72 Commits

Author SHA1 Message Date
daniel 57d8f88679 Merge pull request 'feat: Establish version maintenance strategy for BIND9 support (#5)' (#7) from main into origin/main
Reviewed-on: #7
2026-02-07 22:02:27 +00:00
Daniel Akulenok 0271be7752 Merge branch 'main' of ssh://git.valid.dk:2222/daniel/ansible-bind9-role into HEAD
Test / Lint (push) Successful in 16s
Test / Test (push) Has been skipped
2026-02-06 14:32:10 +01:00
Daniel Akulenok 907735c294 fix: improve readability of bind9 configuration and update variable registration 2026-02-06 13:46:09 +01:00
Daniel Akulenok cdcc4cbbda fix: standardize YAML formatting and improve readability in bind9 configuration files 2026-02-06 13:38:56 +01:00
Daniel Akulenok 30918dc9f7 Add zone option JSON files for BIND9 grammar
Test / Lint (push) Successful in 17s
Test / Test (push) Has been skipped
- Created primary.zoneopt.json to define grammar for primary zones with various options including allow-query, allow-transfer, and DNSSEC settings.
- Added redirect.zoneopt.json for redirect zones, specifying options like allow-query and primaries.
- Introduced secondary.zoneopt.json for secondary zones, detailing options such as allow-notify, forwarders, and notify configurations.
- Implemented static-stub.zoneopt.json for static stub zones, including server-addresses and server-names options.
- Added stub.zoneopt.json for stub zones, defining options like check-names and forwarders.
- Created zoneopt.json as a general template for zone options, incorporating common fields across different zone types.
2026-01-31 22:05:58 +01:00
Daniel Akulenok 7388e4eaaf Merge branch 'main' of ssh://git.valid.dk:2222/daniel/ansible-bind9-role 2026-01-31 21:29:19 +01:00
Daniel Akulenok f6eee76e05 fix: ensure no change detection for bind9 configuration files
Test / Lint (push) Successful in 12s
Test / Test (push) Has been skipped
2026-01-28 23:37:37 +01:00
daniel 0fede04e19 Merge pull request 'feature/forwarders-port-tls-support' (#3) from feature/forwarders-port-tls-support into main
Test / Lint (push) Successful in 13s
Test / Test (push) Has been skipped
Reviewed-on: #3
2026-01-28 22:29:11 +00:00
Daniel Akulenok 5f4bb3ccda feat: add podman installation step in CI workflow
Test / Lint (pull_request) Successful in 12s
Test / Test (push) Has been skipped
Test / Test (pull_request) Failing after 21s
Test / Lint (push) Successful in 13s
2026-01-28 23:27:46 +01:00
Daniel Akulenok 4cb9cb3e3f fix: add noqa comments for linting in workflow and role inclusion
Test / Lint (push) Successful in 13s
Test / Lint (pull_request) Successful in 13s
Test / Test (push) Has been skipped
Test / Test (pull_request) Failing after 37s
2026-01-28 23:25:35 +01:00
Daniel Akulenok 45d9861960 refactor: remove unnecessary tags from backup removal task
Test / Lint (push) Failing after 12s
Test / Lint (pull_request) Failing after 12s
Test / Test (push) Has been skipped
Test / Test (pull_request) Has been skipped
2026-01-28 23:22:05 +01:00
Daniel Akulenok 28f8ca5c12 fix: resolve ansible-lint errors
Test / Lint (push) Failing after 7s
Test / Lint (pull_request) Failing after 6s
Test / Test (push) Has been skipped
Test / Test (pull_request) Has been skipped
- Quote octal file mode values (0640, 0750 -> '0640', '0750')
- Add 'Prepare' name to prepare.yml play
- Fix truthy value in .gitea/workflows/test.yaml (on -> 'on')
- Use role name 'bind9' instead of path in converge.yml
- Move tags to top-level for Deploy and Validate Configuration block
- Remove unnecessary comments to clean up code
- Ensure all YAML and Ansible files pass ansible-lint production profile
2026-01-28 23:20:56 +01:00
Daniel Akulenok 17a9918685 fix: resolve yamllint errors
Test / Lint (push) Failing after 16s
Test / Lint (pull_request) Failing after 12s
Test / Test (push) Has been skipped
Test / Test (pull_request) Has been skipped
- Fix line length in meta/argument_specs.yml (wrap long description)
- Remove extra blank lines in molecule/default/collections.yml
- Fix line lengths in tasks/main.yml (wrap long messages)
- Remove trailing spaces from tasks/main.yml
- Ensure all YAML files pass yamllint with relaxed profile
2026-01-28 23:15:23 +01:00
Daniel Akulenok ca70afbd51 ci: add simplified Gitea Actions workflow for testing
Test / Lint (pull_request) Failing after 42s
Test / Test (pull_request) Has been skipped
- Add yamllint for YAML style validation (relaxed profile)
- Add ansible-lint for Ansible best practices (production profile)
- Add Molecule test job that runs only on pull requests
- Lint job runs on all push events to main and feature branches
- Test job depends on lint job passing
- Clean, maintainable pipeline configuration
2026-01-28 23:11:04 +01:00
Daniel Akulenok 68a7b62305 chore: update molecule configuration
- Update prepare.yml with test setup
- Update molecule.yml with test infrastructure configuration
2026-01-28 23:03:41 +01:00
Daniel Akulenok dae9cb60f5 test: add bind9 forwarding DNS server test case
- Create converge.yml with forwarding DNS configuration
- Configure global forwarders with Google and Cloudflare DNS
- Configure forward-only zone for internal.example with TLS
- Create verify.yml with comprehensive test validation
- Test BIND9 installation, service status, and configuration files
- Verify forwarders and forward zones are properly configured
- Test actual DNS resolution via forwarders
2026-01-28 23:03:30 +01:00
Daniel Akulenok d075e3ec17 docs: update README.md with port/tls parameter patterns
- Add clarification on different parameter combinations (port/dscp vs port/tls)
- Replace generic 'IP_PORT_DSCP_OPTION' with 'ADDRESS_PORT_TLS_OPTION' example
- Update all configuration examples to show port/tls parameters
- Document usage of forwarders with TLS support
- Improve documentation of flexible configuration formats
2026-01-28 23:03:25 +01:00
Daniel Akulenok e8f84fce0b docs: update CONFIGURATION_GRAMMAR.md for forwarders port/tls support
- Add tls parameter to forwarders grammar in options section
- Add tls parameter to forwarders grammar in zone section
- Update options and zone examples to demonstrate tls usage
- Rename 'Address with Port/DSCP' section to 'Address with Port/TLS'
- Update all data type examples to show port/tls patterns instead of port/dscp
- Document global and per-address port/tls configuration options
2026-01-28 23:03:19 +01:00
Daniel Akulenok 3d2919721b feat: use parent_address_port_tls macro for forwarders
- Update named.conf.options.j2 to use parent_address_port_tls for forwarders
- Update named.conf.zone.j2 to use parent_address_port_tls for forwarders
- Enables support for per-address and global port/tls parameters
2026-01-28 23:03:07 +01:00
Daniel Akulenok 112ba5f7ca feat: implement list_address_port_tls and parent_address_port_tls macros
- Add list_address_port_tls macro for rendering address lists with port and tls parameters
- Add parent_address_port_tls macro for parent statements with global port/tls
- Follow existing naming pattern with separate list_ and parent_ macros
- Supports forwarders, primaries, and similar blocks with port/tls grammar
2026-01-28 23:02:59 +01:00
Daniel Akulenok fa35922646 AGENTS 2026-01-28 22:03:18 +01:00
Daniel Akulenok 3d7a403409 fix: Update issue tracker URL in metadata 2026-01-27 23:42:07 +01:00
Daniel Akulenok 30098d48d8 fix: Update issue tracker URL in metadata 2026-01-27 23:40:56 +01:00
Daniel Akulenok 8cbf5279ae docs: Update author and company contact information 2026-01-27 23:30:01 +01:00
Daniel Akulenok 8c0961dd13 test: Configure Molecule testing framework
- Add Ansible collections configuration
- Update converge and prepare playbooks
- Restructure molecule.yml for improved testing
2026-01-27 23:30:01 +01:00
Daniel Akulenok 7fc4c26217 fix: Add explicit boolean comparison for Ansible 2.12+ compatibility 2026-01-27 23:30:01 +01:00
Daniel Akulenok ebdddc37e2 refactor: Rename leaf config to site config
feat: Add argument specs and atomic validation
2026-01-27 23:30:01 +01:00
Daniel Akulenok 400d13457c style: Fix formatting and spacing 2026-01-27 23:18:56 +01:00
Daniel Akulenok 651df7c29a style: Fix formatting and spacing 2026-01-27 23:18:56 +01:00
Daniel Akulenok 32755369b4 refactor: Remove unnecessary comments 2026-01-27 23:18:56 +01:00
Daniel Akulenok f3d4db5f72 refactor: Replace Jinja2 macros with direct logic in zone and view templates 2026-01-27 23:18:56 +01:00
Daniel Akulenok 95033ef863 refactor: Simplify trust-anchors template implementation 2026-01-27 23:18:56 +01:00
Daniel Akulenok 4da4a6ef7d refactor: Remove macro usage from TLS configuration template 2026-01-27 23:18:56 +01:00
Daniel Akulenok 08fb247110 refactor: Simplify statistics-channels template 2026-01-27 23:18:56 +01:00
Daniel Akulenok 98f33fb989 refactor: Remove Jinja2 macro dependencies from templates 2026-01-27 23:18:56 +01:00
Daniel Akulenok 3ab22fc5f2 refactor: Remove Jinja2 macro dependencies from templates 2026-01-27 23:18:56 +01:00
Daniel Akulenok 5c5f3d1687 test: Add Podman support for testing 2026-01-27 23:18:56 +01:00
Daniel Akulenok f495ab55b8 refactor: Simplify key configuration template by removing macros 2026-01-27 23:18:56 +01:00
Daniel Akulenok 212861a3ac refactor: Remove macro usage from HTTP configuration template 2026-01-27 23:18:56 +01:00
Daniel Akulenok fbe5eaaddd refactor: Remove macro usage from HTTP configuration template 2026-01-27 23:18:56 +01:00
Daniel Akulenok 91c2c611db refactor: Simplify DNSSEC policy template by removing macros 2026-01-27 23:18:56 +01:00
Daniel Akulenok 530c0a2bd5 refactor: Remove macro dependencies from DLZ template 2026-01-27 23:18:56 +01:00
Daniel Akulenok b67ae1184f refactor: Simplify include template by removing macro usage 2026-01-27 23:18:56 +01:00
Daniel Akulenok 3c6e8befb4 refactor: Remove Jinja2 macros from controls template 2026-01-27 23:18:56 +01:00
Daniel Akulenok a327b0a19a fix: Correct typo in template 2026-01-27 23:18:56 +01:00
Daniel Akulenok ac99d7b5c8 fix: Correct typo in template 2026-01-27 23:18:56 +01:00
Daniel Akulenok 18b5c5a20f refactor: Continue removing macro dependencies from templates 2026-01-27 23:18:56 +01:00
Daniel Akulenok fdf150c640 fix: Replace incorrectly used macro with proper Jinja2 filter 2026-01-27 23:18:56 +01:00
Daniel Akulenok 9bed66418f refactor: Remove macro usage from options template 2026-01-27 23:18:56 +01:00
Daniel Akulenok d488bbafaa chore: Synchronize with local development changes
- Update handler implementation
- Adjust Molecule configuration
- Remove obsolete verification tasks
2026-01-27 23:18:56 +01:00
Daniel Akulenok e3249912d7 fix: Correct backup file path string in handlers 2026-01-27 23:18:56 +01:00
Daniel Akulenok 7e8d3eb6f5 fix: Make zone name parameter optional in template 2026-01-27 23:18:56 +01:00
