_ttl: 0 + allow_notify: + - 10.0.0.0/8 + allow_query: + - "!10.0.2.1" + - 0/0 + blackhole: + - 192.168.0.0/16 + allow_recursion: [] + empty_server: "empty.server.string" + dns64_server: "server.name" + dns64_contact: "dak.keepit.com" + directory: "{{ bind9_cachedir }}" + key_directory: "{{ bind9_cachedir }}/keys" + statistics_file: "{{ bind9_cachedir }}/named.stats" + rrset_order: + - type: A + name: foo.isc.org + order: random + - type: AAAA + name: foo.isc.org + order: cyclic + - name: bar.isc.org + order: random + - name: "*.bar.isc.org" + order: random + - name: "*.baz.isc.org" + order: cyclic + response_policy: + zones: + - zone: smorg.bop + max_policy_ttl: 30S + min_update_interval: 30S + policy: disabled + add_soa: true + log: true + recursive_only: false + nsip_enable: true + nsdname_enable: true + max_policy_ttl: 30S + min_update_interval: 30S + min_ns_dots: 2 + add_soa: false + break_dnssec: false + nsip_wait_recurse: true + nsdname_wait_recurse: true + qname_wait_recurse: true + recursive_only: true + nsip_enable: true + nsdname_enable: true + dnsrps_enable: false + dnsrps_options: + - simple + - item + - list + response_padding: + block_size: 4096 + addresses: + - 0/0 + rate_limit: + all_per_second: 0 + errors_per_second: 0 + responses_per_second: 0 + referrals_per_second: 0 + nodata_per_second: 0 + nxdomains_per_second: 0 + ipv4_prefix_length: 24 + ipv6_prefix_length: 54 + max_table_size: 20000 + min_table_size: 500 + qps_scale: 250 + slip: 2 + window: 15 + log_only: true + exempt_clients: + - 192.168.0.1 + - 10.20.30.40 + query_source_v6: + address: "*" + port: "*" + dscp: 42 + parental_source_v6: + address: "*" + port: "*" + dscp: 42 + notify_source_v6: + address: "*" + notify_source: + address: "*" + listen_on: + - port: 53 + addresses: + - 0.0.0.0 + - port: 5353 + dscp: 42 + addresses: + - 0.0.0.0 + - 127.0.0.1 + listen_on_v6: + - port: 5353 + dscp: 42 + addresses: + - "::" + - "de:ad::be:ef" + dialup: false + minimal_responses: true + zone_statistics: full + ixfr_from_differences: master + dual_stack_servers: + port: 4492 + addresses: + - address: hostname.com + port: 4421 + dscp: 42 + - address: 10.128.128.182 + - address: de:ad::be:ef + dnstap: + - type: auth + - type: client + log: response + - type: resolver + log: query + dnstap_output: + output_type: file + output_file: /tmp/dnstap + size: 10M + versions: 200 + suffix: increment + - name: named.conf.local + acl: + localstuff: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/12 + external: + - 185.181.220.77 + - "!0.0.0.0/0" + controls: + - type: inet + address: 127.0.0.1 + port: 533 + allow: + - 127.0.0.0/8 + - "!127.13.37.1" + readonly: false + - type: inet + address: 10.20.30.40 + allow: + - 100.0.0.0/8 + view: + - name: recursive-view + match_clients: + - localstuff + match_destinations: + - remote + match-recursive-only: true + options: + transfer_source: + address: 0.0.0.0 + port: '*' + dscp: 42 + allow_recursion: + - localstuff + zones: + - name: google.com + type: forward + forward: only + forwarders: + - 1.1.1.1 + - 1.0.0.1 + dnssec_policy: + - name: mypolicy + keylist: + - role: ksk + key_directory: true + lifetime: unlimited + algorithm: rsasha256 + keysize: 2048 + - role: zsk + lifetime: P30D + algorithm: 8 + - role: csk + lifetime: P6MT12H3M15S + algorithm: ecdsa256 + max_zone_ttl: P4D + parent_ds_ttl: P14D + nsec3param: + iterations: '0' + optout: false + salt_length: '0' + dyndb: + - name: sample + driver: example.so + parameters: + - example.nil. arpa. + - example2.nil. arpa. + http: + - name: dohconf + endpoints: + - /dns-query + - /dns + - /query + listener_clients: 4 + streams_per_connection: 1024 + keylist: + - name: certbot. + algorithm: hmac-sha512 + secret: "agyMWst4ZcbhGKqGuR6Pjgz1KJSHdcM0s5tz06n+ZxpfZYVWP67E2cr7Mru+HQRLl7HEBE5Zl4vS3S+SA4kXrA==" + - name: certbot2. + algorithm: hmac-sha512 + secret: "agyMWst4ZcbhGKqGuR6Pjgz1KJSHdcM0s5tz06n+ZxpfZYVWP67E2cr7Mru+HQRLl7HEBE5Zl4vS3S+SA4kXrA==" + logging: + categories: + - name: default + channels: + - default_syslog + - default_debug + - tv2 + - dr1 + - name: unmatched + channels: + - tv3 + channels: + - name: tv2 + buffered: true + file: + name: /var/log/named.log + versions: 7 + size: 20m + suffix: increment + print_category: false + print_severity: false + print_time: iso8601-utc + severity: info + - name: tv3 + 'null': true + - name: dr1 + syslog: daemon + - name: kanalkobenhavn + stderr: true + severity: debug 3 + parental_agents: + - name: parents + port: 53353 + dscp: 42 + addresses: + - address: 10.20.30.40 + port: 53 + key: certbot. + - address: 20.30.40.50 + port: 53 + - address: 30.40.50.60 + key: certbot2. + - address: 40.50.60.70 + - name: notparents + addresses: + - address: 10.20.30.40 + - address: 30.40.50.60 + - address: 40.50.60.70 + primaries: + - name: parents + port: 53353 + dscp: 42 + addresses: + - address: 10.20.30.40 + port: 53 + key: certbot. + - address: 20.30.40.50 + port: 53 + - address: 30.40.50.60 + key: certbot2. + - address: 40.50.60.70 + - name: notparents + addresses: + - address: 10.20.30.40 + - address: 30.40.50.60 + - address: 40.50.60.70 + tls: + - name: certbot + cert_file: /etc/ssl/private/snakeoil.pem + key_file: /etc/ssl/private/snakeoil.key + dhparam_file: /etc/ssl/dhparam.pem + ca_file: /etc/ssl/certs/ca-certificates.crt + remote_hostname: yourhostname + ciphers: HIGH:!aNULL:!MD5:!SHA1:!SHA256:!SHA384 + protocols: + - TLSv1.2 + - TLSv1.3 + prefer_server_ciphers: true + session_tickets: true + trust_anchors: + - name: . + type: initial-key + flags: 257 + protocol: 3 + algorithm: 8 + key: "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=" + - name: hugs.dk + type: static-ds + flags: 64335 + protocol: 7 + algorithm: 2 + key: "D6AAECB1BA13D51F072A229C957ACADEA18118FB17DA2DC7D45A963428091372" + server: + - prefix: 1.1.1.1 + bogus: false + edns: true + tcp_only: false + tcp_keepalive: false + edns_version: '0' + padding: '0' + transfers: '0' + keyname: certbot. + query_source: + address: "*" + port: "*" + statistics_channels: + - address: 0.0.0.0 + port: 8080 + allow: + - 0/0 + - name: named.conf.zones + backup: false + zones: + - name: "_acme-challenge.hugs.dk" + type: master + file: master/_acme-challenge.hugs.dk.zone + allow_query: + - any + dnssec_policy: default + inline_signing: true + serial_update_method: date + update_policy: + - permission: grant + identity: certbot. + ruletype: name + name: _acme-challenge.hugs.dk + types: txt + - name: forward.net + type: forward + forwarders: + port: 53 + addresses: + - address: 1.1.1.1 + port: 53 + dscp: 42 + - address: 4.2.2.4 + port: 53 + - name: stub.com + type: static-stub + allow_query: + - any + server_addresses: + - 1.1.1.1 + - 8.8.8.8 + zone_statistics: full + - name: example.com + type: slave + allow_query: + - 127.0.0.1 + - 10.0.0.1 + - 128.15.14.13 + allow_query_on: + - 127.0.0.1 + primaries: + port: 5522 + dscp: 42 + addresses: + - address: 127.0.0.1 + port: 55222 + - address: 10.20.30.40 + - name: smorg.bop + type: slave + primaries: + addresses: + - address: 127.0.0.1 + allow_query: + - 15.14.13.12 + - 10.20.30.40 + - 28.25.23.24 + - "!10.13.14.15" + forwarders: + port: 53 + dscp: 42 + addresses: + - address: 127.0.0.1 + port: 53 + dscp: 42 + - address: 10.20.30.40 + port: 53 + - address: 20.30.40.50 + - address: 30.40.50.60 + port: 53 + allow_transfer: + port: 5522 + transport: tls + addresses: + - 192.168.122.1 + also_notify: + port: 5523 + dscp: 42 + addresses: + - address: 127.0.0.1 + port: 5523 + - address: 127.0.0.2 + auto-dnssec: allow + dnskey_sig_validity: 0 + dnssec-dnskey-kskonly: true + dnssec_loadkeys_interval: 0 + file: "string" + forward: first + inline_signing: true + ixfr_from_differences: true + masterfile_format: raw + masterfile_style: full + max_ixfr_ratio: unlimited + max_journal_size: default + max_records: 0 + max_transfer_idle_out: 0 + max_transfer_time_out: 0 + notify: true + notify_delay: '0' + notify_to_soa: false + parental_agents: + port: 44332 + dscp: 42 + addresses: + - address: 127.0.0.1 + port: 53 + sig_signing_nodes: '0' + sig_signing_signatures: '0' + sig_signing_type: 65281 + zero_no_soa_ttl: true + zone_statistics: full +``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..04cab26 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,30 @@ +--- +# defaults file for bind9 +bind9_packages: + - bind9 + - bind9-utils + +bind9_cfgdir: /etc/bind +bind9_working_directory: /var/cache/bind +bind9_libdir: /var/lib/bind +bind9_backup_dir: /data/backup/bind + +bind9_backup_config: true +bind9_debug_config: true + +bind9_group_config: [] +bind9_leaf_config: [] +bind9_host_config: [] + +bind9_default_config: + - name: named.conf + backup: false + include: + - "{{ bind9_cfgdir }}/named.conf.options" + - "{{ bind9_cfgdir }}/named.conf.local" + - name: named.conf.options + backup: false + options: + directory: "{{ bind9_working_directory }}" + +bind9_config: "{{ [bind9_default_config, bind9_group_config, bind9_leaf_config, bind9_host_config] | community.general.lists_mergeby('name', recursive=true, list_merge='append_rp') }}" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..55a46b5 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,23 @@ +--- +# handlers file for bind9 +- name: reload bind + ansible.builtin.service: + name: named + state: reloaded + +- name: restart bind + ansible.builtin.service: + name: named + state: restarted + +- name: backup bind config + community.general.archive: + path: + - "{{ bind9_cfgdir }}" + - "{{ bind9_working_directory }}" + - "{{ bind9_libdir }}" + dest: "{{ bind9_backup_dir }}/bind9-config-{{ ansible_date_time.iso8601_basic_short }}.tar.gz" + owner: root + group: root + mode: 0640 + when: bind9_backup_config is defined and bind9_backup_config \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..06d87f0 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: Daniel Akulenok + description: Configure Bind9 + company: Keepit + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: GPL-2.0-or-later + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..0993827 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,47 @@ +--- +# tasks file for bind9 +- name: Install bind9 + ansible.builtin.apt: + name: "{{ bind9_packages }}" + state: present + tags: + - bind9 + - packages + +- name: Ensure backup directory exists + ansible.builtin.file: + path: "{{ bind9_backup_dir }}" + state: directory + owner: root + group: root + mode: 0750 + when: bind9_backup_config is defined and bind9_backup_config + +- name: named.conf.generator + ansible.builtin.template: + src: named.conf.generator.j2 + dest: "{{ bind9_cfgdir }}/{{ item.name }}" + owner: root + group: bind + backup: "{{ item.backup | default('false') | bool }}" + # validate: 'named-checkconf -z -j %s' + loop: "{{ bind9_config }}" + loop_control: + label: "{{ item.name }}" + tags: + - bind9 + - template + notify: + - backup bind config + - restart bind + +- name: Ensure the named service is started + ansible.builtin.service: + name: named + state: started + enabled: true + +- name: Print the bind9_config + ansible.builtin.debug: + var: bind9_config + when: bind9_debug_config | bool diff --git a/templates/named.conf.acl.j2 b/templates/named.conf.acl.j2 new file mode 100644 index 0000000..2c4f9b5 --- /dev/null +++ b/templates/named.conf.acl.j2 @@ -0,0 +1,7 @@ +{# ACL Macro. Very easy statement. It's just a list of address match elements. #} +{% macro acl(acls) %} +{% for acl in acls %} +acl {{ acl.name }} { +{{ functions.simple_item_list(acl.addresses) -}} +}; +{% endfor %}{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.controls.j2 b/templates/named.conf.controls.j2 new file mode 100644 index 0000000..90f4522 --- /dev/null +++ b/templates/named.conf.controls.j2 @@ -0,0 +1,19 @@ +{% macro controls(controls) %} +controls { +{% filter indent(2, true) %} +{% for control in controls %} +{% if control.type == "inet" %} +{{ ('inet ' + control.address) -}} +{{ (' port ' + control.port | string) if control.port is defined and control.port -}} +{{ (' allow {\n' + functions.simple_item_list(control.allow) + ' }') -}} +{% elif control.type == "unix" %} +{{ ('unix "' + control.path +'"') -}} +{{ ('perm ' + control.perm | string) -}} +{{ ('owner ' + control.owner | string) -}} +{{ ('group ' + control.group | string) -}} +{% endif %} +{{ (' keys {\n' + functions.simple_item_list(control.keynames) + '}') if control.keynames is defined and control.keynames -}} +{{ (' read-only ' + control.read_only | string) if control.read_only is defined -}}; +{% endfor %}}; +{% endfilter %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.dlz.j2 b/templates/named.conf.dlz.j2 new file mode 100644 index 0000000..368d260 --- /dev/null +++ b/templates/named.conf.dlz.j2 @@ -0,0 +1,10 @@ +{% macro dlz(dlzs) %} +{% for dlz in dlzs if dlzs is iterable %} +dlz "{{ dlz.name }}" { +{% filter indent(2, true) %} +{{ ('database "' + simple_item_list(dlz.database) + '";') }} +{{ functions.boolean_option('search', dlz.search) }} +{% endfilter %} +}; +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.dnssec-policy.j2 b/templates/named.conf.dnssec-policy.j2 new file mode 100644 index 0000000..975d4a6 --- /dev/null +++ b/templates/named.conf.dnssec-policy.j2 @@ -0,0 +1,39 @@ +{% macro dnssec_policy(policies) %} +{% for policy in policies if policies is iterable %} +dnssec-policy "{{ policy.name }}" { +{% filter indent(2, true) %} +{% if policy.keys is defined and policy.keys %} +keys { +{% filter indent(2, true) %} +{% for dnskey in policy.keylist if policy.keylist is iterable %} +{{ dnskey.role -}} +{{ (' key-directory') if dnskey.key_directory is defined and dnskey.key_directory -}} +{{ (' lifetime ' + dnskey.lifetime | string ) -}} +{{ (' algorithm ' + dnskey.algorithm | string) -}} +{{ (' ' + dnskey.keysize | string) if dnskey.keysize is defined and dnskey.keysize }}; +{% endfor %} +{% endfilter %} +}; +{% endif %} +{% if policy.nsec3param is defined and policy.nsec3param %} +nsec3param +{{- (' iterations ' + policy.nsec3param.iterations | string) if policy.nsec3param.iterations is defined and policy.nsec3param.iterations -}} +{{ (' optout ' + functions.named_boolean(policy.nsec3param.optout)) if policy.nsec3param.optout is defined -}} +{{ (' salt-length ' + policy.nsec3param.salt_length) if policy.nsec3param.salt_length is defined and policy.nsec3param.salt_length -}}; +{% endif %} +{{ ('dnskey-ttl ' + policy.dnskey_ttl | string +';\n') if policy.dnskey_ttl is defined -}} +{{ ('max-zone-ttl ' + policy.max_zone_ttl | string +';\n') if policy.max_zone_ttl is defined -}} +{{ ('parent-ds-ttl ' + policy.parent_ds_ttl | string +';\n') if policy.parent_ds_ttl is defined -}} +{{ ('parent-propagation-delay ' + policy.parent_propagation_delay | string +';\n') if policy.parent_propagation_delay is defined -}} +{{ ('parent-registration-delay ' + policy.parent_registration_delay | string +';\n') if policy.parent_registration_delay is defined -}} +{{ ('publish-safety ' + policy.publish_safety | string +';\n') if policy.publish_safety is defined -}} +{{ ('purge-keys ' + policy.purge_keys | string +';\n') if policy.purge_keys is defined -}} +{{ ('retire-safety ' + policy.retire_safety | string +';\n') if policy.retire_safety is defined -}} +{{ ('signatures-refresh ' + policy.signatures_refresh | string +';\n') if policy.signatures_refresh is defined -}} +{{ ('signatures-validity ' + policy.signatures_validity | string +';\n') if policy.signatures_validity is defined -}} +{{ ('signatures-validity-dnskey ' + policy.signatures_validity_dnskey | string +';\n') if policy.signatures_validity_dnskey is defined -}} +{{ ('zone-propagation-delay ' + policy.zone_propagation_delay | string +';\n') if policy.zone_propagation_delay is defined -}} +{% endfilter %} +}; +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.dyndb.j2 b/templates/named.conf.dyndb.j2 new file mode 100644 index 0000000..287bc74 --- /dev/null +++ b/templates/named.conf.dyndb.j2 @@ -0,0 +1,8 @@ +{% macro dyndb(dyndbs) %} +{% for dyndb in dyndbs if dyndbs is iterable %} +dyndb {{ dyndb.name }} "{{ dyndb.driver }}" { +{% filter indent(2, true) %} +{{ functions.simple_item_list(dyndb.parameters) -}} +{% endfilter %}}; +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.functions.j2 b/templates/named.conf.functions.j2 new file mode 100644 index 0000000..1854d35 --- /dev/null +++ b/templates/named.conf.functions.j2 @@ -0,0 +1,106 @@ +{% macro simple_item_list(item_list, indent=2) %} +{# This macro is for use in simple address lists #} +{% filter indent(indent, true) %} +{{ item_list | join(';\n') }}; +{% endfilter %} +{% endmacro %} + +{% macro list_address_port_key_tls(dict, indent=2) %} +{% filter indent(indent, true) %} +{% for item in dict %} +{% if item is not mapping %} +{{ item -}}; +{% else %} +{{ item.address -}} +{{- (' port ' + item.port | string) if item.port is defined -}} +{{- (' key ' + item.key | string) if item.key is defined -}} +{{- (' tls ' + item.tls | string) if item.tls is defined -}}; +{% endif %} +{% endfor %} +{% endfilter %} +{% endmacro %} + +{% macro parent_address_key_tls(name, dict) %} +{# This macro is for use for statements with grammar like #} +{# statement port 00 dscp 00 { address port 00 key str tls str; address port 00 key str tls str; } #} +{# the list inside the statement is handled by list_address_port_key_tls #} +{% if dict is not mapping and dict is iterable %} +{{ name }} { +{{ list_address_port_key_tls(dict) }}}; +{% else %} +{{ name }} +{{- (' port ' + dict.port | string) if dict.port is defined and dict.port -}} +{{- (' dscp ' + dict.dscp | string) if dict.dscp is defined and dict.dscp }} { +{{ list_address_port_key_tls(dict.addresses) }}}; +{% endif %} +{% endmacro %} + +{% macro list_address_port_dscp(dict, indent=2) %} +{# This macro is for use for statements with grammar like #} +{# address port 00 dscp 00; address port 00 dscp 00; #} +{# it is usually called by a parent macro #} +{% filter indent(indent, true) %} +{% for item in dict %} +{% if item is not mapping %} +{{ item }}; +{% else %} +{{ item.address }} +{{- (' port ' + item.port | string) if item.port is defined and item.port -}} +{{- (' dscp ' + item.dscp | string) if item.dscp is defined and item.dscp -}}; +{% endif %} +{% endfor %} +{% endfilter %} +{% endmacro %} + +{% macro parent_address_port_dscp(name, dict) %} +{# This macro is for use for statements with grammar like #} +{# statement port 00 dscp 00 { address port 00 dscp 00; address port 00 dscp 00; } #} +{# the list inside the statement is handled by list_address_port #} +{% if dict is not mapping and dict is iterable %} +{{ name }} { +{{ list_address_port_dscp(dict) }}}; +{% else %} +{{ name }} +{{- (' port ' + dict.port | string) if dict.port is defined and dict.port -}} +{{- (' dscp ' + dict.dscp | string) if dict.dscp is defined and dict.dscp }} { +{{ list_address_port_dscp(dict.addresses) }}}; +{% endif %} +{% endmacro %} + +{% macro single_ip_port_dscp(name, dict) %} +{# This macro is for the "statement ip(v6) [port xx] [dscp xx] statements "#} +{{ name }} {{ dict.address -}} +{{- (' port ' + dict.port | string) if dict.port is defined and dict.port -}} +{{- (' dscp ' + dict.dscp | string) if dict.dscp is defined and dict.dscp }}; +{% endmacro %} + +{% macro boolean_option(name, value) %} +{# Converts YAML booleans "True" and "False" into bind9 "yes "and "no" #} +{{ name }} {{ named_boolean(value) }}; +{%- endmacro %} + +{% macro named_boolean(value) %} +{# input: value: YAML boolean #} +{# output: str: yes or no #} +{{- value | ternary('yes', 'no') | string -}} +{% endmacro %} + +{% macro boolean_or_string(value) %} +{# input: value: boolean or string #} +{# output: str: ((yes or no) or input) #} +{% if value is boolean -%} +{{- named_boolean(value) -}} +{% else %} +{{- (value | string) -}} +{% endif %} +{% endmacro %} + +{% macro reserved_or_quoted(name, value, reserved_keywords) %} +{# reserved_or_quoted checks if value contains a reserved keyword, #} +{# then prints it without quotes if it's reserved, or quoted if it is not #} +{% if value in reserved_keywords %} +{{ name }} {{ value }}; +{% else %} +{{ name }} "{{ value }}"; +{% endif %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.generator.j2 b/templates/named.conf.generator.j2 new file mode 100644 index 0000000..7d6385b --- /dev/null +++ b/templates/named.conf.generator.j2 @@ -0,0 +1,79 @@ +{% import 'named.conf.functions.j2' as functions %} +{{ ansible_managed | comment }} +{% if item.options is defined and item.options %} +{% from 'named.conf.options.j2' import options with context %} +options { +{% filter indent(2,true)%} +{{ options(item.options) -}} +{% endfilter %} +}; + +{% endif %} +{% if item.acl is defined and item.acl %} +{% from 'named.conf.acl.j2' import acl with context %} +{{ acl(item.acl) }} +{% endif %} +{% if item.zones is defined and item.zones %} +{% from 'named.conf.zone.j2' import zones with context %} +{{ zones(item.zones) }} +{% endif %} +{% if item.controls is defined and item.controls %} +{% from 'named.conf.controls.j2' import controls with context %} +{{ controls(item.controls) }} +{% endif %} +{% if item.include is defined and item.include %} +{% from 'named.conf.include.j2' import include with context %} +{{ include(item.include) }} +{% endif %} +{% if item.dlz is defined and item.dlz %} +{% from 'named.conf.dlz.j2' import dlz with context %} +{{ dlz(item.dlz) }} +{% endif %} +{% if item.dnssec_policy is defined and item.dnssec_policy %} +{% from 'named.conf.dnssec-policy.j2' import dnssec_policy with context %} +{{ dnssec_policy(item.dnssec_policy) }} +{% endif %} +{% if item.dyndb is defined and item.dyndb %} +{% from 'named.conf.dyndb.j2' import dyndb with context %} +{{ dyndb(item.dyndb) }} +{% endif %} +{% if item.http is defined and item.http %} +{% from 'named.conf.http.j2' import http with context %} +{{ http(item.http) }} +{% endif %} +{% if item.keylist is defined and item.keylist %} +{% from 'named.conf.key.j2' import keylist with context %} +{{ keylist(item.keylist) }} +{% endif %} +{% if item.logging is defined and item.logging %} +{% from 'named.conf.logging.j2' import logging with context %} +{{ logging(item.logging) }} +{% endif %} +{% if item.parental_agents is defined and item.parental_agents %} +{% from 'named.conf.parental-agents.j2' import parental_agents with context %} +{{ parental_agents(item.parental_agents) }} +{% endif %} +{% if item.primaries is defined and item.primaries %} +{% from 'named.conf.primaries.j2' import primaries with context %} +{{ primaries(item.primaries) }} +{% endif %} +{% if item.server is defined and item.server %} +{% from 'named.conf.server.j2' import server with context %} +{{ server(item.server) }} +{% endif %} +{% if item.statistics_channels is defined and item.statistics_channels %} +{% from 'named.conf.statistics-channels.j2' import statistics_channels with context %} +{{ statistics_channels(item.statistics_channels) }} +{% endif %} +{% if item.tls is defined and item.tls %} +{% from 'named.conf.tls.j2' import tls with context %} +{{ tls(item.tls) }} +{% endif %} +{% if item.trust_anchors is defined and item.trust_anchors %} +{% from 'named.conf.trust-anchors.j2' import trust_anchors with context %} +{{ trust_anchors(item.trust_anchors) }} +{% endif %} +{% if item.view is defined and item.view %} +{% from 'named.conf.view.j2' import view with context %} +{{ view(item.view) }} +{% endif %} \ No newline at end of file diff --git a/templates/named.conf.http.j2 b/templates/named.conf.http.j2 new file mode 100644 index 0000000..e69e1ec --- /dev/null +++ b/templates/named.conf.http.j2 @@ -0,0 +1,17 @@ +{% macro http(seq) %} +{% for http in seq if seq is iterable %} +http {{ http.name }} { +{% filter indent(2, true) %} +{% if http.endpoints is defined and http.endpoints %} +endpoints { +{% filter indent(2, true) %} +{% for endpoint in http.endpoints %} +{{ '"' + endpoint + '";' }} +{% endfor %} +{% endfilter %}}; +{% endif%} +{{ ('listener-clients ' + http.listener_clients | string + ';\n') if http.listener_clients is defined and http.listener_clients -}} +{{ ('streams-per-connection ' + http.streams_per_connection | string + ';\n') if http.streams_per_connection is defined and http.streams_per_connection -}} +{% endfilter %}}; +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.include.j2 b/templates/named.conf.include.j2 new file mode 100644 index 0000000..c5c6f14 --- /dev/null +++ b/templates/named.conf.include.j2 @@ -0,0 +1,5 @@ +{% macro include(files) %} +{% for file in files %} +include "{{ file }}"; +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.key.j2 b/templates/named.conf.key.j2 new file mode 100644 index 0000000..0350186 --- /dev/null +++ b/templates/named.conf.key.j2 @@ -0,0 +1,9 @@ +{% macro keylist(keylists) %} +{% for keyname in keylists if keylists is iterable %} +key {{ keyname.name }} { +{% filter indent(2, true) %} +{{ ('algorithm ' + keyname.algorithm + ';\n') if keyname.algorithm is defined and keyname.algorithm -}} +{{ ('secret "' + keyname.secret + '";\n') if keyname.secret is defined and keyname.secret -}} +{% endfilter %}}; +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.logging.j2 b/templates/named.conf.logging.j2 new file mode 100644 index 0000000..f2b3094 --- /dev/null +++ b/templates/named.conf.logging.j2 @@ -0,0 +1,29 @@ +{% macro logging(logging) %} +logging { +{% filter indent(2, true) %} +{% for category in logging.categories if logging.categories is defined and logging.categories %} +category {{ category.name }} { +{{ functions.simple_item_list(category.channels) }}}; +{% endfor %} +{% for channel in logging.channels if logging.channels is defined and logging.channels %} +channel {{ channel.name }} { +{% filter indent(2, true) %} +{% if channel.file is defined and channel.file %} +file "{{ channel.file.name }}" +{{- (' versions ' + channel.file.versions | string) if channel.file.versions is defined and channel.file.versions -}} +{{- (' size ' + channel.file.size | string) if channel.file.size is defined and channel.file.size -}} +{{- (' suffix ' + channel.file.suffix | string) if channel.file.suffix is defined and channel.file.suffix -}}; +{% endif %} +{{ ('null;\n') if channel.null is defined and channel.null -}} +{{ ('stderr;\n') if channel.stderr is defined and channel.stderr -}} +{{ ('severity ' + channel.severity + ';\n') if channel.severity is defined and channel.severity -}} +{{ ('syslog ' + channel.syslog + ';\n') if channel.syslog is defined and channel.syslog -}} +{{ (functions.boolean_option('buffered', channel.buffered) + '\n') if channel.buffered is defined and channel.buffered -}} +{{ (functions.boolean_option('print-category', channel.print_category) + '\n') if channel.print_category is defined -}} +{{ (functions.boolean_option('print-severity', channel.print_severity) + '\n') if channel.print_severity is defined -}} +{{ ('print-time ' + functions.boolean_or_string(channel.print_time) + ';\n') if channel.print_time is defined and channel.print_time -}} +{% endfilter %} +}; +{% endfor %} +{% endfilter %}}; +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.options.j2 b/templates/named.conf.options.j2 new file mode 100644 index 0000000..17d890b --- /dev/null +++ b/templates/named.conf.options.j2 @@ -0,0 +1,464 @@ +{% macro options(option) %} +{# Unicorn Options#} +{% if option.rrset_order is defined and option.rrset_order %} +rrset-order { +{% filter indent(4, true) %} +{% for rrset in option.rrset_order %} +{{ ('class ' + rrset.class | string + ' ') if rrset.class is defined and rrset.class -}} +{{ ('type ' + rrset.type | string + ' ') if rrset.type is defined and rrset.type -}} +{{ ('name "' + rrset.name | string + '" ') if rrset.name is defined and rrset.name -}} +{{ ('order ' + rrset.order | string) -}}; +{% endfor %} +{% endfilter %}}; +{% endif %} +{% if option.response_policy is defined and option.response_policy %} +response-policy { +{% filter indent(2, true) %} +{% for zone in option.response_policy.zones %} +{{- ('zone ' + zone.zone | string) -}} +{{- (' max-policy-ttl ' + zone.max_policy_ttl | string) if zone.max_policy_ttl is defined and zone.max_policy_ttl -}} +{{- (' min-update-interval ' + zone.min_update_interval | string) if zone.min_update_interval is defined and zone.min_update_interval -}} +{{- (' policy ' + zone.policy | string) if zone.policy is defined and zone.policy -}} +{{- (' add-soa ' + functions.named_boolean(zone.add_soa)) if zone.add_soa is defined -}} +{{- (' log ' + functions.named_boolean(zone.log)) if zone.log is defined -}} +{{- (' recursive-only ' + functions.named_boolean(zone.recursive_only)) if zone.recursive_only is defined -}} +{{- (' nsip-enable ' + functions.named_boolean(zone.nsip_enable)) if zone.nsip_enable is defined -}} +{{- (' nsdname-enable ' + functions.named_boolean(zone.nsdname_enable)) if zone.nsdname_enable is defined }}; +{% endfor %} +{% endfilter %}} +{{- (' max-policy-ttl ' + option.response_policy.max_policy_ttl | string) if option.response_policy.max_policy_ttl is defined and option.response_policy.max_policy_ttl -}} +{{- (' min-update-interval ' + option.response_policy.min_update_interval | string) if option.response_policy.min_update_interval is defined and option.response_policy.min_update_interval -}} +{{- (' min-ns-dots ' + option.response_policy.min_ns_dots | string) if option.response_policy.min_ns_dots is defined and option.response_policy.min_ns_dots -}} +{{- (' add-soa ' + functions.named_boolean(option.response_policy.add_soa)) if option.response_policy.add_soa is defined -}} +{{- (' break-dnssec ' + functions.named_boolean(option.response_policy.break_dnssec)) if option.response_policy.break_dnssec is defined -}} +{{- (' nsip-wait-recurse ' + functions.named_boolean(option.response_policy.nsip_wait_recurse)) if option.response_policy.nsip_wait_recurse is defined -}} +{{- (' nsdname-wait-recurse ' + functions.named_boolean(option.response_policy.nsdname_wait_recurse)) if option.response_policy.nsdname_wait_recurse is defined -}} +{{- (' qname-wait-recurse ' + functions.named_boolean(option.response_policy.qname_wait_recurse)) if option.response_policy.qname_wait_recurse is defined -}} +{{- (' recursive-only ' + functions.named_boolean(option.response_policy.recursive_only)) if option.response_policy.recursive_only is defined -}} +{{- (' nsip-enable ' + functions.named_boolean(option.response_policy.nsip_enable)) if option.response_policy.nsip_enable is defined -}} +{{- (' nsdname-enable ' + functions.named_boolean(option.response_policy.nsdname_enable)) if option.response_policy.nsdname_enable is defined -}} +{{- (' dnsrps-enable ' + functions.named_boolean(option.response_policy.dnsrps_enable)) if option.response_policy.dnsrps_enable is defined -}} +{{- (' dnsrps-options {\n' + functions.simple_item_list(option.response_policy.dnsrps_options) + '}') if option.response_policy.dnsrps_options is defined and option.response_policy.dnsrps_options -}}; +{% endif %} +{% if option.response_padding is defined and option.response_padding %} +response-padding { +{{ functions.simple_item_list(option.response_padding.addresses) }}} +{{- (' block-size ' + option.response_padding.block_size | string) }}; +{% endif %} +{% if option.rate_limit is defined and option.rate_limit %} +rate-limit { +{% filter indent(2, true) %} +{{ ('all-per-second ' + option.rate_limit.all_per_second | string + ';\n') if option.rate_limit.all_per_second is defined and option.rate_limit.all_per_second -}} +{{ ('errors-per-second ' + option.rate_limit.errors_per_second | string + ';\n') if option.rate_limit.errors_per_second is defined and option.rate_limit.errors_per_second -}} +{{ ('responses-per-second ' + option.rate_limit.responses_per_second | string + ';\n') if option.rate_limit.responses_per_second is defined and option.rate_limit.responses_per_second -}} +{{ ('referrals-per-second ' + option.rate_limit.referrals_per_second | string + ';\n') if option.rate_limit.referrals_per_second is defined and option.rate_limit.referrals_per_second -}} +{{ ('nodata-per-second ' + option.rate_limit.nodata_per_second | string + ';\n') if option.rate_limit.nodata_per_second is defined and option.rate_limit.nodata_per_second -}} +{{ ('nxdomains-per-second ' + option.rate_limit.nxdomains_per_second | string + ';\n') if option.rate_limit.nxdomains_per_second is defined and option.rate_limit.nxdomains_per_second -}} +{{ ('ipv4-prefix-length ' + option.rate_limit.ipv4_prefix_length | string + ';\n') if option.rate_limit.ipv4_prefix_length is defined and option.rate_limit.ipv4_prefix_length -}} +{{ ('ipv6-prefix-length ' + option.rate_limit.ipv6_prefix_length | string + ';\n') if option.rate_limit.ipv6_prefix_length is defined and option.rate_limit.ipv6_prefix_length -}} +{{ ('max-table-size ' + option.rate_limit.max_table_size | string + ';\n') if option.rate_limit.max_table_size is defined and option.rate_limit.max_table_size -}} +{{ ('min-table-size ' + option.rate_limit.min_table_size | string + ';\n') if option.rate_limit.min_table_size is defined and option.rate_limit.min_table_size -}} +{{ ('qps-scale ' + option.rate_limit.qps_scale | string + ';\n') if option.rate_limit.qps_scale is defined and option.rate_limit.qps_scale -}} +{{ ('window ' + option.rate_limit.window | string + ';\n') if option.rate_limit.window is defined and option.rate_limit.window -}} +{{ ('slip ' + option.rate_limit.slip | string + ';\n') if option.rate_limit.slip is defined and option.rate_limit.slip -}} +{{ ('log-only ' + functions.named_boolean(option.rate_limit.log_only) + ';\n') if option.rate_limit.log_only is defined -}} +{{ ('exempt-clients {\n' + functions.simple_item_list(option.rate_limit.exempt_clients) + '};\n') if option.rate_limit.exempt_clients is defined and option.rate_limit.exempt_clients -}} +{% endfilter %}}; +{% endif %} +{% if option.listen_on_v6 is defined and option.listen_on_v6 %} +{% for listen in option.listen_on_v6 if option.listen_on_v6 is not mapping %} +listen-on-v6 +{{- (' port ' + listen.port | string) if listen.port is defined and listen.port -}} +{{- (' dscp ' + listen.dscp | string) if listen.dscp is defined and listen.dscp -}} +{{- (' tls ' + listen.tls | string) if listen.tls is defined and listen.tls -}} +{{- (' http ' + listen.http | string) if listen.http is defined and listen.http }} { +{{ functions.simple_item_list(listen.addresses) }}}; +{% else %} +listen-on-v6 +{{- (' port ' + option.listen_on_v6.port | string) if option.listen_on_v6.port is defined and option.listen_on_v6.port -}} +{{- (' dscp ' + option.listen_on_v6.dscp | string) if option.listen_on_v6.dscp is defined and option.listen_on_v6.dscp -}} +{{- (' tls ' + option.listen_on_v6.tls | string) if option.listen_on_v6.tls is defined and option.listen_on_v6.tls -}} +{{- (' http ' + option.listen_on_v6.http | string) if option.listen_on_v6.http is defined and option.listen_on_v6.http }} { +{{ functions.simple_item_list(option.listen_on_v6.addresses) }}}; +{% endfor %} +{% endif %} +{% if option.listen_on is defined and option.listen_on %} +{% for listen in option.listen_on if option.listen_on is not mapping %} +listen-on +{{- (' port ' + listen.port | string) if listen.port is defined and listen.port -}} +{{- (' dscp ' + listen.dscp | string) if listen.dscp is defined and listen.dscp -}} +{{- (' tls ' + listen.tls | string) if listen.tls is defined and listen.tls -}} +{{- (' http ' + listen.http | string) if listen.http is defined and listen.http }} { +{{ functions.simple_item_list(listen.addresses) }}}; +{% else %} +listen-on +{{- (' port ' + option.listen_on.port | string) if option.listen_on.port is defined and option.listen_on.port -}} +{{- (' dscp ' + option.listen_on.dscp | string) if option.listen_on.dscp is defined and option.listen_on.dscp -}} +{{- (' tls ' + option.listen_on.tls | string) if option.listen_on.tls is defined and option.listen_on.tls -}} +{{- (' http ' + option.listen_on.http | string) if option.listen_on.http is defined and option.listen_on.http }} { +{{ functions.simple_item_list(option.listen_on.addresses) }}}; +{% endfor %} +{% endif %} +{{ functions.parent_address_port_dscp("forwarders", option.forwarders) if option.forwarders is defined and option.forwarders -}} +{% if option.dual_stack_servers is defined and option.dual_stack_servers %} +dual-stack-servers +{{ (' port ' + option.dual_stack_servers.port | string) if option.dual_stack_servers.port is defined and option.dual_stack_servers }} { +{% for host in option.dual_stack_servers.addresses %} +{% filter indent(2, true) %} +{{ host.address | ansible.utils.ipaddr | ternary(host.address, '"' + host.address + '"') }} +{{- (' port ' + host.port | string) if host.port is defined and host.port -}} +{{- (' dscp ' + host.dscp | string) if host.dscp is defined and host.dscp -}}; +{% endfilter %} +{% endfor %}}; +{% endif %} +{% if option.dnstap_output is defined and option.dnstap_output %} +dnstap-output {{ option.dnstap_output.output_type -}} +{{- ' "' + option.dnstap_output.output_file + '"' -}} +{{- (' size ' + option.dnstap_output.size | string) if option.dnstap_output.size is defined and option.dnstap_output.size -}} +{{- (' versions ' + option.dnstap_output.versions | string) if option.dnstap_output.versions is defined and option.dnstap_output.versions -}} +{{- (' suffix ' + option.dnstap_output.suffix | string) if option.dnstap_output.suffix is defined and option.dnstap_output.suffix -}}; +{% endif %} +{% if option.dnstap is defined and option.dnstap %} +dnstap { +{% filter indent(2, true) %} +{% for dnstap in option.dnstap %} +{{ dnstap.type }}{{ ' ' + dnstap.log if dnstap.log is defined and dnstap.log }}; +{% endfor %} +{% endfilter %}}; +{% endif %} +{% if option.dns64 is defined and option.dns64 %} +{% for dns64 in option.dns64 if option.dns64 is sequence %} +dns64 {{ dns64.netprefix }} { +{% filter indent(2, true) %} +{{ ('break-dnssec ' + dns64.break_dnssec | functions.named_boolean + ';\n') if dns64.break_dnssec is defined and dns64.break_dnssec is boolean -}} +{{ ('recursive-only ' + dns64.recursive_only | functions.named_boolean + ';\n') if dns64.recursive_only is defined and dns64.recursive_only is boolean -}} +{{ ('suffix ' + dns64.suffix + ';\n') if dns64.suffix is defined and dns64.suffix -}} +{{ ("clients {\n" + functions.simple_item_list(dns64.clients) + "};\n") if dns64.clients is defined and dns64.clients -}} +{{ ("exclude {\n" + functions.simple_item_list(dns64.exclude) + "};\n") if dns64.exclude is defined and dns64.exclude -}} +{{ ("mapped {\n" + functions.simple_item_list(dns64.mapped) + "};\n") if dns64.mapped is defined and dns64.mapped -}} +{% endfilter %}}; +{% endfor %} +{% endif %} +{% if option.deny_answer_aliases is defined and option.deny_answer_aliases %} +deny-answer-aliases { +{{ functions.simple_item_list(option.deny_answer_aliases.names) }}} +{%- if option.deny_answer_aliases.except_from is defined and option.deny_answer_aliases.except_from %} + except-from { +{{ functions.simple_item_list(option.deny_answer_aliases.except_from, 4) }}} +{%- endif %}; +{% endif %} +{% if option.deny_answer_addresses is defined and option.deny_answer_addresses %} +deny-answer-addresses { +{{ functions.simple_item_list(option.deny_answer_addresses.addresses) }}} +{%- if option.deny_answer_addresses.except_from is defined and option.deny_answer_addresses.except_from %} + except-from { +{{ functions.simple_item_list(option.deny_answer_addresses.except_from, 4) }}} +{%- endif %}; +{% endif %} +{% if option.check_names is defined and option.check_names %} +{% for policy in option.check_names %} +check-names {{ policy.type }} {{ policy.action }}; +{% endfor %} +{% endif %} +{% if option.catalog_zones is defined and option.catalog_zones %} +catalog-zones { +{% for catalog_zone in option.catalog_zones %} +zone {{ catalog_zone.zone }} +{% filter indent(6, true) %} +{% if catalog_zone.default_primaries is defined and catalog_zone.default_primaries %} +default-primaries +{{- (' port ' + catalog_zone.default_primaries.port | string) if catalog_zone.default_primaries.port is defined and catalog_zone.default_primaries.port -}} +{{- (' dscp ' + catalog_zone.default_primaries.dscp | string) if catalog_zone.default_primaries.dscp is defined and catalog_zone.default_primaries.dscp }} { +{{ functions.list_address_port_key_tls(catalog_zone.default_primaries.primaries) }}} +{% endif %} +{{ ('zone-directory "' + catalog_zone.zone_directory + '"') if catalog_zone.zone_directory is defined and catalog_zone.zone_directory }} +{{ ('in-memory ' + (catalog_zone.in_memory | functions.named_boolean ) | string) if catalog_zone.in_memory is defined and catalog_zone.in_memory is boolean }} +{{ ('min-update-interval ' + catalog_zone.min_update_interval | string) if catalog_zone.min_update_interval is defined and catalog_zone.min_update_interval}}; +{% endfilter %} +{% endfor %}}; +{% endif %} +{{ functions.single_ip_port_dscp('transfer-source', option.transfer_source) if option.transfer_source is defined and option.transfer_source -}} +{{ functions.single_ip_port_dscp('transfer-source-v6', option.transfer_source_v6) if option.transfer_source_v6 is defined and option.transfer_source_v6 -}} +{{ functions.single_ip_port_dscp('alt-transfer-source', option.alt_transfer_source) if option.alt_transfer_source is defined and option.alt_transfer_source -}} +{{ functions.single_ip_port_dscp('alt-transfer-source-v6', option.alt_transfer_source_v6) if option.alt_transfer_source_v6 is defined and option.alt_transfer_source_v6 -}} +{{ functions.single_ip_port_dscp('query-source', option.query_source) if option.query_source is defined and option.query_source -}} +{{ functions.single_ip_port_dscp('query-source-v6', option.query_source_v6) if option.query_source_v6 is defined and option.query_source_v6 -}} +{{ functions.single_ip_port_dscp('parental-source', option.parental_source) if option.parental_source is defined and option.parental_source -}} +{{ functions.single_ip_port_dscp('parental-source-v6', option.parental_source_v6) if option.parental_source_v6 is defined and option.parental_source_v6 -}} +{{ functions.single_ip_port_dscp('notify-source', option.notify_source) if option.notify_source is defined and option.notify_source -}} +{{ functions.single_ip_port_dscp('notify-source-v6', option.notify_source_v6) if option.notify_source_v6 is defined and option.notify_source_v6 -}} +{% if option.also_notify is defined and option.also_notify is not string %} +also-notify +{{- (' port ' + option.also_notify.port | string) if option.also_notify.port is defined and option.also_notify.port -}} +{{- (' dscp ' + option.also_notify.dscp | string) if option.also_notify.dscp is defined and option.also_notify.dscp }} { +{{ functions.list_address_port_key_tls(option.also_notify.addresses) }}}; +{% endif %} +{% if option.allow_transfer is defined and option.allow_transfer is not string %} +allow-transfer +{{- (' port ' + option.allow_transfer.port | string) if option.allow_transfer.port is defined and option.allow_transfer.port -}} +{{- (' transport ' + option.allow_transfer.transport) if option.allow_transfer.transport is defined and option.allow_transfer.transport }} { +{{ functions.simple_item_list(option.allow_transfer.addresses) }}}; +{% endif %} +{# The rest #} +{% if option.disable_algorithms is defined and option.disable_algorithms %} +{% for item in option.disable_algorithms %} +disable-algorithms {{ item.domain }} { "{{ item.algorithms | join('"; "') }}"; }; +{% endfor %} +{% endif %} +{% if option.disable_ds_digests is defined and option.disable_ds_digests %} +{% for item in option.disable_ds_digests %} +disable-ds-digests {{ item.domain }} { "{{ item.digests | join('"; "') }}"; }; +{% endfor %} +{% endif %} +{# Oddball simple options #} +{% if option.fetch_quota_params is defined and option.fetch_quota_params is string %} +fetch-quota-params {{ option.fetch_quota_params }}; +{% endif %} +{% if option.fetches_per_server is defined and option.fetches_per_server is string %} +fetches-per-server {{ option.fetches_per_server }}; +{% endif %} +{% if option.fetches_per_zone is defined and option.fetches_per_zone is string %} +fetches-per-zone {{ option.fetches_per_zone }}; +{% endif %} +{% if option.prefetch is defined and option.prefetch %} +prefetch {{ option.prefetch }}; +{% endif %} +{% if option.root_delegation_only is defined and option.root_delegation_only %} +root-delegation-only{% if option.root_delegation_only.exclude is defined and option.root_delegation_only.exclude is sequence %} exclude { +{{ functions.simple_item_list(options.root_delegation_only.exclude) }}} +{% endif %}; +{% endif %} +{% if option.sig_validity_interval is defined and option.sig_validity_interval %} +sig-validity-interval {{ option.sig_validity_interval }}; +{% endif %} +{% if option.tkey_dhkey is defined and option.tkey_dhkey is mapping %} +tkey-dhkey "{{ option.tkey_dhkey.key_name }}" {{ option.tkey_dhkey.key_tag }}; +{% endif %} +{# special_quoted_string options with reserved keywords #} +{% if option.dnstap_identity is defined and option.dnstap_identity is string %} +{{ functions.reserved_or_quoted('dnstap-identity', option.dnstap_identity, ['none', 'hostname']) -}} +{% endif %} +{% if option.dnstap_version is defined and option.dnstap_version is string %} +{{ functions.reserved_or_quoted('dnstap-version', option.dnstap_version, ['none']) -}} +{% endif %} +{% if option.geoip_directory is defined and option.geoip_directory is string %} +{{ functions.reserved_or_quoted('geoip-directory', option.geoip_directory, ['none']) -}} +{% endif %} +{% if option.hostname is defined and option.hostname is string %} +{{ functions.reserved_or_quoted('hostname', option.hostname, ['none']) -}} +{% endif %} +{% if option.lock_file is defined and option.lock_file is string %} +{{ functions.reserved_or_quoted('lock-file', option.lock_file, ['none']) -}} +{% endif %} +{% if option.pid_file is defined and option.pid_file is string %} +{{ functions.reserved_or_quoted('pid-file', option.pid_file, ['none']) -}} +{% endif %} +{% if option.random_device is defined and option.random_device is string %} +{{ functions.reserved_or_quoted('random-device', option.random_device, ['none']) -}} +{% endif %} +{% if option.server_id is defined and option.server_id is string %} +{{ functions.reserved_or_quoted('server-id', option.server_id, ['none', 'hostname']) -}} +{% endif %} +{% if option.session_keyfile is defined and option.session_keyfile is string %} +{{ functions.reserved_or_quoted('session-keyfile', option.session_keyfile, ['none']) -}} +{% endif %} +{% if option.version is defined and option.version is string %} +{{ functions.reserved_or_quoted('version', option.version, ['none']) -}} +{% endif %} +{# simple list options #} +{{ ('avoid-v4-udp-ports {\n' + functions.simple_item_list(option.avoid_v4_udp_ports) + '};\n') if option.avoid_v4_udp_ports is defined and option.avoid_v4_udp_ports -}} +{{ ('avoid-v6-udp-ports {\n' + functions.simple_item_list(option.avoid_v6_udp_ports) + '};\n') if option.avoid_v6_udp_ports is defined and option.avoid_v6_udp_ports -}} +{{ ('use-v4-udp-ports {\n' + functions.simple_item_list(option.use_v4_udp_ports) + '};\n') if option.use_v4_udp_ports is defined and option.use_v4_udp_ports -}} +{{ ('use-v6-udp-ports {\n' + functions.simple_item_list(option.use_v6_udp_ports) + '};\n') if option.use_v6_udp_ports is defined and option.use_v6_udp_ports -}} +{{ ('validate-except {\n' + functions.simple_item_list(option.validate_except) + '};\n') if option.validate_except is defined and option.validate_except -}} +{# boolean_or_string options #} +{{ ('dialup ' + functions.boolean_or_string(option.dialup) + ';\n') if option.dialup is defined -}} +{{ ('ixfr-from-differences ' + functions.boolean_or_string(option.ixfr_from_differences) + ';\n') if option.ixfr_from_differences is defined -}} +{{ ('minimal-responses ' + functions.boolean_or_string(option.minimal_responses) + ';\n') if option.minimal_responses is defined -}} +{{ ('notify ' + functions.boolean_or_string(option.notify) + ';\n') if option.notify is defined -}} +{{ ('zone-statistics ' + functions.boolean_or_string(option.zone_statistics) + ';\n') if option.zone_statistics is defined -}} +{# duration_sizeval options #} +{{ ('fstrm-set-reopen-interval ' + option.fstrm_set_reopen_interval | string +';\n') if option.fstrm_set_reopen_interval is defined and option.fstrm_set_reopen_interval -}} +{{ ('interface-interval ' + option.interface_interval | string +';\n') if option.interface_interval is defined and option.interface_interval -}} +{{ ('lame-ttl ' + option.lame_ttl | string +';\n') if option.lame_ttl is defined and option.lame_ttl -}} +{{ ('lmdb-mapsize ' + option.lmdb_mapsize | string +';\n') if option.lmdb_mapsize is defined and option.lmdb_mapsize -}} +{{ ('max-cache-ttl ' + option.max_cache_ttl | string +';\n') if option.max_cache_ttl is defined and option.max_cache_ttl -}} +{{ ('max-ncache-ttl ' + option.max_ncache_ttl | string +';\n') if option.max_ncache_ttl is defined and option.max_ncache_ttl -}} +{{ ('max-stale-ttl ' + option.max_stale_ttl | string +';\n') if option.max_stale_ttl is defined and option.max_stale_ttl -}} +{{ ('min-cache-ttl ' + option.min_cache_ttl | string +';\n') if option.min_cache_ttl is defined and option.min_cache_ttl -}} +{{ ('min-ncache-ttl ' + option.min_ncache_ttl | string +';\n') if option.min_ncache_ttl