Daniel Akulenok 986a6843e9 feat: Support address lists with shared keys in configuration
- Extend function template to iterate over address lists
- Enable multiple addresses to use the same key
2026-01-27 23:18:56 +01:00
Daniel Akulenok 96bf462521 fix: Support both boolean and 'auto' values for dnssec_validation
- Update options template to handle multiple value types
- Improve DNSSEC configuration flexibility
2026-01-27 23:18:56 +01:00
Daniel Akulenok ad09e0081d style: Remove excessive blank lines from GitLab CI configuration 2026-01-27 23:18:56 +01:00
Daniel Akulenok 556da9b256 style: Fix template indentation issues
- Correct indentation in generator template
- Update options template formatting
- Normalize parental-agents template spacing
2026-01-27 23:18:56 +01:00
Daniel Akulenok 2f181751e2 style: Apply Molecule linting fixes
- Fix YAML formatting in defaults and handlers
- Update meta information formatting
- Improve task syntax consistency
2026-01-27 23:18:56 +01:00
Daniel Akulenok ab300c5cd6 ci: Add GitLab CI/CD configuration
- Set up pipeline for automated testing
- Configure Molecule integration
2026-01-27 23:18:56 +01:00
Daniel Akulenok 06b18a8224 chore: Remove Travis CI configuration
- Remove .travis.yml as CI is now handled by GitLab
2026-01-27 23:18:56 +01:00
Daniel Akulenok 714a36546f refactor: Remove inline variable definitions from test files
- Clean up converge and test playbooks
- Move test configuration to external files
2026-01-27 23:18:56 +01:00
Daniel Akulenok 7fb722e6f1 test: Configure Molecule testing framework
- Add comprehensive converge playbook with test scenarios
- Create Molecule configuration for role testing
- Set up verification tasks
2026-01-27 23:18:56 +01:00
Daniel Akulenok 0e19ca7112 docs: Add missing line break to README 2026-01-27 23:18:48 +01:00
Daniel Akulenok 0bd2953288 docs: Simplify and reorganize README content
- Remove redundant documentation sections
- Streamline variable descriptions
- Improve readability and structure
2026-01-27 23:18:48 +01:00
Daniel Akulenok defbc2d53c docs: Add comprehensive variable documentation to README 2026-01-27 23:18:40 +01:00
Daniel Akulenok d2c03feb17 docs: Clarify key-tls configuration in README 2026-01-27 23:18:40 +01:00
Daniel Akulenok 5d5588fbe8 docs: Enhance README documentation structure 2026-01-27 23:18:40 +01:00
Daniel Akulenok 1342baadcc docs: Expand README with comprehensive usage examples 2026-01-27 23:18:40 +01:00
Daniel Akulenok 71abdaa2e4 style: Standardize indentation across all templates
- Update indentation in controls, DLZ, and DNSSEC policy templates
- Normalize spacing in options and logging templates
- Ensure consistent formatting throughout role
2026-01-27 23:18:40 +01:00
Daniel Akulenok 8de3b75eec refactor: Reorganize configuration options in generator template 2026-01-27 23:18:40 +01:00
Daniel Akulenok fdc91f6ade docs: Remove extraneous line from README 2026-01-27 23:18:40 +01:00
Daniel Akulenok 5d79a3775d fix: Remove debug statement from default variables 2022-08-05 14:45:34 +02:00
Daniel Akulenok 8db883cba9 feat: Initialize BIND9 Ansible role
- Add complete role structure with templates
- Create comprehensive README documentation
- Set up Travis CI configuration
- Add meta information and default variables
2022-08-04 12:41:40 +02:00
46 changed files with 5546 additions and 483 deletions
+63
View File
@@ -0,0 +1,63 @@
---
name: Test
on: # noqa: yaml[truthy]
push:
branches:
- main
- feature/**
pull_request:
branches:
- main
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install tools
run: |
pip install --no-cache-dir yamllint ansible-lint
- name: Run yamllint
run: yamllint -d relaxed .
- name: Run ansible-lint
run: ansible-lint --strict --profile=production
test:
name: Test
runs-on: ubuntu-latest
needs: lint
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install podman
run: |
sudo apt-get update
sudo apt-get install -y podman
- name: Install dependencies
run: |
pip install --no-cache-dir \
ansible \
molecule[podman] \
podman-compose \
pyyaml \
jinja2
- name: Run Molecule tests
run: molecule test
+6
View File
@@ -0,0 +1,6 @@
<!--# cspell: ignore SSOT CMDB -->
# AGENTS.md
Ensure that all practices and instructions described by
https://raw.githubusercontent.com/ansible/ansible-creator/refs/heads/main/docs/agents.md
are followed.
File diff suppressed because it is too large Load Diff
+22 -17
View File
@@ -38,7 +38,7 @@ named.conf
bind configuration is set through the various bind9_*_config parameters. These are, in order of precedence: bind configuration is set through the various bind9_*_config parameters. These are, in order of precedence:
1. bind9_default_config 1. bind9_default_config
2. bind9_group_config 2. bind9_group_config
3. bind9_leaf_config 3. bind9_site_config
4. bind9_host_config 4. bind9_host_config
All these configuration parameters are merged in a way where each successing config supercedes the previous one at a config-file level. To illustrate: All these configuration parameters are merged in a way where each successing config supercedes the previous one at a config-file level. To illustrate:
@@ -59,7 +59,7 @@ bind9_group_config:
- name: "." - name: "."
type: mirror type: mirror
bind9_leaf_config: bind9_site_config:
- name: named.conf.local - name: named.conf.local
zone: zone:
- name: "." - name: "."
@@ -81,7 +81,7 @@ bind9_config:
file: /etc/share/dns/root.hints file: /etc/share/dns/root.hints
``` ```
The `named.conf.options` block in `bind9_default_config` got completely overwritten by the `bind9_group_config`, and the `bind9_leaf_config` completely overwrote `named.conf.local`, however, `named.conf.options` was left intact after merging with `bind9_leaf_config`. The `named.conf.options` block in `bind9_default_config` got completely overwritten by the `bind9_group_config`, and the `bind9_site_config` completely overwrote `named.conf.local`, however, `named.conf.options` was left intact after merging with `bind9_site_config`.
Configuration Grammar Configuration Grammar
--------------------- ---------------------
@@ -126,38 +126,43 @@ Simple options are defined just as that.
``` ```
Some options have several optional parameters. For those, a somewhat flexible Some options have several optional parameters. For those, a somewhat flexible
configuration format has been created configuration format has been created. Common patterns include:
- **Address with Port/DSCP**: Used by options like `primaries`, `parental_agents` (e.g., `address [ port <port> ] [ dscp <dscp> ]`)
- **Address with Port/TLS**: Used by options like `forwarders` (e.g., `address [ port <port> ] [ tls <tls> ]`)
``` ```
IP_PORT_DSCP_OPTION: # Any option that is defined as one of: ADDRESS_PORT_TLS_OPTION: # Example: forwarders option
# <option> [ port <port> ] [ dscp <dscp> ] { <address> [ port <port> ] [ dscp <dscp> ]; ... } # <option> [ port <port> ] [ tls <tls> ] { <address> [ port <port> ] [ tls <tls> ]; ... }
# <option> [ port <port> ] [ dscp <dscp> ] { <address> [ port <port> ] [ key <key> ] [ tls <tls> ]; ... }
# has a few optional syntaxes # has a few optional syntaxes
# Example 1: Simple address list # Example 1: Simple address list
- ADDRESS1 - ADDRESS1
- ADDRESS2 - ADDRESS2
# Example 2: To define source port/dscp, use 'addresses' sub-element # Example 2: To define global port/tls, use 'addresses' sub-element
[ port: PORT ] [ port: PORT ]
[ dscp: DSCP ] [ tls: TLS_NAME ]
addresses: addresses:
- ADDRESS1 - ADDRESS1
- ADDRESS2 - ADDRESS2
- 127.0.0.1 - 127.0.0.1
# Example 3: To define target port/dscp, use 'addresses' as a list of dicts # Example 3: To define per-address port/tls, use 'addresses' as a list of dicts
addresses: addresses:
- address: ADDRESS - address: ADDRESS
[ port: PORT ] [ port: PORT ]
[ dscp: DSCP ] [ tls: TLS_NAME ]
- address: 127.0.0.1 - address: 127.0.0.1
port: 53 port: 53
- address: 127.0.0.1 - address: 127.0.0.1
dscp: 42 port: 853
- address: 127.0.0.1 tls: dot-tls
port: 5353 - address: 8.8.8.8
dscp: 42 port: 853
tls: google-tls
# Example 4: The various formats can be mixed and matched within the main element # Example 4: The various formats can be mixed and matched within the main element
- ADDRESS1 - ADDRESS1
- address: ADDRESS2 - address: ADDRESS2
port: PORT port: PORT
tls: TLS_NAME
``` ```
@@ -198,5 +203,5 @@ BSD
Author Information Author Information
------------------ ------------------
Daniel Akulenok <dak@keepit.com> Daniel Akulenok <daniel@valid.dk>
Keepit A/S - keepit.com Valid.dk
+19
View File
@@ -0,0 +1,19 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "forward"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
}
}
}
}
+19
View File
@@ -0,0 +1,19 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "hint"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"file": {
"_grammar": "<quoted_string>"
},
"template": {
"_grammar": "<string>"
}
}
}
}
+10
View File
@@ -0,0 +1,10 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"in-view": {
"_grammar": "<string>"
}
}
}
}
+171
View File
@@ -0,0 +1,171 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "mirror"
},
"allow-notify": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-transfer": {
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
},
"allow-update-forwarding": {
"_grammar": "{ <address_match_element>; ... }"
},
"also-notify": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"database": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"ixfr-from-differences": {
"_grammar": "<boolean>"
},
"journal": {
"_grammar": "<quoted_string>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-ixfr-ratio": {
"_grammar": "( unlimited | <percentage> )"
},
"max-journal-size": {
"_grammar": "( default | unlimited | <sizeval> )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-idle-out": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-transfer-time-out": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"notify": {
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
},
"notify-cfg": {
"_flags": [
"may occur multiple times"
],
"_id": "<string>",
"_mapbody": {
"notify": {
"_grammar": "<boolean>"
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
}
}
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"provide-zoneversion": {
"_grammar": "<boolean>"
},
"request-expire": {
"_grammar": "<boolean>"
},
"request-ixfr": {
"_grammar": "<boolean>"
},
"request-ixfr-max-diffs": {
"_grammar": "<integer>"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"try-tcp-refresh": {
"_grammar": "<boolean>"
},
"zero-no-soa-ttl": {
"_grammar": "<boolean>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
File diff suppressed because it is too large Load Diff
+258
View File
@@ -0,0 +1,258 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "primary"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-transfer": {
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
},
"allow-update": {
"_grammar": "{ <address_match_element>; ... }"
},
"also-notify": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"check-dup-records": {
"_grammar": "( fail | warn | ignore )"
},
"check-integrity": {
"_grammar": "<boolean>"
},
"check-mx": {
"_grammar": "( fail | warn | ignore )"
},
"check-mx-cname": {
"_grammar": "( fail | warn | ignore )"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"check-sibling": {
"_grammar": "<boolean>"
},
"check-spf": {
"_grammar": "( warn | ignore )"
},
"check-srv-cname": {
"_grammar": "( fail | warn | ignore )"
},
"check-svcb": {
"_grammar": "<boolean>"
},
"check-wildcard": {
"_grammar": "<boolean>"
},
"checkds": {
"_grammar": "( explicit | <boolean> )"
},
"database": {
"_grammar": "<string>"
},
"dlz": {
"_grammar": "<string>"
},
"dnskey-sig-validity": {
"_flags": [
"obsolete"
],
"_grammar": "<integer>"
},
"dnssec-dnskey-kskonly": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"dnssec-loadkeys-interval": {
"_grammar": "<integer>"
},
"dnssec-policy": {
"_grammar": "<string>"
},
"dnssec-secure-to-insecure": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"dnssec-update-mode": {
"_flags": [
"obsolete"
],
"_grammar": "( maintain | no-resign )"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"initial-file": {
"_grammar": "<quoted_string>"
},
"inline-signing": {
"_grammar": "<boolean>"
},
"ixfr-from-differences": {
"_grammar": "<boolean>"
},
"journal": {
"_grammar": "<quoted_string>"
},
"key-directory": {
"_grammar": "<quoted_string>"
},
"log-report-channel": {
"_grammar": "<boolean>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-ixfr-ratio": {
"_grammar": "( unlimited | <percentage> )"
},
"max-journal-size": {
"_grammar": "( default | unlimited | <sizeval> )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-transfer-idle-out": {
"_grammar": "<integer>"
},
"max-transfer-time-out": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"max-zone-ttl": {
"_flags": [
"deprecated"
],
"_grammar": "( unlimited | <duration> )"
},
"notify": {
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
},
"notify-cfg": {
"_flags": [
"may occur multiple times"
],
"_id": "<string>",
"_mapbody": {
"notify": {
"_grammar": "<boolean>"
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
}
}
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"notify-to-soa": {
"_grammar": "<boolean>"
},
"nsec3-test-zone": {
"_flags": [
"test only"
],
"_grammar": "<boolean>"
},
"parental-agents": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"parental-source": {
"_grammar": "( <ipv4_address> | * )"
},
"parental-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"provide-zoneversion": {
"_grammar": "<boolean>"
},
"send-report-channel": {
"_grammar": "<string>"
},
"serial-update-method": {
"_grammar": "( date | increment | unixtime )"
},
"sig-signing-nodes": {
"_grammar": "<integer>"
},
"sig-signing-signatures": {
"_grammar": "<integer>"
},
"sig-signing-type": {
"_grammar": "<integer>"
},
"sig-validity-interval": {
"_flags": [
"obsolete"
],
"_grammar": "<integer> [ <integer> ]"
},
"template": {
"_grammar": "<string>"
},
"update-check-ksk": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"update-policy": {
"_grammar": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } )"
},
"zero-no-soa-ttl": {
"_grammar": "<boolean>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
+58
View File
@@ -0,0 +1,58 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "redirect"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"dlz": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"max-zone-ttl": {
"_flags": [
"deprecated"
],
"_grammar": "( unlimited | <duration> )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
+258
View File
@@ -0,0 +1,258 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "secondary"
},
"allow-notify": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-transfer": {
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
},
"allow-update-forwarding": {
"_grammar": "{ <address_match_element>; ... }"
},
"also-notify": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"checkds": {
"_grammar": "( explicit | <boolean> )"
},
"database": {
"_grammar": "<string>"
},
"dlz": {
"_grammar": "<string>"
},
"dnskey-sig-validity": {
"_flags": [
"obsolete"
],
"_grammar": "<integer>"
},
"dnssec-dnskey-kskonly": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"dnssec-loadkeys-interval": {
"_grammar": "<integer>"
},
"dnssec-policy": {
"_grammar": "<string>"
},
"dnssec-update-mode": {
"_flags": [
"obsolete"
],
"_grammar": "( maintain | no-resign )"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"inline-signing": {
"_grammar": "<boolean>"
},
"ixfr-from-differences": {
"_grammar": "<boolean>"
},
"journal": {
"_grammar": "<quoted_string>"
},
"key-directory": {
"_grammar": "<quoted_string>"
},
"log-report-channel": {
"_grammar": "<boolean>"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-ixfr-ratio": {
"_grammar": "( unlimited | <percentage> )"
},
"max-journal-size": {
"_grammar": "( default | unlimited | <sizeval> )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-idle-out": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-transfer-time-out": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"notify": {
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
},
"notify-cfg": {
"_flags": [
"may occur multiple times"
],
"_id": "<string>",
"_mapbody": {
"notify": {
"_grammar": "<boolean>"
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
}
}
},
"notify-defer": {
"_grammar": "<integer>"
},
"notify-delay": {
"_grammar": "<integer>"
},
"notify-source": {
"_grammar": "( <ipv4_address> | * )"
},
"notify-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"notify-to-soa": {
"_grammar": "<boolean>"
},
"nsec3-test-zone": {
"_flags": [
"test only"
],
"_grammar": "<boolean>"
},
"parental-agents": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"parental-source": {
"_grammar": "( <ipv4_address> | * )"
},
"parental-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"plugin": {
"_flags": [
"may occur multiple times"
],
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"provide-zoneversion": {
"_grammar": "<boolean>"
},
"request-expire": {
"_grammar": "<boolean>"
},
"request-ixfr": {
"_grammar": "<boolean>"
},
"request-ixfr-max-diffs": {
"_grammar": "<integer>"
},
"send-report-channel": {
"_grammar": "<string>"
},
"sig-signing-nodes": {
"_grammar": "<integer>"
},
"sig-signing-signatures": {
"_grammar": "<integer>"
},
"sig-signing-type": {
"_grammar": "<integer>"
},
"sig-validity-interval": {
"_flags": [
"obsolete"
],
"_grammar": "<integer> [ <integer> ]"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"try-tcp-refresh": {
"_grammar": "<boolean>"
},
"update-check-ksk": {
"_flags": [
"obsolete"
],
"_grammar": "<boolean>"
},
"zero-no-soa-ttl": {
"_grammar": "<boolean>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
+43
View File
@@ -0,0 +1,43 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "static-stub"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"server-addresses": {
"_grammar": "{ ( <ipv4_address> | <ipv6_address> ); ... }"
},
"server-names": {
"_grammar": "{ <string>; ... }"
},
"template": {
"_grammar": "<string>"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
+85
View File
@@ -0,0 +1,85 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "stub"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"database": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
+85
View File
@@ -0,0 +1,85 @@
{
"zone": {
"_id": "<string> [ <class> ]",
"_mapbody": {
"type": {
"_grammar": "stub"
},
"allow-query": {
"_grammar": "{ <address_match_element>; ... }"
},
"allow-query-on": {
"_grammar": "{ <address_match_element>; ... }"
},
"check-names": {
"_grammar": "( fail | warn | ignore )"
},
"database": {
"_grammar": "<string>"
},
"file": {
"_grammar": "<quoted_string>"
},
"forward": {
"_grammar": "( first | only )"
},
"forwarders": {
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
},
"masterfile-format": {
"_grammar": "( raw | text )"
},
"masterfile-style": {
"_grammar": "( full | relative )"
},
"max-records": {
"_grammar": "<integer>"
},
"max-records-per-type": {
"_grammar": "<integer>"
},
"max-refresh-time": {
"_grammar": "<integer>"
},
"max-retry-time": {
"_grammar": "<integer>"
},
"max-transfer-idle-in": {
"_grammar": "<integer>"
},
"max-transfer-time-in": {
"_grammar": "<integer>"
},
"max-types-per-name": {
"_grammar": "<integer>"
},
"min-refresh-time": {
"_grammar": "<integer>"
},
"min-retry-time": {
"_grammar": "<integer>"
},
"min-transfer-rate-in": {
"_grammar": "<integer> <integer>"
},
"multi-master": {
"_grammar": "<boolean>"
},
"primaries": {
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
},
"template": {
"_grammar": "<string>"
},
"transfer-source": {
"_grammar": "( <ipv4_address> | * )"
},
"transfer-source-v6": {
"_grammar": "( <ipv6_address> | * )"
},
"zone-statistics": {
"_grammar": "( full | terse | none | <boolean> )"
}
}
}
}
+9 -9
View File
@@ -14,9 +14,8 @@ bind9_debug_config: false
bind9_config_indent: 4 bind9_config_indent: 4
bind9_group_config: [] bind9_group_config: []
bind9_leaf_config: [] bind9_site_config: []
bind9_host_config: [] bind9_host_config: []
bind9_default_config: bind9_default_config:
- name: named.conf - name: named.conf
backup: false backup: false
@@ -28,10 +27,11 @@ bind9_default_config:
options: options:
directory: "{{ bind9_working_directory }}" directory: "{{ bind9_working_directory }}"
bind9_config: "{{ [bind9_default_config, bind9_config: >-
bind9_group_config, {{
bind9_leaf_config, [bind9_default_config,
bind9_host_config] | bind9_group_config,
community.general.lists_mergeby('name', bind9_site_config,
recursive=true, bind9_host_config] |
list_merge='append_rp') }}" community.general.lists_mergeby('name', recursive=true, list_merge='append_rp')
}}
+2 -4
View File
@@ -16,10 +16,8 @@
- "{{ bind9_cfgdir }}" - "{{ bind9_cfgdir }}"
- "{{ bind9_working_directory }}" - "{{ bind9_working_directory }}"
- "{{ bind9_libdir }}" - "{{ bind9_libdir }}"
dest: "{{ dest: "{{ bind9_backup_dir + '/bind9-config-' + ansible_facts.date_time.iso8601_basic_short + '.tar.gz' }}"
bind9_backup_dir + '/bind9-config-' +
ansible_date_time.iso8601_basic_short + '.tar.gz' }}"
owner: root owner: root
group: root group: root
mode: 0640 mode: "0640"
when: bind9_backup_config is defined and bind9_backup_config when: bind9_backup_config is defined and bind9_backup_config
+55
View File
@@ -0,0 +1,55 @@
---
argument_specs:
main:
short_description: The main entry point for the bind9 role.
options:
bind9_config:
type: list
elements: dict
description:
- A list of configuration dictionaries that are merged to produce the final configuration.