is defined and option.min_ncache_ttl -}} +{{ ('nta-lifetime ' + option.nta_lifetime | string +';\n') if option.nta_lifetime is defined and option.nta_lifetime -}} +{{ ('nta-recheck ' + option.nta_recheck | string +';\n') if option.nta_recheck is defined and option.nta_recheck -}} +{{ ('servfail-ttl ' + option.servfail_ttl | string +';\n') if option.servfail_ttl is defined and option.servfail_ttl -}} +{{ ('stale-answer-ttl ' + option.stale_answer_ttl | string +';\n') if option.stale_answer_ttl is defined and option.stale_answer_ttl -}} +{{ ('stale-refresh-time ' + option.stale_refresh_time | string +';\n') if option.stale_refresh_time is defined and option.stale_refresh_time -}} +{# special options options #} +{{ ('auto-dnssec ' + option.auto_dnssec | string +';\n') if option.auto_dnssec is defined and option.auto_dnssec -}} +{{ ('check-dup-records ' + option.check_dup_records | string +';\n') if option.check_dup_records is defined and option.check_dup_records -}} +{{ ('check-mx ' + option.check_mx | string +';\n') if option.check_mx is defined and option.check_mx -}} +{{ ('check-mx-cname ' + option.check_mx_cname | string +';\n') if option.check_mx_cname is defined and option.check_mx_cname -}} +{{ ('check-spf ' + option.check_spf | string +';\n') if option.check_spf is defined and option.check_spf -}} +{{ ('check-srv-cname ' + option.check_srv_cname | string +';\n') if option.check_srv_cname is defined and option.check_srv_cname -}} +{{ ('cookie-algorithm ' + option.cookie_algorithm | string +';\n') if option.cookie_algorithm is defined and option.cookie_algorithm -}} +{{ ('coresize ' + option.coresize | string +';\n') if option.coresize is defined and option.coresize -}} +{{ ('datasize ' + option.datasize | string +';\n') if option.datasize is defined and option.datasize -}} +{{ ('dnssec-update-mode ' + option.dnssec_update_mode | string +';\n') if option.dnssec_update_mode is defined and option.dnssec_update_mode -}} +{{ ('dnssec-validation ' + option.dnssec_validation | string +';\n') if option.dnssec_validation is defined and option.dnssec_validation -}} +{{ ('files ' + option.files | string +';\n') if option.files is defined and option.files -}} +{{ ('forward ' + option.forward | string +';\n') if option.forward is defined and option.forward -}} +{{ ('fstrm-set-output-queue-model ' + option.fstrm_set_output_queue_model | string +';\n') if option.fstrm_set_output_queue_model is defined and option.fstrm_set_output_queue_model -}} +{{ ('masterfile-format ' + option.masterfile_format | string +';\n') if option.masterfile_format is defined and option.masterfile_format -}} +{{ ('masterfile-style ' + option.masterfile_style | string +';\n') if option.masterfile_style is defined and option.masterfile_style -}} +{{ ('max-cache-size ' + option.max_cache_size | string +';\n') if option.max_cache_size is defined and option.max_cache_size -}} +{{ ('max-ixfr-ratio ' + option.max_ixfr_ratio | string +';\n') if option.max_ixfr_ratio is defined and option.max_ixfr_ratio -}} +{{ ('max-journal-size ' + option.max_journal_size | string +';\n') if option.max_journal_size is defined and option.max_journal_size -}} +{{ ('max-zone-ttl ' + option.max_zone_ttl | string +';\n') if option.max_zone_ttl is defined and option.max_zone_ttl -}} +{{ ('qname-minimization ' + option.qname_minimization | string +';\n') if option.qname_minimization is defined and option.qname_minimization -}} +{{ ('serial-update-method ' + option.serial_update_method | string +';\n') if option.serial_update_method is defined and option.serial_update_method -}} +{{ ('stacksize ' + option.stacksize | string +';\n') if option.stacksize is defined and option.stacksize -}} +{{ ('stale-answer-client-timeout ' + option.stale_answer_client_timeout | string +';\n') if option.stale_answer_client_timeout is defined and option.stale_answer_client_timeout -}} +{{ ('transfer-format ' + option.transfer_format | string +';\n') if option.transfer_format is defined and option.transfer_format -}} +{# quoted_string options #} +{{ ('bindkeys-file "' + option.bindkeys_file | string +'";\n') if option.bindkeys_file is defined and option.bindkeys_file -}} +{{ ('directory "' + option.directory | string +'";\n') if option.directory is defined and option.directory -}} +{{ ('dump-file "' + option.dump_file | string +'";\n') if option.dump_file is defined and option.dump_file -}} +{{ ('key-directory "' + option.key_directory | string +'";\n') if option.key_directory is defined and option.key_directory -}} +{{ ('managed-keys-directory "' + option.managed_keys_directory | string +'";\n') if option.managed_keys_directory is defined and option.managed_keys_directory -}} +{{ ('memstatistics-file "' + option.memstatistics_file | string +'";\n') if option.memstatistics_file is defined and option.memstatistics_file -}} +{{ ('new-zones-directory "' + option.new_zones_directory | string +'";\n') if option.new_zones_directory is defined and option.new_zones_directory -}} +{{ ('recursing-file "' + option.recursing_file | string +'";\n') if option.recursing_file is defined and option.recursing_file -}} +{{ ('secroots-file "' + option.secroots_file | string +'";\n') if option.secroots_file is defined and option.secroots_file -}} +{{ ('statistics-file "' + option.statistics_file | string +'";\n') if option.statistics_file is defined and option.statistics_file -}} +{{ ('tkey-domain "' + option.tkey_domain | string +'";\n') if option.tkey_domain is defined and option.tkey_domain -}} +{{ ('tkey-gssapi-credential "' + option.tkey_gssapi_credential | string +'";\n') if option.tkey_gssapi_credential is defined and option.tkey_gssapi_credential -}} +{{ ('tkey-gssapi-keytab "' + option.tkey_gssapi_keytab | string +'";\n') if option.tkey_gssapi_keytab is defined and option.tkey_gssapi_keytab -}} +{# simple_item_list options #} +{{ ('allow-notify {\n' + functions.simple_item_list(option.allow_notify) + '};\n') if option.allow_notify is defined and option.allow_notify -}} +{{ ('allow-query {\n' + functions.simple_item_list(option.allow_query) + '};\n') if option.allow_query is defined and option.allow_query -}} +{{ ('allow-query-cache {\n' + functions.simple_item_list(option.allow_query_cache) + '};\n') if option.allow_query_cache is defined and option.allow_query_cache -}} +{{ ('allow-query-cache-on {\n' + functions.simple_item_list(option.allow_query_cache_on) + '};\n') if option.allow_query_cache_on is defined and option.allow_query_cache_on -}} +{{ ('allow-query-on {\n' + functions.simple_item_list(option.allow_query_on) + '};\n') if option.allow_query_on is defined and option.allow_query_on -}} +{{ ('allow-recursion {\n' + functions.simple_item_list(option.allow_recursion) + '};\n') if option.allow_recursion is defined and option.allow_recursion -}} +{{ ('allow-recursion-on {\n' + functions.simple_item_list(option.allow_recursion_on) + '};\n') if option.allow_recursion_on is defined and option.allow_recursion_on -}} +{{ ('allow-update {\n' + functions.simple_item_list(option.allow_update) + '};\n') if option.allow_update is defined and option.allow_update -}} +{{ ('allow-update-forwarding {\n' + functions.simple_item_list(option.allow_update_forwarding) + '};\n') if option.allow_update_forwarding is defined and option.allow_update_forwarding -}} +{{ ('blackhole {\n' + functions.simple_item_list(option.blackhole) + '};\n') if option.blackhole is defined and option.blackhole -}} +{{ ('keep-response-order {\n' + functions.simple_item_list(option.keep_response_order) + '};\n') if option.keep_response_order is defined and option.keep_response_order -}} +{{ ('no-case-compress {\n' + functions.simple_item_list(option.no_case_compress) + '};\n') if option.no_case_compress is defined and option.no_case_compress -}} +{{ ('sortlist {\n' + functions.simple_item_list(option.sortlist) + '};\n') if option.sortlist is defined and option.sortlist -}} +{# String options #} +{{ ('attach-cache ' + option.attach_cache | string +';\n') if option.attach_cache is defined and option.attach_cache -}} +{{ ('cookie-secret ' + option.cookie_secret | string +';\n') if option.cookie_secret is defined and option.cookie_secret -}} +{{ ('disable-empty-zone ' + option.disable_empty_zone | string +';\n') if option.disable_empty_zone is defined and option.disable_empty_zone -}} +{{ ('dns64-contact ' + option.dns64_contact | string +';\n') if option.dns64_contact is defined and option.dns64_contact -}} +{{ ('dns64-server ' + option.dns64_server | string +';\n') if option.dns64_server is defined and option.dns64_server -}} +{{ ('dnssec-policy ' + option.dnssec_policy | string +';\n') if option.dnssec_policy is defined and option.dnssec_policy -}} +{{ ('empty-contact ' + option.empty_contact | string +';\n') if option.empty_contact is defined and option.empty_contact -}} +{{ ('empty-server ' + option.empty_server | string +';\n') if option.empty_server is defined and option.empty_server -}} +{{ ('ipv4only-contact ' + option.ipv4only_contact | string +';\n') if option.ipv4only_contact is defined and option.ipv4only_contact -}} +{{ ('ipv4only-server ' + option.ipv4only_server | string +';\n') if option.ipv4only_server is defined and option.ipv4only_server -}} +{{ ('nxdomain-redirect ' + option.nxdomain_redirect | string +';\n') if option.nxdomain_redirect is defined and option.nxdomain_redirect -}} +{{ ('preferred-glue ' + option.preferred_glue | string +';\n') if option.preferred_glue is defined and option.preferred_glue -}} +{{ ('session-keyalg ' + option.session_keyalg | string +';\n') if option.session_keyalg is defined and option.session_keyalg -}} +{{ ('session-keyname ' + option.session_keyname | string +';\n') if option.session_keyname is defined and option.session_keyname -}} +{# Integer options #} +{{ ('clients-per-query ' + option.clients_per_query | string +';\n') if option.clients_per_query is defined and option.clients_per_query -}} +{{ ('dnskey-sig-validity ' + option.dnskey_sig_validity | string +';\n') if option.dnskey_sig_validity is defined and option.dnskey_sig_validity -}} +{{ ('dnssec-loadkeys-interval ' + option.dnssec_loadkeys_interval | string +';\n') if option.dnssec_loadkeys_interval is defined and option.dnssec_loadkeys_interval -}} +{{ ('dscp ' + option.dscp | string +';\n') if option.dscp is defined and option.dscp -}} +{{ ('edns-udp-size ' + option.edns_udp_size | string +';\n') if option.edns_udp_size is defined and option.edns_udp_size -}} +{{ ('fstrm-set-buffer-hint ' + option.fstrm_set_buffer_hint | string +';\n') if option.fstrm_set_buffer_hint is defined and option.fstrm_set_buffer_hint -}} +{{ ('fstrm-set-flush-timeout ' + option.fstrm_set_flush_timeout | string +';\n') if option.fstrm_set_flush_timeout is defined and option.fstrm_set_flush_timeout -}} +{{ ('fstrm-set-input-queue-size ' + option.fstrm_set_input_queue_size | string +';\n') if option.fstrm_set_input_queue_size is defined and option.fstrm_set_input_queue_size -}} +{{ ('fstrm-set-output-notify-threshold ' + option.fstrm_set_output_notify_threshold | string +';\n') if option.fstrm_set_output_notify_threshold is defined and option.fstrm_set_output_notify_threshold -}} +{{ ('fstrm-set-output-queue-size ' + option.fstrm_set_output_queue_size | string +';\n') if option.fstrm_set_output_queue_size is defined and option.fstrm_set_output_queue_size -}} +{{ ('heartbeat-interval ' + option.heartbeat_interval | string +';\n') if option.heartbeat_interval is defined and option.heartbeat_interval -}} +{{ ('http-listener-clients ' + option.http_listener_clients | string +';\n') if option.http_listener_clients is defined and option.http_listener_clients -}} +{{ ('http-port ' + option.http_port | string +';\n') if option.http_port is defined and option.http_port -}} +{{ ('http-streams-per-connection ' + option.http_streams_per_connection | string +';\n') if option.http_streams_per_connection is defined and option.http_streams_per_connection -}} +{{ ('https-port ' + option.https_port | string +';\n') if option.https_port is defined and option.https_port -}} +{{ ('max-clients-per-query ' + option.max_clients_per_query | string +';\n') if option.max_clients_per_query is defined and option.max_clients_per_query -}} +{{ ('max-records ' + option.max_records | string +';\n') if option.max_records is defined and option.max_records -}} +{{ ('max-recursion-depth ' + option.max_recursion_depth | string +';\n') if option.max_recursion_depth is defined and option.max_recursion_depth -}} +{{ ('max-recursion-queries ' + option.max_recursion_queries | string +';\n') if option.max_recursion_queries is defined and option.max_recursion_queries -}} +{{ ('max-refresh-time ' + option.max_refresh_time | string +';\n') if option.max_refresh_time is defined and option.max_refresh_time -}} +{{ ('max-retry-time ' + option.max_retry_time | string +';\n') if option.max_retry_time is defined and option.max_retry_time -}} +{{ ('max-rsa-exponent-size ' + option.max_rsa_exponent_size | string +';\n') if option.max_rsa_exponent_size is defined and option.max_rsa_exponent_size -}} +{{ ('max-transfer-idle-in ' + option.max_transfer_idle_in | string +';\n') if option.max_transfer_idle_in is defined and option.max_transfer_idle_in -}} +{{ ('max-transfer-idle-out ' + option.max_transfer_idle_out | string +';\n') if option.max_transfer_idle_out is defined and option.max_transfer_idle_out -}} +{{ ('max-transfer-time-in ' + option.max_transfer_time_in | string +';\n') if option.max_transfer_time_in is defined and option.max_transfer_time_in -}} +{{ ('max-transfer-time-out ' + option.max_transfer_time_out | string +';\n') if option.max_transfer_time_out is defined and option.max_transfer_time_out -}} +{{ ('max-udp-size ' + option.max_udp_size | string +';\n') if option.max_udp_size is defined and option.max_udp_size -}} +{{ ('min-refresh-time ' + option.min_refresh_time | string +';\n') if option.min_refresh_time is defined and option.min_refresh_time -}} +{{ ('min-retry-time ' + option.min_retry_time | string +';\n') if option.min_retry_time is defined and option.min_retry_time -}} +{{ ('nocookie-udp-size ' + option.nocookie_udp_size | string +';\n') if option.nocookie_udp_size is defined and option.nocookie_udp_size -}} +{{ ('notify-delay ' + option.notify_delay | string +';\n') if option.notify_delay is defined and option.notify_delay -}} +{{ ('notify-rate ' + option.notify_rate | string +';\n') if option.notify_rate is defined and option.notify_rate -}} +{{ ('port ' + option.port | string +';\n') if option.port is defined and option.port -}} +{{ ('recursive-clients ' + option.recursive_clients | string +';\n') if option.recursive_clients is defined and option.recursive_clients -}} +{{ ('resolver-nonbackoff-tries ' + option.resolver_nonbackoff_tries | string +';\n') if option.resolver_nonbackoff_tries is defined and option.resolver_nonbackoff_tries -}} +{{ ('resolver-query-timeout ' + option.resolver_query_timeout | string +';\n') if option.resolver_query_timeout is defined and option.resolver_query_timeout -}} +{{ ('resolver-retry-interval ' + option.resolver_retry_interval | string +';\n') if option.resolver_retry_interval is defined and option.resolver_retry_interval -}} +{{ ('serial-query-rate ' + option.serial_query_rate | string +';\n') if option.serial_query_rate is defined and option.serial_query_rate -}} +{{ ('sig-signing-nodes ' + option.sig_signing_nodes | string +';\n') if option.sig_signing_nodes is defined and option.sig_signing_nodes -}} +{{ ('sig-signing-signatures ' + option.sig_signing_signatures | string +';\n') if option.sig_signing_signatures is defined and option.sig_signing_signatures -}} +{{ ('sig-signing-type ' + option.sig_signing_type | string +';\n') if option.sig_signing_type is defined and option.sig_signing_type -}} +{{ ('startup-notify-rate ' + option.startup_notify_rate | string +';\n') if option.startup_notify_rate is defined and option.startup_notify_rate -}} +{{ ('tcp-advertised-timeout ' + option.tcp_advertised_timeout | string +';\n') if option.tcp_advertised_timeout is defined and option.tcp_advertised_timeout -}} +{{ ('tcp-clients ' + option.tcp_clients | string +';\n') if option.tcp_clients is defined and option.tcp_clients -}} +{{ ('tcp-idle-timeout ' + option.tcp_idle_timeout | string +';\n') if option.tcp_idle_timeout is defined and option.tcp_idle_timeout -}} +{{ ('tcp-initial-timeout ' + option.tcp_initial_timeout | string +';\n') if option.tcp_initial_timeout is defined and option.tcp_initial_timeout -}} +{{ ('tcp-keepalive-timeout ' + option.tcp_keepalive_timeout | string +';\n') if option.tcp_keepalive_timeout is defined and option.tcp_keepalive_timeout -}} +{{ ('tcp-listen-queue ' + option.tcp_listen_queue | string +';\n') if option.tcp_listen_queue is defined and option.tcp_listen_queue -}} +{{ ('tcp-receive-buffer ' + option.tcp_receive_buffer | string +';\n') if option.tcp_receive_buffer is defined and option.tcp_receive_buffer -}} +{{ ('tcp-send-buffer ' + option.tcp_send_buffer | string +';\n') if option.tcp_send_buffer is defined and option.tcp_send_buffer -}} +{{ ('tls-port ' + option.tls_port | string +';\n') if option.tls_port is defined and option.tls_port -}} +{{ ('transfer-message-size ' + option.transfer_message_size | string +';\n') if option.transfer_message_size is defined and option.transfer_message_size -}} +{{ ('transfers-in ' + option.transfers_in | string +';\n') if option.transfers_in is defined and option.transfers_in -}} +{{ ('transfers-out ' + option.transfers_out | string +';\n') if option.transfers_out is defined and option.transfers_out -}} +{{ ('transfers-per-ns ' + option.transfers_per_ns | string +';\n') if option.transfers_per_ns is defined and option.transfers_per_ns -}} +{{ ('udp-receive-buffer ' + option.udp_receive_buffer | string +';\n') if option.udp_receive_buffer is defined and option.udp_receive_buffer -}} +{{ ('udp-send-buffer ' + option.udp_send_buffer | string +';\n') if option.udp_send_buffer is defined and option.udp_send_buffer -}} +{{ ('v6-bias ' + option.v6_bias | string +';\n') if option.v6_bias is defined and option.v6_bias -}} +{# Boolean options #} +{{ (functions.boolean_option('allow-new-zones', option.allow_new_zones) + '\n') if option.allow_new_zones is defined -}} +{{ (functions.boolean_option('answer-cookie', option.answer_cookie) + '\n') if option.answer_cookie is defined -}} +{{ (functions.boolean_option('auth-nxdomain', option.auth_nxdomain) + '\n') if option.auth_nxdomain is defined -}} +{{ (functions.boolean_option('automatic-interface-scan', option.automatic_interface_scan) + '\n') if option.automatic_interface_scan is defined -}} +{{ (functions.boolean_option('check-integrity', option.check_integrity) + '\n') if option.check_integrity is defined -}} +{{ (functions.boolean_option('check-sibling', option.check_sibling) + '\n') if option.check_sibling is defined -}} +{{ (functions.boolean_option('check-wildcard', option.check_wildcard) + '\n') if option.check_wildcard is defined -}} +{{ (functions.boolean_option('dnsrps-enable', option.dnsrps_enable) + '\n') if option.dnsrps_enable is defined -}} +{{ (functions.boolean_option('dnssec-accept-expired', option.dnssec_accept_expired) + '\n') if option.dnssec_accept_expired is defined -}} +{{ (functions.boolean_option('dnssec-dnskey-kskonly', option.dnssec_dnskey_kskonly) + '\n') if option.dnssec_dnskey_kskonly is defined -}} +{{ (functions.boolean_option('dnssec-secure-to-insecure', option.dnssec_secure_to_insecure) + '\n') if option.dnssec_secure_to_insecure is defined -}} +{{ (functions.boolean_option('empty-zones-enable', option.empty_zones_enable) + '\n') if option.empty_zones_enable is defined -}} +{{ (functions.boolean_option('flush-zones-on-shutdown', option.flush_zones_on_shutdown) + '\n') if option.flush_zones_on_shutdown is defined -}} +{{ (functions.boolean_option('glue-cache', option.glue_cache) + '\n') if option.glue_cache is defined -}} +{{ (functions.boolean_option('ipv4only-enable', option.ipv4only_enable) + '\n') if option.ipv4only_enable is defined -}} +{{ (functions.boolean_option('match-mapped-addresses', option.match_mapped_addresses) + '\n') if option.match_mapped_addresses is defined -}} +{{ (functions.boolean_option('memstatistics', option.memstatistics) + '\n') if option.memstatistics is defined -}} +{{ (functions.boolean_option('message-compression', option.message_compression) + '\n') if option.message_compression is defined -}} +{{ (functions.boolean_option('minimal-any', option.minimal_any) + '\n') if option.minimal_any is defined -}} +{{ (functions.boolean_option('multi-master', option.multi_master) + '\n') if option.multi_master is defined -}} +{{ (functions.boolean_option('notify-to-soa', option.notify_to_soa) + '\n') if option.notify_to_soa is defined -}} +{{ (functions.boolean_option('provide-ixfr', option.provide_ixfr) + '\n') if option.provide_ixfr is defined -}} +{{ (functions.boolean_option('querylog', option.querylog) + '\n') if option.querylog is defined -}} +{{ (functions.boolean_option('recursion', option.recursion) + '\n') if option.recursion is defined -}} +{{ (functions.boolean_option('request-expire', option.request_expire) + '\n') if option.request_expire is defined -}} +{{ (functions.boolean_option('request-ixfr', option.request_ixfr) + '\n') if option.request_ixfr is defined -}} +{{ (functions.boolean_option('request-nsid', option.request_nsid) + '\n') if option.request_nsid is defined -}} +{{ (functions.boolean_option('require-server-cookie', option.require_server_cookie) + '\n') if option.require_server_cookie is defined -}} +{{ (functions.boolean_option('reuseport', option.reuseport) + '\n') if option.reuseport is defined -}} +{{ (functions.boolean_option('root-key-sentinel', option.root_key_sentinel) + '\n') if option.root_key_sentinel is defined -}} +{{ (functions.boolean_option('send-cookie', option.send_cookie) + '\n') if option.send_cookie is defined -}} +{{ (functions.boolean_option('stale-answer-enable', option.stale_answer_enable) + '\n') if option.stale_answer_enable is defined -}} +{{ (functions.boolean_option('stale-cache-enable', option.stale_cache_enable) + '\n') if option.stale_cache_enable is defined -}} +{{ (functions.boolean_option('synth-from-dnssec', option.synth_from_dnssec) + '\n') if option.synth_from_dnssec is defined -}} +{{ (functions.boolean_option('trust-anchor-telemetry', option.trust_anchor_telemetry) + '\n') if option.trust_anchor_telemetry is defined -}} +{{ (functions.boolean_option('try-tcp-refresh', option.try_tcp_refresh) + '\n') if option.try_tcp_refresh is defined -}} +{{ (functions.boolean_option('update-check-ksk', option.update_check_ksk) + '\n') if option.update_check_ksk is defined -}} +{{ (functions.boolean_option('use-alt-transfer-source', option.use_alt_transfer_source) + '\n') if option.use_alt_transfer_source is defined -}} +{{ (functions.boolean_option('zero-no-soa-ttl', option.zero_no_soa_ttl) + '\n') if option.zero_no_soa_ttl is defined -}} +{{ (functions.boolean_option('zero-no-soa-ttl-cache', option.zero_no_soa_ttl_cache) + '\n') if option.zero_no_soa_ttl_cache is defined -}} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.parental-agents.j2 b/templates/named.conf.parental-agents.j2 new file mode 100644 index 0000000..412c1f8 --- /dev/null +++ b/templates/named.conf.parental-agents.j2 @@ -0,0 +1,10 @@ +{% macro parental_agents(parental_agents) %} +{% for agent in parental_agents if parental_agents is iterable %} +parental-agents {{ agent.name -}} +{{ (' port ' + agent.port | string) if agent.port is defined and agent.port -}} +{{ (' dscp ' + agent.dscp | string) if agent.dscp is defined and agent.dscp }} { +{% filter indent(2, true) %} +{{ functions.list_address_port_key_tls(agent.addresses) -}} +{% endfilter %}}; +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.primaries.j2 b/templates/named.conf.primaries.j2 new file mode 100644 index 0000000..8cec5a9 --- /dev/null +++ b/templates/named.conf.primaries.j2 @@ -0,0 +1,8 @@ +{% macro primaries(primaries) %} +{% for primary in primaries if primaries is iterable %} +primaries {{ primary.name -}} +{{ (' port ' + primary.port | string) if primary.port is defined and primary.port -}} +{{ (' dscp ' + primary.dscp | string) if primary.dscp is defined and primary.dscp }} { +{{ functions.list_address_port_key_tls(primary.addresses) -}}}; +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.server.j2 b/templates/named.conf.server.j2 new file mode 100644 index 0000000..663d57f --- /dev/null +++ b/templates/named.conf.server.j2 @@ -0,0 +1,57 @@ +{% macro server(servers) %} +{% for server in servers if servers is iterable %} +server {{ server.prefix }} { +{% filter indent(2, true) %} +{% if server.transfer_source