- Each element must have a 'name' key (filename).
bind9_default_config:
type: list
elements: dict
description: Default configuration.
bind9_group_config:
type: list
elements: dict
description: Group-level configuration.
bind9_site_config:
type: list
elements: dict
description: Site/Leaf-level configuration.
bind9_host_config:
type: list
elements: dict
description: Host-level configuration.
bind9_backup_config:
type: bool
default: true
description: Whether to backup configuration files before overwriting.
bind9_debug_config:
type: bool
default: false
description: Whether to print the merged configuration during execution.
bind9_config_indent:
type: int
default: 4
description: Indentation level for generated configuration files.
bind9_packages:
type: list
elements: str
description: List of packages to install.
bind9_cfgdir:
type: str
description: Directory for configuration files.
bind9_working_directory:
type: str
description: Working directory for BIND.
bind9_libdir:
type: str
description: Library directory for BIND.
bind9_backup_dir:
type: str
description: Directory for backups.
+3 -3
View File
@@ -1,13 +1,13 @@
--- ---
galaxy_info: galaxy_info:
role_name: bind9 role_name: bind9
namespace: keepit namespace: valid
author: Daniel Akulenok author: Daniel Akulenok
description: Configure Bind9 description: Configure Bind9
company: Keepit company: Valid.dk
issue_tracker_url: https://gitlab.off.keepit.com/operations/ansible-bind9-role issue_tracker_url: https://git.valid.dk/daniel/ansible-bind9-role
license: GPL-3.0-or-later license: GPL-3.0-or-later
+6
View File
@@ -0,0 +1,6 @@
---
collections:
- name: ansible.utils
- name: ansible.posix
- name: community.crypto
- name: community.general
+112 -2
View File
@@ -1,5 +1,115 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
roles: tasks:
- keepit.bind9 - name: Create log directory for BIND
ansible.builtin.file:
path: /var/log/named
state: directory
mode: '0755'
owner: bind
group: bind
- name: Include bind9 role
ansible.builtin.include_role:
name: ../../../ansible-bind9-role # noqa: role-name[path]
vars:
bind9_backup_config: false
bind9_host_config:
- name: named.conf.options
options:
directory: "{{ bind9_working_directory }}"
recursion: true
allow_query:
- any
allow_recursion:
- 10.0.0.0/8
- 192.168.0.0/16
- 172.16.0.0/12
- localhost
- localnets
forwarders:
- address: 91.239.100.100
tls: censurfridns-anycast
- address: 89.233.43.71
tls: censurfridns-unicast
forward: first
dnssec_validation: auto
dnstap:
- type: auth
- type: resolver
log: query
- type: client
log: response
dnstap_output:
output_type: file
output_file: /var/log/named/dnstap.log
size: 20m
versions: 3
suffix: increment
dnstap_identity: dns-server-01
dnstap_version: 9.18
logging:
channels:
- name: default_log
file:
name: /var/log/named/default.log
severity: info
print_time: true
print_severity: true
print_category: true
- name: security_log
file:
name: /var/log/named/security.log
severity: dynamic
print_time: true
print_severity: true
print_category: true
- name: query_log
file:
name: /var/log/named/queries.log
versions: 5
size: 10m
severity: info
print_time: true
- name: dnssec_log
file:
name: /var/log/named/dnssec.log
severity: debug
print_time: true
print_severity: true
- name: rate_limit_log
syslog: daemon
severity: warning
categories:
- name: default
channels:
- default_log
- name: general
channels:
- default_log
- name: security
channels:
- security_log
- name: queries
channels:
- query_log
- name: dnssec
channels:
- dnssec_log
- name: rate-limit
channels:
- rate_limit_log
- name: named.conf.local
tls:
- name: censurfridns-anycast
remote_hostname: anycast.uncensoreddns.org
- name: censurfridns-unicast
remote_hostname: unicast.uncensoreddns.org
zones:
- name: example.internal
type: forward
forward: only
forwarders:
- 10.0.0.53
- 10.0.0.54
+11 -15
View File
@@ -1,22 +1,18 @@
--- ---
dependency:
name: galaxy
driver: driver:
name: docker name: podman
platforms: platforms:
- name: ubuntu-jammy - name: debian-trixie
image: ubuntu:jammy image: docker.io/jrei/systemd-debian:13
- name: ubuntu-focal command: /lib/systemd/systemd
image: ubuntu:focal privileged: true
- name: debian-bullseye volumes:
image: debian:bullseye - /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
provisioner: provisioner:
name: ansible name: ansible
lint: config_options:
name: ansible-lint defaults:
ALLOW_BROKEN_CONDITIONALS: true
verifier: verifier:
name: ansible name: ansible
lint: |
set -e
ansible-lint .
yamllint .
+11
View File
@@ -0,0 +1,11 @@
---
- name: Prepare
hosts: all
tasks:
- name: Update apt
ansible.builtin.apt:
update_cache: true
- name: Install bind9-dnsutils package
ansible.builtin.apt:
name: bind9-dnsutils
state: present
+76
View File
@@ -0,0 +1,76 @@
---
- name: Verify
hosts: all
gather_facts: true
tasks:
- name: Check that BIND9 is installed
ansible.builtin.package:
name: bind9
state: present
check_mode: true
register: __bind9_package_check
failed_when: __bind9_package_check is changed
- name: Check that BIND9 service is running
ansible.builtin.service:
name: named
state: started
enabled: true
check_mode: true
register: __bind9_service_check
failed_when: __bind9_service_check is changed
- name: Check that named.conf.options exists
ansible.builtin.stat:
path: /etc/bind/named.conf.options
register: __options_file
failed_when: not __options_file.stat.exists
- name: Check that named.conf.local exists
ansible.builtin.stat:
path: /etc/bind/named.conf.local
register: __local_file
failed_when: not __local_file.stat.exists
- name: Read named.conf.options content
ansible.builtin.slurp:
path: /etc/bind/named.conf.options
register: __options_content
- name: Verify forwarders are configured in options
ansible.builtin.assert:
that:
- "'forwarders' in __options_decoded"
- "'8.8.8.8' in __options_decoded"
- "'forward first' in __options_decoded"
fail_msg: Forwarders not properly configured in named.conf.options
vars:
__options_decoded: "{{ __options_content.content | b64decode }}"
- name: Read named.conf.local content
ansible.builtin.slurp:
path: /etc/bind/named.conf.local
register: __local_content
- name: Verify forward zone is configured
ansible.builtin.assert:
that:
- "'zone \"example.internal\"' in __local_decoded"
- "'type forward' in __local_decoded"
- "'forward only' in __local_decoded"
fail_msg: Forward zone not properly configured in named.conf.local
vars:
__local_decoded: "{{ __local_content.content | b64decode }}"
- name: Test DNS resolution using localhost
ansible.builtin.command:
cmd: dig @localhost google.com +short
register: __dns_query
changed_when: false
failed_when: __dns_query.rc != 0
- name: Verify DNS query returned results
ansible.builtin.assert:
that:
- __dns_query.stdout_lines | length > 0
fail_msg: DNS forwarding is not working
+64 -14
View File
@@ -15,27 +15,77 @@
state: directory state: directory
owner: root owner: root
group: root group: root
mode: 0750 mode: "0750"
when: bind9_backup_config is defined and bind9_backup_config when: bind9_backup_config is defined and bind9_backup_config | bool
- name: Template named.conf.generator - name: Deploy and Validate Configuration
ansible.builtin.template:
src: named.conf.generator.j2
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
owner: root
group: bind
mode: 0640
backup: "{{ item.backup | default('false') | bool }}"
# validate: 'named-checkconf -z -j %s'
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
tags: tags:
- bind9 - bind9
- template - template
notify: notify:
- Backup bind config - Backup bind config
- Restart bind - Restart bind
block:
- name: Create backup of current config
ansible.builtin.copy:
src: "{{ bind9_cfgdir }}/{{ item.name }}"
dest: "{{ bind9_cfgdir }}/{{ item.name }}.bak"
remote_src: true
owner: root
group: bind
mode: "0640"
changed_when: false
failed_when: false # It's okay if the file doesn't exist yet
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
- name: Template named.conf.generator
ansible.builtin.template:
src: named.conf.generator.j2
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
owner: root
group: bind
mode: "0640"
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
register: bind9_template_result
- name: Validate configuration using named-checkconf
ansible.builtin.command:
cmd: "named-checkconf -z {{ bind9_cfgdir }}/named.conf"
changed_when: false
rescue:
- name: Restore configuration from backup
ansible.builtin.copy:
src: "{{ bind9_cfgdir }}/{{ item.name }}.bak"
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
remote_src: true
owner: root
group: bind
mode: "0640"
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
failed_when: false # Best effort restore
- name: Fail due to invalid configuration
ansible.builtin.fail:
msg: |
Configuration validation failed. Changes have been reverted.
Check the logs for named-checkconf errors.
always:
- name: Remove backup files
ansible.builtin.file:
path: "{{ bind9_cfgdir }}/{{ item.name }}.bak"
state: absent
loop: "{{ bind9_config }}"
loop_control:
label: "{{ item.name }}"
when: bind9_backup_config | bool is false
- name: Ensure the named service is started - name: Ensure the named service is started
ansible.builtin.service: ansible.builtin.service:
+3 -3
View File
@@ -1,7 +1,7 @@
{# ACL Macro. Very easy statement. It's just a list of address match elements. #} {# ACL Macro. Very easy statement. It's just a list of address match elements. #}
{% macro acl(acls) %} {% for acl in item.acl %}
{% for acl in acls %}
acl {{ acl.name }} { acl {{ acl.name }} {
{{ functions.simple_item_list(acl.addresses) -}} {{ functions.simple_item_list(acl.addresses) -}}
}; };
{% endfor %}{% endmacro %} {% endfor %}
+2 -3
View File
@@ -1,7 +1,7 @@
{% macro controls(controls) %}
controls { controls {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% for control in controls %} {% for control in item.controls %}
{% if control.type == "inet" %} {% if control.type == "inet" %}
{{ ('inet ' + control.address) -}} {{ ('inet ' + control.address) -}}
{{ (' port ' + control.port | string) if control.port is defined and control.port -}} {{ (' port ' + control.port | string) if control.port is defined and control.port -}}
@@ -16,4 +16,3 @@ controls {
{{ (' read-only ' + control.read_only | string) if control.read_only is defined -}}; {{ (' read-only ' + control.read_only | string) if control.read_only is defined -}};
{% endfor %}}; {% endfor %}};
{% endfilter %} {% endfilter %}
{% endmacro %}
+2 -3
View File
@@ -1,5 +1,5 @@
{% macro dlz(dlzs) %} {% for dlz in item.dlz if item.dlz is iterable %}
{% for dlz in dlzs if dlzs is iterable %}
dlz "{{ dlz.name }}" { dlz "{{ dlz.name }}" {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{{ ('database "' + simple_item_list(dlz.database) + '";') }} {{ ('database "' + simple_item_list(dlz.database) + '";') }}
@@ -7,4 +7,3 @@ dlz "{{ dlz.name }}" {
{% endfilter %} {% endfilter %}
}; };
{% endfor %} {% endfor %}
{% endmacro %}
+2 -3
View File
@@ -1,5 +1,5 @@
{% macro dnssec_policy(policies) %} {% for policy in item.dnssec_policy if item.dnssec_policy is iterable %}
{% for policy in policies if policies is iterable %}
dnssec-policy "{{ policy.name }}" { dnssec-policy "{{ policy.name }}" {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% if policy.keys is defined and policy.keys %} {% if policy.keys is defined and policy.keys %}
@@ -36,4 +36,3 @@ nsec3param
{% endfilter %} {% endfilter %}
}; };
{% endfor %} {% endfor %}
{% endmacro %}
+2 -3
View File
@@ -1,8 +1,7 @@
{% macro dyndb(dyndbs) %} {% for dyndb in item.dyndb if item.dyndb is iterable %}
{% for dyndb in dyndbs if dyndbs is iterable %}
dyndb {{ dyndb.name }} "{{ dyndb.driver }}" { dyndb {{ dyndb.name }} "{{ dyndb.driver }}" {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{{ functions.simple_item_list(dyndb.parameters) -}} {{ functions.simple_item_list(dyndb.parameters) -}}
{% endfilter %}}; {% endfilter %}};
{% endfor %} {% endfor %}
{% endmacro %}
+32
View File
@@ -111,3 +111,35 @@
{{ name }} "{{ value }}"; {{ name }} "{{ value }}";
{% endif %} {% endif %}
{% endmacro %} {% endmacro %}
{% macro list_address_port_tls(dict, indent=bind9_config_indent) %}
{# This macro is for use for statements with grammar like #}
{# address port 00 tls str; address port 00 tls str; #}
{# it is usually called by a parent macro #}
{% filter indent(indent, true) %}
{% for item in dict %}
{% if item is not mapping %}
{{ item }};
{% else %}
{{ item.address }}
{{- (' port ' + item.port | string) if item.port is defined and item.port -}}
{{- (' tls ' + item.tls | string) if item.tls is defined and item.tls -}};
{% endif %}
{% endfor %}
{% endfilter %}
{% endmacro %}
{% macro parent_address_port_tls(name, dict) %}
{# This macro is for use for statements with grammar like #}
{# statement port 00 tls str { address port 00 tls str; address port 00 tls str; } #}
{# the list inside the statement is handled by list_address_port_tls #}
{% if dict is not mapping and dict is iterable %}
{{ name }} {
{{ list_address_port_tls(dict) }}};
{% else %}
{{ name }}
{{- (' port ' + dict.port | string) if dict.port is defined and dict.port -}}
{{- (' tls ' + dict.tls | string) if dict.tls is defined and dict.tls }} {
{{ list_address_port_tls(dict.addresses) }}};
{% endif %}
{% endmacro %}
+18 -41
View File
@@ -1,79 +1,56 @@
{% import 'named.conf.functions.j2' as functions with context %} {% import 'named.conf.functions.j2' as functions with context %}
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
{% if item.options is defined and item.options %} {% if item.options is defined and item.options %}
{% from 'named.conf.options.j2' import options with context %} {% include 'named.conf.options.j2' %}
options {
{% filter indent(bind9_config_indent,true)%}
{{ options(item.options) -}}
{% endfilter %}
};
{% endif %} {% endif %}
{% if item.acl is defined and item.acl %} {% if item.acl is defined and item.acl %}
{% from 'named.conf.acl.j2' import acl with context %} {% include 'named.conf.acl.j2' %}
{{ acl(item.acl) }}
{% endif %} {% endif %}
{% if item.primaries is defined and item.primaries %} {% if item.primaries is defined and item.primaries %}
{% from 'named.conf.primaries.j2' import primaries with context %} {% include 'named.conf.primaries.j2' %}
{{ primaries(item.primaries) }}
{% endif %} {% endif %}
{% if item.controls is defined and item.controls %} {% if item.controls is defined and item.controls %}
{% from 'named.conf.controls.j2' import controls with context %} {% include 'named.conf.controls.j2' %}
{{ controls(item.controls) }}
{% endif %} {% endif %}
{% if item.include is defined and item.include %} {% if item.include is defined and item.include %}
{% from 'named.conf.include.j2' import include with context %} {% include 'named.conf.include.j2' %}
{{ include(item.include) }}
{% endif %} {% endif %}
{% if item.dlz is defined and item.dlz %} {% if item.dlz is defined and item.dlz %}
{% from 'named.conf.dlz.j2' import dlz with context %} {% include 'named.conf.dlz.j2' %}
{{ dlz(item.dlz) }}
{% endif %} {% endif %}
{% if item.dnssec_policy is defined and item.dnssec_policy %} {% if item.dnssec_policy is defined and item.dnssec_policy %}
{% from 'named.conf.dnssec-policy.j2' import dnssec_policy with context %} {% include 'named.conf.dnssec-policy.j2' %}
{{ dnssec_policy(item.dnssec_policy) }}
{% endif %} {% endif %}
{% if item.dyndb is defined and item.dyndb %} {% if item.dyndb is defined and item.dyndb %}
{% from 'named.conf.dyndb.j2' import dyndb with context %} {% include 'named.conf.dyndb.j2' %}
{{ dyndb(item.dyndb) }}
{% endif %} {% endif %}
{% if item.http is defined and item.http %} {% if item.http is defined and item.http %}
{% from 'named.conf.http.j2' import http with context %} {% include 'named.conf.http.j2' %}
{{ http(item.http) }}
{% endif %} {% endif %}
{% if item.keylist is defined and item.keylist %} {% if item.keylist is defined and item.keylist %}
{% from 'named.conf.key.j2' import keylist with context %} {% include 'named.conf.key.j2' %}
{{ keylist(item.keylist) }}
{% endif %} {% endif %}
{% if item.logging is defined and item.logging %} {% if item.logging is defined and item.logging %}
{% from 'named.conf.logging.j2' import logging with context %} {% include 'named.conf.logging.j2' %}
{{ logging(item.logging) }}
{% endif %} {% endif %}
{% if item.parental_agents is defined and item.parental_agents %} {% if item.parental_agents is defined and item.parental_agents %}
{% from 'named.conf.parental-agents.j2' import parental_agents with context %} {% include 'named.conf.parental-agents.j2' %}
{{ parental_agents(item.parental_agents) -}}
{% endif %} {% endif %}
{% if item.server is defined and item.server %} {% if item.server is defined and item.server %}
{% from 'named.conf.server.j2' import server with context %} {% include 'named.conf.server.j2' %}
{{ server(item.server) }}
{% endif %} {% endif %}
{% if item.statistics_channels is defined and item.statistics_channels %} {% if item.statistics_channels is defined and item.statistics_channels %}
{% from 'named.conf.statistics-channels.j2' import statistics_channels with context %} {% include 'named.conf.statistics-channels.j2' %}
{{ statistics_channels(item.statistics_channels) }}
{% endif %} {% endif %}
{% if item.tls is defined and item.tls %} {% if item.tls is defined and item.tls %}
{% from 'named.conf.tls.j2' import tls with context %} {% include 'named.conf.tls.j2' %}
{{ tls(item.tls) }}
{% endif %} {% endif %}
{% if item.trust_anchors is defined and item.trust_anchors %} {% if item.trust_anchors is defined and item.trust_anchors %}
{% from 'named.conf.trust-anchors.j2' import trust_anchors with context %} {% include 'named.conf.trust-anchors.j2' %}
{{ trust_anchors(item.trust_anchors) }}
{% endif %} {% endif %}
{% if item.zones is defined and item.zones %} {% if item.zones is defined and item.zones %}
{% from 'named.conf.zone.j2' import zones with context %} {% include 'named.conf.zone.j2' %}
{{ zones(item.zones) }}
{% endif %} {% endif %}
{% if item.view is defined and item.view %} {% if item.view is defined and item.view %}
{% from 'named.conf.view.j2' import view with context %} {% include 'named.conf.view.j2' %}
{{ view(item.view) }}
{% endif %} {% endif %}
+2 -3
View File
@@ -1,5 +1,5 @@
{% macro http(seq) %} {% for http in item.http if item.http is iterable %}
{% for http in seq if seq is iterable %}
http {{ http.name }} { http {{ http.name }} {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% if http.endpoints is defined and http.endpoints %} {% if http.endpoints is defined and http.endpoints %}
@@ -14,4 +14,3 @@ endpoints {
{{ ('streams-per-connection ' + http.streams_per_connection | string + ';\n') if http.streams_per_connection is defined and http.streams_per_connection -}} {{ ('streams-per-connection ' + http.streams_per_connection | string + ';\n') if http.streams_per_connection is defined and http.streams_per_connection -}}
{% endfilter %}}; {% endfilter %}};
{% endfor %} {% endfor %}
{% endmacro %}
+2 -3
View File
@@ -1,5 +1,4 @@
{% macro include(files) %}
{% for file in files %} {% for file in item.include %}
include "{{ file }}"; include "{{ file }}";
{% endfor %} {% endfor %}
{% endmacro %}
+2 -3
View File
@@ -1,9 +1,8 @@
{% macro keylist(keylists) %} {% for keyname in item.keylist if item.keylist is iterable %}
{% for keyname in keylists if keylists is iterable %}
key {{ keyname.name }} { key {{ keyname.name }} {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{{ ('algorithm ' + keyname.algorithm + ';\n') if keyname.algorithm is defined and keyname.algorithm -}} {{ ('algorithm ' + keyname.algorithm + ';\n') if keyname.algorithm is defined and keyname.algorithm -}}