is defined and server.transfer_source is mapping %} +transfer-source {{ server.transfer_source.address -}} +{{- (' port ' + server.transfer_source.port | string) if server.transfer_source.port is defined and server.transfer_source.port -}} +{{- (' dscp ' + server.transfer_source.dscp | string) if server.transfer_source.dscp is defined and server.transfer_source.dscp }}; +{% endif %} +{% if server.transfer_source_v6 is defined and server.transfer_source_v6 is mapping %} +transfer-source-v6 {{ server.transfer_source_v6.address -}} +{{- (' port ' + server.transfer_source_v6.port | string) if server.transfer_source_v6.port is defined and server.transfer_source_v6.port -}} +{{- (' dscp ' + server.transfer_source_v6.dscp | string) if server.transfer_source_v6.dscp is defined and server.transfer_source_v6.dscp }}; +{% endif %} +{% if server.notify_source_v6 is defined and server.notify_source_v6 %} +notify-source-v6 +{{- (' ' + server.notify_source_v6.address | string) -}} +{{- (' port ' + server.notify_source_v6.port | string) if server.notify_source_v6.port is defined and server.notify_source_v6.port -}} +{{- (' dscp ' + server.notify_source_v6.dscp | string) if server.notify_source_v6.dscp is defined and server.notify_source_v6.dscp }}; +{% endif %} +{% if server.notify_source is defined and server.notify_source %} +notify-source +{{- (' ' + server.notify_source.address | string) -}} +{{- (' port ' + server.notify_source.port | string) if server.notify_source.port is defined and server.notify_source.port -}} +{{- (' dscp ' + server.notify_source.dscp | string) if server.notify_source.dscp is defined and server.notify_source.dscp }}; +{% endif %} +{% if server.query_source_v6 is defined and server.query_source_v6 %} +query-source-v6 +{{- (' address ' + server.query_source_v6.address | string) if server.query_source_v6.address is defined and server.query_source_v6.address -}} +{{- (' port ' + server.query_source_v6.port | string) if server.query_source_v6.port is defined and server.query_source_v6.port -}} +{{- (' dscp ' + server.query_source_v6.dscp | string) if server.query_source_v6.dscp is defined and server.query_source_v6.dscp -}}; +{% endif %} +{% if server.query_source is defined and server.query_source %} +query-source +{{- (' address ' + server.query_source.address | string) if server.query_source.address is defined and server.query_source.address -}} +{{- (' port ' + server.query_source.port | string) if server.query_source.port is defined and server.query_source.port -}} +{{- (' dscp ' + server.query_source.dscp | string) if server.query_source.dscp is defined and server.query_source.dscp -}}; +{% endif %} +{{ ('edns-version ' + server.edns_version | string + ';\n') if server.edns_version is defined and server.edns_version -}} +{{ ('padding ' + server.padding | string + ';\n') if server.padding is defined and server.padding -}} +{{ ('transfers ' + server.transfers | string + ';\n') if server.transfers is defined and server.transfers -}} +{{ ('keys ' + server.keyname | string + ';\n') if server.keyname is defined and server.keyname -}} +{{ ('transfer-format ' + server.transfer_format | string + ';\n') if server.transfer_format is defined and server.transfer_format -}} +{{ ('edns-udp-size ' + server.edns_udp_size | string + ';\n') if server.edns_udp_size is defined and server.edns_udp_size -}} +{{ ('max-udp-size ' + server.max_udp_size | string +';\n') if server.max_udp_size is defined and server.max_udp_size -}} +{{ (functions.boolean_option('bogus', server.bogus) + '\n') if server.bogus is defined -}} +{{ (functions.boolean_option('edns', server.edns) + '\n') if server.edns is defined -}} +{{ (functions.boolean_option('tcp-only', server.tcp_only) + '\n') if server.tcp_only is defined -}} +{{ (functions.boolean_option('tcp-keepalive', server.tcp_keepalive) + '\n') if server.tcp_keepalive is defined -}} +{{ (functions.boolean_option('provide-ixfr', server.provide_ixfr) + '\n') if server.provide_ixfr is defined -}} +{{ (functions.boolean_option('request-expire', server.request_expire) + '\n') if server.request_expire is defined -}} +{{ (functions.boolean_option('request-ixfr', server.request_ixfr) + '\n') if server.request_ixfr is defined -}} +{{ (functions.boolean_option('request-nsid', server.request_nsid) + '\n') if server.request_nsid is defined -}} +{{ (functions.boolean_option('send-cookie', server.send_cookie) + '\n') if server.send_cookie is defined -}} +{% endfilter %}}; +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.statistics-channels.j2 b/templates/named.conf.statistics-channels.j2 new file mode 100644 index 0000000..2a87d55 --- /dev/null +++ b/templates/named.conf.statistics-channels.j2 @@ -0,0 +1,10 @@ +{% macro statistics_channels(statistics_channels) %} +statistics-channels { +{% filter indent(2, true) %} +{% for channel in statistics_channels if statistics_channels is iterable %} +inet {{ channel.address | string }} +{{- (' port ' + channel.port | string) if channel.port is defined and channel.port -}} +{{- (' allow {\n' + functions.simple_item_list(channel.allow) + '};\n') if channel.allow is defined and channel.allow -}} +{% endfor %} +{% endfilter %}}; +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.tls.j2 b/templates/named.conf.tls.j2 new file mode 100644 index 0000000..bcbc051 --- /dev/null +++ b/templates/named.conf.tls.j2 @@ -0,0 +1,16 @@ +{% macro tls(tlss) %} +{% for tls in tlss if tlss is iterable %} +tls {{ tls.name }} { +{% filter indent(2, true) %} +{{ ('cert-file "' + tls.cert_file + '";\n') if tls.cert_file is defined and tls.cert_file -}} +{{ ('key-file "' + tls.key_file + '";\n') if tls.key_file is defined and tls.key_file -}} +{{ ('dhparam-file "' + tls.dhparam_file + '";\n') if tls.dhparam_file is defined and tls.dhparam_file -}} +{{ ('ca-file "' + tls.ca_file + '";\n') if tls.ca_file is defined and tls.ca_file -}} +{{ ('remote-hostname "' + tls.remote_hostname + '";\n') if tls.remote_hostname is defined and tls.remote_hostname -}} +{{ ('ciphers "' + tls.ciphers + '";\n') if tls.ciphers is defined and tls.ciphers -}} +{{ ('protocols {\n' + functions.simple_item_list(tls.protocols) + '};\n') if tls.protocols is defined and tls.protocols -}} +{{ (functions.boolean_option('prefer-server-ciphers', tls.prefer_server_ciphers) + '\n') if tls.prefer_server_ciphers is defined -}} +{{ (functions.boolean_option('session-tickets', tls.session_tickets) + '\n') if tls.session_tickets is defined -}} +{% endfilter %}}; +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.trust-anchors.j2 b/templates/named.conf.trust-anchors.j2 new file mode 100644 index 0000000..bc47ee8 --- /dev/null +++ b/templates/named.conf.trust-anchors.j2 @@ -0,0 +1,13 @@ +{% macro trust_anchors(trust_anchors) %} +trust-anchors { +{% filter indent(2, true) %} +{% for anchor in trust_anchors if trust_anchors is iterable %} +{{ (anchor.name | string) -}} +{{ (' ' + anchor.type) -}} +{{ (' ' + anchor.flags | string) -}} +{{ (' ' + anchor.protocol | string) -}} +{{ (' ' + anchor.algorithm | string) -}} +{{ (' "' + anchor.key + '"') -}}; +{% endfor %} +{% endfilter %}}; +{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.view.j2 b/templates/named.conf.view.j2 new file mode 100644 index 0000000..8f005cf --- /dev/null +++ b/templates/named.conf.view.j2 @@ -0,0 +1,78 @@ +{% macro view(views) %} +{% for view in views if views is iterable %} +view {{ view.name }} { +{% filter indent(2, true) %} +{{ ('match-recursive-only ' + functions.named_boolean(view.match_recursive_only) + ';\n') if view.match_recursive_only is defined -}} +{{ ('match-clients {\n' + functions.simple_item_list(view.match_clients) + '};\n') if view.match_clients is defined and view.match_clients -}} +{{ ('match-destinations {\n' + functions.simple_item_list(view.match_destinations) + '};\n') if view.match_destinations is defined and view.match_destinations -}} + +{% if view.options is defined and view.options %} +{% from 'named.conf.options.j2' import options with context %} +{{ options(view.options) -}} +{% endif %} +{% if view.acl is defined and view.acl %} +{% from 'named.conf.acl.j2' import acl with context %} +{{ acl(view.acl) -}} +{% endif %} +{% if view.zones is defined and view.zones %} +{% from 'named.conf.zone.j2' import zones with context %} +{{ zones(view.zones) -}} +{% endif %} +{% if view.controls is defined and view.controls %} +{% from 'named.conf.controls.j2' import controls with context %} +{{ controls(view.controls) -}} +{% endif %} +{% if view.include is defined and view.include %} +{% from 'named.conf.include.j2' import include with context %} +{{ include(view.include) -}} +{% endif %} +{% if view.dlz is defined and view.dlz %} +{% from 'named.conf.dlz.j2' import dlz with context %} +{{ dlz(view.dlz) -}} +{% endif %} +{% if view.dnssec_policy is defined and view.dnssec_policy %} +{% from 'named.conf.dnssec-policy.j2' import dnssec_policy with context %} +{{ dnssec_policy(view.dnssec_policy) -}} +{% endif %} +{% if view.dyndb is defined and view.dyndb %} +{% from 'named.conf.dyndb.j2' import dyndb with context %} +{{ dyndb(view.dyndb) -}} +{% endif %} +{% if view.http is defined and view.http %} +{% from 'named.conf.http.j2' import http with context %} +{{ http(view.http) -}} +{% endif %} +{% if view.keylist is defined and view.keylist %} +{% from 'named.conf.key.j2' import keylist with context %} +{{ keylist(view.keylist) -}} +{% endif %} +{% if view.logging is defined and view.logging %} +{% from 'named.conf.logging.j2' import logging with context %} +{{ logging(view.logging) -}} +{% endif %} +{% if view.parental_agents is defined and view.parental_agents %} +{% from 'named.conf.parental-agents.j2' import parental_agents with context %} +{{ parental_agents(view.parental_agents) -}} +{% endif %} +{% if view.primaries is defined and view.primaries %} +{% from 'named.conf.primaries.j2' import primaries with context %} +{{ primaries(view.primaries) -}} +{% endif %} +{% if view.server is defined and view.server %} +{% from 'named.conf.server.j2' import server with context %} +{{ server(view.server) -}} +{% endif %} +{% if view.statistics_channels is defined and view.statistics_channels %} +{% from 'named.conf.statistics-channels.j2' import statistics_channels with context %} +{{ statistics_channels(view.statistics_channels) -}} +{% endif %} +{% if view.tls is defined and view.tls %} +{% from 'named.conf.tls.j2' import tls with context %} +{{ tls(view.tls) -}} +{% endif %} +{% if view.trust_anchors is defined and view.trust_anchors %} +{% from 'named.conf.trust-anchors.j2' import trust_anchors with context %} +{{ trust_anchors(view.trust_anchors) -}} +{% endif %} +{% endfilter %} +};{% endfor %}{% endmacro %} \ No newline at end of file diff --git a/templates/named.conf.zone.j2 b/templates/named.conf.zone.j2 new file mode 100644 index 0000000..b2ad534 --- /dev/null +++ b/templates/named.conf.zone.j2 @@ -0,0 +1,162 @@ +# Zones Macro +{% macro zones(zones) -%} +{% for zone in zones %} +zone "{{ zone.name }}" { +{% filter indent(2, true) %} +# Zone {{ zone.name }} type {{ zone.type }} +{# Most critical/defining statements first #} +{{ ('type ' + zone.type | string+';\n') if zone.type is defined and zone.type -}} +{{ ('file "' + zone.file | string+'";\n') if zone.file is defined and zone.file -}} +{{ ('forward ' + zone.forward | string+';\n') if zone.forward is defined and zone.forward -}} +{{ ('journal "' + zone.journal | string+'";\n') if zone.journal is defined and zone.journal -}} +{{ ('key-directory "' + zone.key_directory | string+'";\n') if zone.key_directory is defined and zone.key_directory -}} +{# boolean_or_string options #} +{{ ('dialup ' + functions.boolean_or_string(zone.dialup) + ';\n') if zone.dialup is defined -}} +{{ ('notify ' + functions.boolean_or_string(zone.notify) + ';\n') if zone.notify is defined -}} +{{ ('zone-statistics ' + functions.boolean_or_string(zone.zone_statistics) + ';\n') if zone.zone_statistics is defined -}} +{# upstream_servers options #} +{{ functions.parent_address_key_tls('also-notify', zone.also_notify) if zone.also_notify is defined and zone.also_notify -}} +{{ functions.parent_address_key_tls('primaries', zone.primaries) if zone.primaries is defined and zone.primaries -}} +{{ functions.parent_address_key_tls('parental-agents', zone.parental_agents) if zone.parental_agents is defined and