{{ ('secret "' + keyname.secret + '";\n') if keyname.secret is defined and keyname.secret -}} {{ ('secret "' + keyname.secret + '";\n') if keyname.secret is defined and keyname.secret -}}
{% endfilter %}}; {% endfilter %}};
{% endfor %} {% endfor %}
{% endmacro %}
+3 -4
View File
@@ -1,11 +1,11 @@
{% macro logging(logging) %}
logging { logging {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% for category in logging.categories if logging.categories is defined and logging.categories %} {% for category in item.logging.categories if item.logging.categories is defined and item.logging.categories %}
category {{ category.name }} { category {{ category.name }} {
{{ functions.simple_item_list(category.channels) }}}; {{ functions.simple_item_list(category.channels) }}};
{% endfor %} {% endfor %}
{% for channel in logging.channels if logging.channels is defined and logging.channels %} {% for channel in item.logging.channels if item.logging.channels is defined and item.logging.channels %}
channel {{ channel.name }} { channel {{ channel.name }} {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% if channel.file is defined and channel.file %} {% if channel.file is defined and channel.file %}
@@ -26,4 +26,3 @@ file "{{ channel.file.name }}"
}; };
{% endfor %} {% endfor %}
{% endfilter %}}; {% endfilter %}};
{% endmacro %}
+326 -322
View File
@@ -1,9 +1,11 @@
{% macro options(option) %}
options {
{% filter indent(bind9_config_indent,true)%}
{# Unicorn Options#} {# Unicorn Options#}
{% if option.rrset_order is defined and option.rrset_order %} {% if item.options.rrset_order is defined and item.options.rrset_order %}
rrset-order { rrset-order {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% for rrset in option.rrset_order %} {% for rrset in item.options.rrset_order %}
{{ ('class ' + rrset.class | string + ' ') if rrset.class is defined and rrset.class -}} {{ ('class ' + rrset.class | string + ' ') if rrset.class is defined and rrset.class -}}
{{ ('type ' + rrset.type | string + ' ') if rrset.type is defined and rrset.type -}} {{ ('type ' + rrset.type | string + ' ') if rrset.type is defined and rrset.type -}}
{{ ('name "' + rrset.name | string + '" ') if rrset.name is defined and rrset.name -}} {{ ('name "' + rrset.name | string + '" ') if rrset.name is defined and rrset.name -}}
@@ -11,10 +13,10 @@ rrset-order {
{% endfor %} {% endfor %}
{% endfilter %}}; {% endfilter %}};
{% endif %} {% endif %}
{% if option.response_policy is defined and option.response_policy %} {% if item.options.response_policy is defined and item.options.response_policy %}
response-policy { response-policy {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% for zone in option.response_policy.zones %} {% for zone in item.options.response_policy.zones %}
{{- ('zone ' + zone.zone | string) -}} {{- ('zone ' + zone.zone | string) -}}
{{- (' max-policy-ttl ' + zone.max_policy_ttl | string) if zone.max_policy_ttl is defined and zone.max_policy_ttl -}} {{- (' max-policy-ttl ' + zone.max_policy_ttl | string) if zone.max_policy_ttl is defined and zone.max_policy_ttl -}}
{{- (' min-update-interval ' + zone.min_update_interval | string) if zone.min_update_interval is defined and zone.min_update_interval -}} {{- (' min-update-interval ' + zone.min_update_interval | string) if zone.min_update_interval is defined and zone.min_update_interval -}}
@@ -26,47 +28,47 @@ response-policy {
{{- (' nsdname-enable ' + functions.named_boolean(zone.nsdname_enable)) if zone.nsdname_enable is defined }}; {{- (' nsdname-enable ' + functions.named_boolean(zone.nsdname_enable)) if zone.nsdname_enable is defined }};
{% endfor %} {% endfor %}
{% endfilter %}} {% endfilter %}}
{{- (' max-policy-ttl ' + option.response_policy.max_policy_ttl | string) if option.response_policy.max_policy_ttl is defined and option.response_policy.max_policy_ttl -}} {{- (' max-policy-ttl ' + item.options.response_policy.max_policy_ttl | string) if item.options.response_policy.max_policy_ttl is defined and item.options.response_policy.max_policy_ttl -}}
{{- (' min-update-interval ' + option.response_policy.min_update_interval | string) if option.response_policy.min_update_interval is defined and option.response_policy.min_update_interval -}} {{- (' min-update-interval ' + item.options.response_policy.min_update_interval | string) if item.options.response_policy.min_update_interval is defined and item.options.response_policy.min_update_interval -}}
{{- (' min-ns-dots ' + option.response_policy.min_ns_dots | string) if option.response_policy.min_ns_dots is defined and option.response_policy.min_ns_dots -}} {{- (' min-ns-dots ' + item.options.response_policy.min_ns_dots | string) if item.options.response_policy.min_ns_dots is defined and item.options.response_policy.min_ns_dots -}}
{{- (' add-soa ' + functions.named_boolean(option.response_policy.add_soa)) if option.response_policy.add_soa is defined -}} {{- (' add-soa ' + functions.named_boolean(item.options.response_policy.add_soa)) if item.options.response_policy.add_soa is defined -}}
{{- (' break-dnssec ' + functions.named_boolean(option.response_policy.break_dnssec)) if option.response_policy.break_dnssec is defined -}} {{- (' break-dnssec ' + functions.named_boolean(item.options.response_policy.break_dnssec)) if item.options.response_policy.break_dnssec is defined -}}
{{- (' nsip-wait-recurse ' + functions.named_boolean(option.response_policy.nsip_wait_recurse)) if option.response_policy.nsip_wait_recurse is defined -}} {{- (' nsip-wait-recurse ' + functions.named_boolean(item.options.response_policy.nsip_wait_recurse)) if item.options.response_policy.nsip_wait_recurse is defined -}}
{{- (' nsdname-wait-recurse ' + functions.named_boolean(option.response_policy.nsdname_wait_recurse)) if option.response_policy.nsdname_wait_recurse is defined -}} {{- (' nsdname-wait-recurse ' + functions.named_boolean(item.options.response_policy.nsdname_wait_recurse)) if item.options.response_policy.nsdname_wait_recurse is defined -}}
{{- (' qname-wait-recurse ' + functions.named_boolean(option.response_policy.qname_wait_recurse)) if option.response_policy.qname_wait_recurse is defined -}} {{- (' qname-wait-recurse ' + functions.named_boolean(item.options.response_policy.qname_wait_recurse)) if item.options.response_policy.qname_wait_recurse is defined -}}
{{- (' recursive-only ' + functions.named_boolean(option.response_policy.recursive_only)) if option.response_policy.recursive_only is defined -}} {{- (' recursive-only ' + functions.named_boolean(item.options.response_policy.recursive_only)) if item.options.response_policy.recursive_only is defined -}}
{{- (' nsip-enable ' + functions.named_boolean(option.response_policy.nsip_enable)) if option.response_policy.nsip_enable is defined -}} {{- (' nsip-enable ' + functions.named_boolean(item.options.response_policy.nsip_enable)) if item.options.response_policy.nsip_enable is defined -}}
{{- (' nsdname-enable ' + functions.named_boolean(option.response_policy.nsdname_enable)) if option.response_policy.nsdname_enable is defined -}} {{- (' nsdname-enable ' + functions.named_boolean(item.options.response_policy.nsdname_enable)) if item.options.response_policy.nsdname_enable is defined -}}
{{- (' dnsrps-enable ' + functions.named_boolean(option.response_policy.dnsrps_enable)) if option.response_policy.dnsrps_enable is defined -}} {{- (' dnsrps-enable ' + functions.named_boolean(item.options.response_policy.dnsrps_enable)) if item.options.response_policy.dnsrps_enable is defined -}}
{{- (' dnsrps-options { ' + option.response_policy.dnsrps_options | join('; ') + '; }') if option.response_policy.dnsrps_options is defined and option.response_policy.dnsrps_options -}}; {{- (' dnsrps-options { ' + item.options.response_policy.dnsrps_options | join('; ') + '; }') if item.options.response_policy.dnsrps_options is defined and item.options.response_policy.dnsrps_options -}};
{% endif %} {% endif %}
{% if option.response_padding is defined and option.response_padding %} {% if item.options.response_padding is defined and item.options.response_padding %}
response-padding { response-padding {
{{ functions.simple_item_list(option.response_padding.addresses) }}} {{ functions.simple_item_list(item.options.response_padding.addresses) }}}
{{- (' block-size ' + option.response_padding.block_size | string) }}; {{- (' block-size ' + item.options.response_padding.block_size | string) }};
{% endif %} {% endif %}
{% if option.rate_limit is defined and option.rate_limit %} {% if item.options.rate_limit is defined and item.options.rate_limit %}
rate-limit { rate-limit {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{{ ('all-per-second ' + option.rate_limit.all_per_second | string + ';\n') if option.rate_limit.all_per_second is defined and option.rate_limit.all_per_second -}} {{ ('all-per-second ' + item.options.rate_limit.all_per_second | string + ';\n') if item.options.rate_limit.all_per_second is defined and item.options.rate_limit.all_per_second -}}
{{ ('errors-per-second ' + option.rate_limit.errors_per_second | string + ';\n') if option.rate_limit.errors_per_second is defined and option.rate_limit.errors_per_second -}} {{ ('errors-per-second ' + item.options.rate_limit.errors_per_second | string + ';\n') if item.options.rate_limit.errors_per_second is defined and item.options.rate_limit.errors_per_second -}}
{{ ('responses-per-second ' + option.rate_limit.responses_per_second | string + ';\n') if option.rate_limit.responses_per_second is defined and option.rate_limit.responses_per_second -}} {{ ('responses-per-second ' + item.options.rate_limit.responses_per_second | string + ';\n') if item.options.rate_limit.responses_per_second is defined and item.options.rate_limit.responses_per_second -}}
{{ ('referrals-per-second ' + option.rate_limit.referrals_per_second | string + ';\n') if option.rate_limit.referrals_per_second is defined and option.rate_limit.referrals_per_second -}} {{ ('referrals-per-second ' + item.options.rate_limit.referrals_per_second | string + ';\n') if item.options.rate_limit.referrals_per_second is defined and item.options.rate_limit.referrals_per_second -}}
{{ ('nodata-per-second ' + option.rate_limit.nodata_per_second | string + ';\n') if option.rate_limit.nodata_per_second is defined and option.rate_limit.nodata_per_second -}} {{ ('nodata-per-second ' + item.options.rate_limit.nodata_per_second | string + ';\n') if item.options.rate_limit.nodata_per_second is defined and item.options.rate_limit.nodata_per_second -}}