zone.parental_agents -}} +{# Unicorn Options#} +{% if zone.update_policy is defined and zone.update_policy %} +{% if zone.update_policy == 'local' %} +update-policy local; +{% else %} +update-policy { +{% filter indent(2, true) %} +{% for policy in zone.update_policy %} +{{ policy.permission -}} +{{ ' ' + policy.identity -}} +{{ ' ' + policy.ruletype -}} +{{ ' ' + policy.name -}} +{{ ' ' + policy.types -}}; +{% endfor %} +{% endfilter %}}; +{% endif %} +{% endif %} +{% if zone.sig_validity_interval is defined and zone.sig_validity_interval %} +sig-validity-interval +{{- (' ' + zone.sig_validity_interval.upper | string) }} +{{- (' ' + zone.sig_validity_interval.lower | string) if zone.sig_validity_interval.lower is defined and zone.sig_validity_interval.lower -}}; +{% endif %} +{% if zone.server_names is defined and zone.server_names %} +server-names { +{{ functions.simple_item_list(zone.server_names) }}}; +{% endif %} +{% if zone.server_addresses is defined and zone.server_addresses %} +server-addresses { +{{ functions.simple_item_list(zone.server_addresses) }}}; +{% endif %} +{{ functions.parent_address_port_dscp('forwarders', zone.forwarders) if zone.forwarders is defined and zone.forwarders -}} +{% if zone.allow_transfer is defined and zone.allow_transfer is not string %} +allow-transfer +{{- (' port ' + zone.allow_transfer.port | string) if zone.allow_transfer.port is defined and zone.allow_transfer.port -}} +{{- (' transport ' + zone.allow_transfer.transport) if zone.allow_transfer.transport is defined and zone.allow_transfer.transport }} { +{{ functions.simple_item_list(zone.allow_transfer.addresses) }}}; +{% endif %} +{# simple_list options #} +{{ ('allow-notify {\n' + functions.simple_item_list(zone.allow_notify) + '};\n') if zone.allow_notify is defined and zone.allow_notify -}} +{{ ('allow-query {\n' + functions.simple_item_list(zone.allow_query) + '};\n') if zone.allow_query is defined and zone.allow_query -}} +{{ ('allow-query-on {\n' + functions.simple_item_list(zone.allow_query_on) + '};\n') if zone.allow_query_on is defined and zone.allow_query_on -}} +{{ ('allow-update {\n' + functions.simple_item_list(zone.allow_update) + '};\n') if zone.allow_update is defined and zone.allow_update -}} +{{ ('allow-update-forwarding {\n' + functions.simple_item_list(zone.allow_update_forwarding) + '};\n') if zone.allow_update_forwarding is defined and zone.allow_update_forwarding -}} +{# ip_port_dscp options#} +{% if zone.transfer_source is defined and zone.transfer_source is mapping %} +transfer-source {{ zone.transfer_source.address -}} +{{- (' port ' + zone.transfer_source.port | string) if zone.transfer_source.port is defined and zone.transfer_source.port -}} +{{- (' dscp ' + zone.transfer_source.dscp | string) if zone.transfer_source.dscp is defined and zone.transfer_source.dscp }}; +{% endif %} +{% if zone.transfer_source_v6 is defined and zone.transfer_source_v6 is mapping %} +transfer-source-v6 {{ zone.transfer_source_v6.address -}} +{{- (' port ' + zone.transfer_source_v6.port | string) if zone.transfer_source_v6.port is defined and zone.transfer_source_v6.port -}} +{{- (' dscp ' + zone.transfer_source_v6.dscp | string) if zone.transfer_source_v6.dscp is defined and zone.transfer_source_v6.dscp }}; +{% endif %} +{% if zone.alt_transfer_source is defined and zone.alt_transfer_source is mapping %} +alt-transfer-source {{ zone.alt_transfer_source.address -}} +{{- (' port ' + zone.alt_transfer_source.port | string) if zone.alt_transfer_source.port is defined and zone.alt_transfer_source.port -}} +{{- (' dscp ' + zone.alt_transfer_source.dscp | string) if zone.alt_transfer_source.dscp is defined and zone.alt_transfer_source.dscp }}; +{% endif %} +{% if zone.alt_transfer_source_v6 is defined and zone.alt_transfer_source_v6 is mapping %} +alt-transfer-source-v6 {{ zone.alt_transfer_source_v6.address -}} +{{- (' port ' + zone.alt_transfer_source_v6.port | string) if zone.alt_transfer_source_v6.port is defined and zone.alt_transfer_source_v6.port -}} +{{- (' dscp ' + zone.alt_transfer_source_v6.dscp | string) if zone.alt_transfer_source_v6.dscp is defined and zone.alt_transfer_source_v6.dscp }}; +{% endif %} +{% if zone.notify_source is defined and zone.notify_source is mapping %} +notify-source {{ zone.notify_source.address -}} +{{- (' port ' + zone.notify_source.port | string) if zone.notify_source.port is defined and zone.notify_source.port -}} +{{- (' dscp ' + zone.notify_source.dscp | string) if zone.notify_source.dscp is defined and zone.notify_source.dscp }}; +{% endif %} +{% if zone.notify_source_v6 is defined and zone.notify_source_v6 is mapping %} +notify-source-v6 {{ zone.notify_source_v6.address -}} +{{- (' port ' + zone.notify_source_v6.port | string) if zone.notify_source_v6.port is defined and zone.notify_source_v6.port -}} +{{- (' dscp ' + zone.notify_source_v6.dscp | string) if zone.notify_source_v6.dscp is defined and zone.notify_source_v6.dscp }}; +{% endif %} +{% if zone.parental_source is defined and zone.parental_source is mapping %} +parental-source {{ zone.parental_source.address -}} +{{- (' port ' + zone.parental_source.port | string) if zone.parental_source.port is defined and zone.parental_source.port -}} +{{- (' dscp ' + zone.parental_source.dscp | string) if zone.parental_source.dscp is defined and zone.parental_source.dscp }}; +{% endif %} +{% if zone.parental_source_v6 is defined and zone.parental_source_v6 is mapping %} +parental-source-v6 {{ zone.parental_source_v6.address -}} +{{- (' port ' + zone.parental_source_v6.port | string) if zone.parental_source_v6.port is defined and zone.parental_source_v6.port -}} +{{- (' dscp ' + zone.parental_source_v6.dscp | string) if zone.parental_source_v6.dscp is defined and zone.parental_source_v6.dscp }}; +{% endif %} +{# integer options #} +{{ ('dnskey-sig-validity ' + zone.dnskey_sig_validity | string+';\n') if zone.dnskey_sig_validity is defined and zone.dnskey_sig_validity -}} +{{ ('dnssec-loadkeys-interval ' + zone.dnssec_loadkeys_interval | string+';\n') if zone.dnssec_loadkeys_interval is defined and zone.dnssec_loadkeys_interval -}} +{{ ('max-records ' + zone.max_records | string+';\n') if zone.max_records is defined and zone.max_records -}} +{{ ('max-refresh-time ' + zone.max_refresh_time | string+';\n') if zone.max_refresh_time is defined and zone.max_refresh_time -}} +{{ ('max-retry-time ' + zone.max_retry_time | string+';\n') if zone.max_retry_time is defined and zone.max_retry_time -}} +{{ ('max-transfer-idle-in ' + zone.max_transfer_idle_in | string+';\n') if zone.max_transfer_idle_in is defined and zone.max_transfer_idle_in -}} +{{ ('max-transfer-idle-out ' + zone.max_transfer_idle_out | string+';\n') if zone.max_transfer_idle_out is defined and zone.max_transfer_idle_out -}} +{{ ('max-transfer-time-in ' + zone.max_transfer_time_in | string+';\n') if zone.max_transfer_time_in is defined and zone.max_transfer_time_in -}} +{{ ('max-transfer-time-out ' + zone.max_transfer_time_out | string+';\n') if zone.max_transfer_time_out is defined and zone.max_transfer_time_out -}} +{{ ('min-refresh-time ' + zone.min_refresh_time | string+';\n') if zone.min_refresh_time is defined and zone.min_refresh_time -}} +{{ ('min-retry-time ' + zone.min_retry_time | string+';\n') if zone.min_retry_time is defined and zone.min_retry_time -}} +{{ ('notify-delay ' + zone.notify_delay | string+';\n') if zone.notify_delay is defined and zone.notify_delay -}} +{{ ('sig-signing-nodes ' + zone.sig_signing_nodes | string+';\n') if zone.sig_signing_nodes is defined and zone.sig_signing_nodes -}} +{{ ('sig-signing-signatures ' + zone.sig_signing_signatures | string+';\n') if zone.sig_signing_signatures is defined and zone.sig_signing_signatures -}} +{{ ('sig-signing-type ' + zone.sig_signing_type | string+';\n') if zone.sig_signing_type is defined and zone.sig_signing_type -}} +{# boolean options #} +{{ (functions.boolean_option('check-integrity', zone.check_integrity) + '\n') if zone.check_integrity is defined -}} +{{ (functions.boolean_option('check-sibling', zone.check_sibling) + '\n') if zone.check_sibling is defined -}} +{{ (functions.boolean_option('check-wildcard', zone.check_wildcard) + '\n') if zone.check_wildcard is defined -}} +{{ (functions.boolean_option('delegation-only', zone.delegation_only) + '\n') if zone.delegation_only is defined -}} +{{ (functions.boolean_option('dnssec-dnskey-kskonly', zone.dnssec_dnskey_kskonly) + '\n') if zone.dnssec_dnskey_kskonly is defined -}} +{{ (functions.boolean_option('dnssec-secure-to-insecure', zone.dnssec_secure_to_insecure) + '\n') if zone.dnssec_secure_to_insecure is defined -}} +{{ (functions.boolean_option('inline-signing', zone.inline_signing) + '\n') if zone.inline_signing is defined -}} +{{ (functions.boolean_option('ixfr-from-differences', zone.ixfr_from_differences) + '\n') if zone.ixfr_from_differences is defined -}} +{{ (functions.boolean_option('multi-master', zone.multi_master) + '\n') if zone.multi_master is defined -}} +{{ (functions.boolean_option('notify-to-soa', zone.notify_to_soa) + '\n') if zone.notify_to_soa is defined -}} +{{ (functions.boolean_option('request-expire', zone.request_expire) + '\n') if zone.request_expire is defined -}} +{{ (functions.boolean_option('request-ixfr', zone.request_ixfr) + '\n') if zone.request_ixfr is defined -}} +{{ (functions.boolean_option('try-tcp-refresh', zone.try_tcp_refresh) + '\n') if zone.try_tcp_refresh is defined -}} +{{ (functions.boolean_option('update-check-ksk', zone.update_check_ksk) + '\n') if zone.update_check_ksk is defined -}} +{{ (functions.boolean_option('use-alt-transfer-source', zone.use_alt_transfer_source) + '\n') if zone.use_alt_transfer_source is defined -}} +{{ (functions.boolean_option('zero-no-soa-ttl', zone.zero_no_soa_ttl) + '\n') if zone.zero_no_soa_ttl is defined -}} +{# multiple_choice options #} +{{ ('auto-dnssec ' + zone.auto_dnssec | string+';\n') if zone.auto_dnssec is defined and zone.auto_dnssec -}} +{{ ('check-dup-records ' + zone.check_dup_records | string+';\n') if zone.check_dup_records is defined and zone.check_dup_records -}} +{{ ('check-mx-cname ' + zone.check_mx_cname | string+';\n') if zone.check_mx_cname is defined and zone.check_mx_cname -}} +{{ ('check-mx ' + zone.check_mx | string+';\n') if zone.check_mx is defined and zone.check_mx -}} +{{ ('check-names ' + zone.check_names | string+';\n') if zone.check_names is defined and zone.check_names -}} +{{ ('check-spf ' + zone.check_spf | string+';\n') if zone.check_spf is defined and zone.check_spf -}} +{{ ('check-srv-cname ' + zone.check_srv_cname | string+';\n') if zone.check_srv_cname is defined and zone.check_srv_cname -}} +{{ ('dnssec-update-mode ' + zone.dnssec_update_mode | string+';\n') if zone.dnssec_update_mode is defined and zone.dnssec_update_mode -}} +{{ ('masterfile-format ' + zone.masterfile_format | string+';\n') if zone.masterfile_format is defined and zone.masterfile_format -}} +{{ ('masterfile-style ' + zone.masterfile_style | string+';\n') if zone.masterfile_style is defined and zone.masterfile_style -}} +{{ ('max-ixfr-ratio ' + zone.max_ixfr_ratio | string+';\n') if zone.max_ixfr_ratio is defined and zone.max_ixfr_ratio -}} +{{ ('max-journal-size ' + zone.max_journal_size | string+';\n') if zone.max_journal_size is defined and zone.max_journal_size -}} +{{ ('max-zone-ttl ' + zone.max_zone_ttl | string+';\n') if zone.max_zone_ttl is defined and zone.max_zone_ttl -}} +{{ ('serial-update-method ' + zone.serial_update_method | string+';\n') if zone.serial_update_method is defined and zone.serial_update_method -}} +{# string options #} +{{ ('database ' + zone.database | string+';\n') if zone.database is defined and zone.database -}} +{{ ('dlz ' + zone.dlz | string+';\n') if zone.dlz is defined and zone.dlz -}} +{{ ('dnssec-policy ' + zone.dnssec_policy | string+';\n') if zone.dnssec_policy is defined and zone.dnssec_policy -}} +{{ ('in-view ' + zone.in_view | string+';\n') if zone.in_view is defined and zone.in_view -}} +{% endfilter %} +}; + +{% endfor %} +{% endmacro %} \ No newline at end of file diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..5e082e0 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - bind9 diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..427232c --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for bind9