{{ ('nxdomains-per-second ' + option.rate_limit.nxdomains_per_second | string + ';\n') if option.rate_limit.nxdomains_per_second is defined and option.rate_limit.nxdomains_per_second -}} {{ ('nxdomains-per-second ' + item.options.rate_limit.nxdomains_per_second | string + ';\n') if item.options.rate_limit.nxdomains_per_second is defined and item.options.rate_limit.nxdomains_per_second -}}
{{ ('ipv4-prefix-length ' + option.rate_limit.ipv4_prefix_length | string + ';\n') if option.rate_limit.ipv4_prefix_length is defined and option.rate_limit.ipv4_prefix_length -}} {{ ('ipv4-prefix-length ' + item.options.rate_limit.ipv4_prefix_length | string + ';\n') if item.options.rate_limit.ipv4_prefix_length is defined and item.options.rate_limit.ipv4_prefix_length -}}
{{ ('ipv6-prefix-length ' + option.rate_limit.ipv6_prefix_length | string + ';\n') if option.rate_limit.ipv6_prefix_length is defined and option.rate_limit.ipv6_prefix_length -}} {{ ('ipv6-prefix-length ' + item.options.rate_limit.ipv6_prefix_length | string + ';\n') if item.options.rate_limit.ipv6_prefix_length is defined and item.options.rate_limit.ipv6_prefix_length -}}
{{ ('max-table-size ' + option.rate_limit.max_table_size | string + ';\n') if option.rate_limit.max_table_size is defined and option.rate_limit.max_table_size -}} {{ ('max-table-size ' + item.options.rate_limit.max_table_size | string + ';\n') if item.options.rate_limit.max_table_size is defined and item.options.rate_limit.max_table_size -}}
{{ ('min-table-size ' + option.rate_limit.min_table_size | string + ';\n') if option.rate_limit.min_table_size is defined and option.rate_limit.min_table_size -}} {{ ('min-table-size ' + item.options.rate_limit.min_table_size | string + ';\n') if item.options.rate_limit.min_table_size is defined and item.options.rate_limit.min_table_size -}}
{{ ('qps-scale ' + option.rate_limit.qps_scale | string + ';\n') if option.rate_limit.qps_scale is defined and option.rate_limit.qps_scale -}} {{ ('qps-scale ' + item.options.rate_limit.qps_scale | string + ';\n') if item.options.rate_limit.qps_scale is defined and item.options.rate_limit.qps_scale -}}
{{ ('window ' + option.rate_limit.window | string + ';\n') if option.rate_limit.window is defined and option.rate_limit.window -}} {{ ('window ' + item.options.rate_limit.window | string + ';\n') if item.options.rate_limit.window is defined and item.options.rate_limit.window -}}
{{ ('slip ' + option.rate_limit.slip | string + ';\n') if option.rate_limit.slip is defined and option.rate_limit.slip -}} {{ ('slip ' + item.options.rate_limit.slip | string + ';\n') if item.options.rate_limit.slip is defined and item.options.rate_limit.slip -}}
{{ ('log-only ' + functions.named_boolean(option.rate_limit.log_only) + ';\n') if option.rate_limit.log_only is defined -}} {{ ('log-only ' + functions.named_boolean(item.options.rate_limit.log_only) + ';\n') if item.options.rate_limit.log_only is defined -}}
{{ ('exempt-clients {\n' + functions.simple_item_list(option.rate_limit.exempt_clients) + '};\n') if option.rate_limit.exempt_clients is defined and option.rate_limit.exempt_clients -}} {{ ('exempt-clients {\n' + functions.simple_item_list(item.options.rate_limit.exempt_clients) + '};\n') if item.options.rate_limit.exempt_clients is defined and item.options.rate_limit.exempt_clients -}}
{% endfilter %}}; {% endfilter %}};
{% endif %} {% endif %}
{% if option.listen_on_v6 is defined and option.listen_on_v6 %} {% if item.options.listen_on_v6 is defined and item.options.listen_on_v6 %}
{% for listen in option.listen_on_v6 if option.listen_on_v6 is not mapping %} {% for listen in item.options.listen_on_v6 if item.options.listen_on_v6 is not mapping %}
listen-on-v6 listen-on-v6
{{- (' port ' + listen.port | string) if listen.port is defined and listen.port -}} {{- (' port ' + listen.port | string) if listen.port is defined and listen.port -}}
{{- (' dscp ' + listen.dscp | string) if listen.dscp is defined and listen.dscp -}} {{- (' dscp ' + listen.dscp | string) if listen.dscp is defined and listen.dscp -}}
@@ -75,15 +77,15 @@ listen-on-v6
{{ functions.simple_item_list(listen.addresses) }}}; {{ functions.simple_item_list(listen.addresses) }}};
{% else %} {% else %}
listen-on-v6 listen-on-v6
{{- (' port ' + option.listen_on_v6.port | string) if option.listen_on_v6.port is defined and option.listen_on_v6.port -}} {{- (' port ' + item.options.listen_on_v6.port | string) if item.options.listen_on_v6.port is defined and item.options.listen_on_v6.port -}}
{{- (' dscp ' + option.listen_on_v6.dscp | string) if option.listen_on_v6.dscp is defined and option.listen_on_v6.dscp -}} {{- (' dscp ' + item.options.listen_on_v6.dscp | string) if item.options.listen_on_v6.dscp is defined and item.options.listen_on_v6.dscp -}}
{{- (' tls ' + option.listen_on_v6.tls | string) if option.listen_on_v6.tls is defined and option.listen_on_v6.tls -}} {{- (' tls ' + item.options.listen_on_v6.tls | string) if item.options.listen_on_v6.tls is defined and item.options.listen_on_v6.tls -}}
{{- (' http ' + option.listen_on_v6.http | string) if option.listen_on_v6.http is defined and option.listen_on_v6.http }} { {{- (' http ' + item.options.listen_on_v6.http | string) if item.options.listen_on_v6.http is defined and item.options.listen_on_v6.http }} {
{{ functions.simple_item_list(option.listen_on_v6.addresses) }}}; {{ functions.simple_item_list(item.options.listen_on_v6.addresses) }}};
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if option.listen_on is defined and option.listen_on %} {% if item.options.listen_on is defined and item.options.listen_on %}
{% for listen in option.listen_on if option.listen_on is not mapping %} {% for listen in item.options.listen_on if item.options.listen_on is not mapping %}
listen-on listen-on
{{- (' port ' + listen.port | string) if listen.port is defined and listen.port -}} {{- (' port ' + listen.port | string) if listen.port is defined and listen.port -}}
{{- (' dscp ' + listen.dscp | string) if listen.dscp is defined and listen.dscp -}} {{- (' dscp ' + listen.dscp | string) if listen.dscp is defined and listen.dscp -}}
@@ -92,18 +94,18 @@ listen-on
{{ functions.simple_item_list(listen.addresses) }}}; {{ functions.simple_item_list(listen.addresses) }}};
{% else %} {% else %}
listen-on listen-on
{{- (' port ' + option.listen_on.port | string) if option.listen_on.port is defined and option.listen_on.port -}} {{- (' port ' + item.options.listen_on.port | string) if item.options.listen_on.port is defined and item.options.listen_on.port -}}
{{- (' dscp ' + option.listen_on.dscp | string) if option.listen_on.dscp is defined and option.listen_on.dscp -}} {{- (' dscp ' + item.options.listen_on.dscp | string) if item.options.listen_on.dscp is defined and item.options.listen_on.dscp -}}
{{- (' tls ' + option.listen_on.tls | string) if option.listen_on.tls is defined and option.listen_on.tls -}} {{- (' tls ' + item.options.listen_on.tls | string) if item.options.listen_on.tls is defined and item.options.listen_on.tls -}}
{{- (' http ' + option.listen_on.http | string) if option.listen_on.http is defined and option.listen_on.http }} { {{- (' http ' + item.options.listen_on.http | string) if item.options.listen_on.http is defined and item.options.listen_on.http }} {
{{ functions.simple_item_list(option.listen_on.addresses) }}}; {{ functions.simple_item_list(item.options.listen_on.addresses) }}};
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{{ functions.parent_address_port_dscp("forwarders", option.forwarders) if option.forwarders is defined and option.forwarders -}} {{ functions.parent_address_port_tls("forwarders", item.options.forwarders) if item.options.forwarders is defined and item.options.forwarders -}}
{% if option.dual_stack_servers is defined and option.dual_stack_servers %} {% if item.options.dual_stack_servers is defined and item.options.dual_stack_servers %}
dual-stack-servers dual-stack-servers
{{ (' port ' + option.dual_stack_servers.port | string) if option.dual_stack_servers.port is defined and option.dual_stack_servers }} { {{ (' port ' + item.options.dual_stack_servers.port | string) if item.options.dual_stack_servers.port is defined and item.options.dual_stack_servers }} {
{% for host in option.dual_stack_servers.addresses %} {% for host in item.options.dual_stack_servers.addresses %}
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{{ host.address | ansible.utils.ipaddr | ternary(host.address, '"' + host.address + '"') }} {{ host.address | ansible.utils.ipaddr | ternary(host.address, '"' + host.address + '"') }}
{{- (' port ' + host.port | string) if host.port is defined and host.port -}} {{- (' port ' + host.port | string) if host.port is defined and host.port -}}
@@ -111,23 +113,23 @@ dual-stack-servers
{% endfilter %} {% endfilter %}
{% endfor %}}; {% endfor %}};
{% endif %} {% endif %}
{% if option.dnstap_output is defined and option.dnstap_output %} {% if item.options.dnstap_output is defined and item.options.dnstap_output %}
dnstap-output {{ option.dnstap_output.output_type -}} dnstap-output {{ item.options.dnstap_output.output_type -}}
{{- ' "' + option.dnstap_output.output_file + '"' -}} {{- ' "' + item.options.dnstap_output.output_file + '"' -}}
{{- (' size ' + option.dnstap_output.size | string) if option.dnstap_output.size is defined and option.dnstap_output.size -}} {{- (' size ' + item.options.dnstap_output.size | string) if item.options.dnstap_output.size is defined and item.options.dnstap_output.size -}}
{{- (' versions ' + option.dnstap_output.versions | string) if option.dnstap_output.versions is defined and option.dnstap_output.versions -}} {{- (' versions ' + item.options.dnstap_output.versions | string) if item.options.dnstap_output.versions is defined and item.options.dnstap_output.versions -}}
{{- (' suffix ' + option.dnstap_output.suffix | string) if option.dnstap_output.suffix is defined and option.dnstap_output.suffix -}}; {{- (' suffix ' + item.options.dnstap_output.suffix | string) if item.options.dnstap_output.suffix is defined and item.options.dnstap_output.suffix -}};
{% endif %} {% endif %}
{% if option.dnstap is defined and option.dnstap %} {% if item.options.dnstap is defined and item.options.dnstap %}
dnstap { dnstap {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% for dnstap in option.dnstap %} {% for dnstap in item.options.dnstap %}
{{ dnstap.type }}{{ ' ' + dnstap.log if dnstap.log is defined and dnstap.log }}; {{ dnstap.type }}{{ ' ' + dnstap.log if dnstap.log is defined and dnstap.log }};
{% endfor %} {% endfor %}
{% endfilter %}}; {% endfilter %}};
{% endif %} {% endif %}
{% if option.dns64 is defined and option.dns64 %} {% if item.options.dns64 is defined and item.options.dns64 %}
{% for dns64 in option.dns64 if option.dns64 is sequence %} {% for dns64 in item.options.dns64 if item.options.dns64 is sequence %}
dns64 {{ dns64.netprefix }} { dns64 {{ dns64.netprefix }} {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{{ ('break-dnssec ' + functions.named_boolean(dns64.break_dnssec) + ';\n') if dns64.break_dnssec is defined and dns64.break_dnssec is boolean -}} {{ ('break-dnssec ' + functions.named_boolean(dns64.break_dnssec) + ';\n') if dns64.break_dnssec is defined and dns64.break_dnssec is boolean -}}
@@ -139,30 +141,30 @@ dns64 {{ dns64.netprefix }} {
{% endfilter %}}; {% endfilter %}};
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if option.deny_answer_aliases is defined and option.deny_answer_aliases %} {% if item.options.deny_answer_aliases is defined and item.options.deny_answer_aliases %}
deny-answer-aliases { deny-answer-aliases {
{{ functions.simple_item_list(option.deny_answer_aliases.names) }}} {{ functions.simple_item_list(item.options.deny_answer_aliases.names) }}}
{%- if option.deny_answer_aliases.except_from is defined and option.deny_answer_aliases.except_from %} {%- if item.options.deny_answer_aliases.except_from is defined and item.options.deny_answer_aliases.except_from %}
except-from { except-from {
{{ functions.simple_item_list(option.deny_answer_aliases.except_from, 4) }}} {{ functions.simple_item_list(item.options.deny_answer_aliases.except_from, 4) }}}
{%- endif %}; {%- endif %};
{% endif %} {% endif %}
{% if option.deny_answer_addresses is defined and option.deny_answer_addresses %} {% if item.options.deny_answer_addresses is defined and item.options.deny_answer_addresses %}
deny-answer-addresses { deny-answer-addresses {
{{ functions.simple_item_list(option.deny_answer_addresses.addresses) }}} {{ functions.simple_item_list(item.options.deny_answer_addresses.addresses) }}}
{%- if option.deny_answer_addresses.except_from is defined and option.deny_answer_addresses.except_from %} {%- if item.options.deny_answer_addresses.except_from is defined and item.options.deny_answer_addresses.except_from %}
except-from { except-from {
{{ functions.simple_item_list(option.deny_answer_addresses.except_from, 4) }}} {{ functions.simple_item_list(item.options.deny_answer_addresses.except_from, 4) }}}
{%- endif %}; {%- endif %};
{% endif %} {% endif %}
{% if option.check_names is defined and option.check_names %} {% if item.options.check_names is defined and item.options.check_names %}
{% for policy in option.check_names %} {% for policy in item.options.check_names %}
check-names {{ policy.type }} {{ policy.action }}; check-names {{ policy.type }} {{ policy.action }};
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if option.catalog_zones is defined and option.catalog_zones %} {% if item.options.catalog_zones is defined and item.options.catalog_zones %}
catalog-zones { catalog-zones {
{% for catalog_zone in option.catalog_zones %} {% for catalog_zone in item.options.catalog_zones %}
zone {{ catalog_zone.zone }} zone {{ catalog_zone.zone }}
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% if catalog_zone.default_primaries is defined and catalog_zone.default_primaries %} {% if catalog_zone.default_primaries is defined and catalog_zone.default_primaries %}
@@ -177,288 +179,290 @@ default-primaries
{% endfilter %} {% endfilter %}
{% endfor %}}; {% endfor %}};
{% endif %} {% endif %}
{{ functions.single_ip_port_dscp('transfer-source', option.transfer_source) if option.transfer_source is defined and option.transfer_source -}} {{ functions.single_ip_port_dscp('transfer-source', item.options.transfer_source) if item.options.transfer_source is defined and item.options.transfer_source -}}
{{ functions.single_ip_port_dscp('transfer-source-v6', option.transfer_source_v6) if option.transfer_source_v6 is defined and option.transfer_source_v6 -}} {{ functions.single_ip_port_dscp('transfer-source-v6', item.options.transfer_source_v6) if item.options.transfer_source_v6 is defined and item.options.transfer_source_v6 -}}
{{ functions.single_ip_port_dscp('alt-transfer-source', option.alt_transfer_source) if option.alt_transfer_source is defined and option.alt_transfer_source -}} {{ functions.single_ip_port_dscp('alt-transfer-source', item.options.alt_transfer_source) if item.options.alt_transfer_source is defined and item.options.alt_transfer_source -}}
{{ functions.single_ip_port_dscp('alt-transfer-source-v6', option.alt_transfer_source_v6) if option.alt_transfer_source_v6 is defined and option.alt_transfer_source_v6 -}} {{ functions.single_ip_port_dscp('alt-transfer-source-v6', item.options.alt_transfer_source_v6) if item.options.alt_transfer_source_v6 is defined and item.options.alt_transfer_source_v6 -}}
{{ functions.single_ip_port_dscp('query-source', option.query_source) if option.query_source is defined and option.query_source -}} {{ functions.single_ip_port_dscp('query-source', item.options.query_source) if item.options.query_source is defined and item.options.query_source -}}
{{ functions.single_ip_port_dscp('query-source-v6', option.query_source_v6) if option.query_source_v6 is defined and option.query_source_v6 -}} {{ functions.single_ip_port_dscp('query-source-v6', item.options.query_source_v6) if item.options.query_source_v6 is defined and item.options.query_source_v6 -}}
{{ functions.single_ip_port_dscp('parental-source', option.parental_source) if option.parental_source is defined and option.parental_source -}} {{ functions.single_ip_port_dscp('parental-source', item.options.parental_source) if item.options.parental_source is defined and item.options.parental_source -}}
{{ functions.single_ip_port_dscp('parental-source-v6', option.parental_source_v6) if option.parental_source_v6 is defined and option.parental_source_v6 -}} {{ functions.single_ip_port_dscp('parental-source-v6', item.options.parental_source_v6) if item.options.parental_source_v6 is defined and item.options.parental_source_v6 -}}
{{ functions.single_ip_port_dscp('notify-source', option.notify_source) if option.notify_source is defined and option.notify_source -}} {{ functions.single_ip_port_dscp('notify-source', item.options.notify_source) if item.options.notify_source is defined and item.options.notify_source -}}
{{ functions.single_ip_port_dscp('notify-source-v6', option.notify_source_v6) if option.notify_source_v6 is defined and option.notify_source_v6 -}} {{ functions.single_ip_port_dscp('notify-source-v6', item.options.notify_source_v6) if item.options.notify_source_v6 is defined and item.options.notify_source_v6 -}}
{% if option.also_notify is defined and option.also_notify is not string %} {% if item.options.also_notify is defined and item.options.also_notify is not string %}
also-notify also-notify
{{- (' port ' + option.also_notify.port | string) if option.also_notify.port is defined and option.also_notify.port -}} {{- (' port ' + item.options.also_notify.port | string) if item.options.also_notify.port is defined and item.options.also_notify.port -}}
{{- (' dscp ' + option.also_notify.dscp | string) if option.also_notify.dscp is defined and option.also_notify.dscp }} { {{- (' dscp ' + item.options.also_notify.dscp | string) if item.options.also_notify.dscp is defined and item.options.also_notify.dscp }} {
{{ functions.list_address_port_key_tls(option.also_notify.addresses) }}}; {{ functions.list_address_port_key_tls(item.options.also_notify.addresses) }}};
{% endif %} {% endif %}
{% if option.allow_transfer is defined and option.allow_transfer is not string %} {% if item.options.allow_transfer is defined and item.options.allow_transfer is not string %}
allow-transfer allow-transfer
{{- (' port ' + option.allow_transfer.port | string) if option.allow_transfer.port is defined and option.allow_transfer.port -}} {{- (' port ' + item.options.allow_transfer.port | string) if item.options.allow_transfer.port is defined and item.options.allow_transfer.port -}}
{{- (' transport ' + option.allow_transfer.transport) if option.allow_transfer.transport is defined and option.allow_transfer.transport }} { {{- (' transport ' + item.options.allow_transfer.transport) if item.options.allow_transfer.transport is defined and item.options.allow_transfer.transport }} {
{{ functions.simple_item_list(option.allow_transfer.addresses) }}}; {{ functions.simple_item_list(item.options.allow_transfer.addresses) }}};
{% endif %} {% endif %}
{# The rest #} {# The rest #}
{% if option.disable_algorithms is defined and option.disable_algorithms %} {% if item.options.disable_algorithms is defined and item.options.disable_algorithms %}
{% for item in option.disable_algorithms %} {% for item in item.options.disable_algorithms %}
disable-algorithms {{ item.domain }} { "{{ item.algorithms | join('"; "') }}"; }; disable-algorithms {{ item.domain }} { "{{ item.algorithms | join('"; "') }}"; };
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if option.disable_ds_digests is defined and option.disable_ds_digests %} {% if item.options.disable_ds_digests is defined and item.options.disable_ds_digests %}
{% for item in option.disable_ds_digests %} {% for item in item.options.disable_ds_digests %}
disable-ds-digests {{ item.domain }} { "{{ item.digests | join('"; "') }}"; }; disable-ds-digests {{ item.domain }} { "{{ item.digests | join('"; "') }}"; };
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{# Oddball simple options #} {# Oddball simple options #}
{% if option.fetch_quota_params is defined and option.fetch_quota_params is string %} {% if item.options.fetch_quota_params is defined and item.options.fetch_quota_params is string %}
fetch-quota-params {{ option.fetch_quota_params }}; fetch-quota-params {{ item.options.fetch_quota_params }};
{% endif %} {% endif %}
{% if option.fetches_per_server is defined and option.fetches_per_server is string %} {% if item.options.fetches_per_server is defined and item.options.fetches_per_server is string %}
fetches-per-server {{ option.fetches_per_server }}; fetches-per-server {{ item.options.fetches_per_server }};
{% endif %} {% endif %}
{% if option.fetches_per_zone is defined and option.fetches_per_zone is string %} {% if item.options.fetches_per_zone is defined and item.options.fetches_per_zone is string %}
fetches-per-zone {{ option.fetches_per_zone }}; fetches-per-zone {{ item.options.fetches_per_zone }};
{% endif %} {% endif %}
{% if option.prefetch is defined and option.prefetch %} {% if item.options.prefetch is defined and item.options.prefetch %}
prefetch {{ option.prefetch }}; prefetch {{ item.options.prefetch }};
{% endif %} {% endif %}
{% if option.root_delegation_only is defined and option.root_delegation_only %} {% if item.options.root_delegation_only is defined and item.options.root_delegation_only %}
root-delegation-only{% if option.root_delegation_only.exclude is defined and option.root_delegation_only.exclude is sequence %} exclude { root-delegation-only{% if item.options.root_delegation_only.exclude is defined and item.options.root_delegation_only.exclude is sequence %} exclude {
{{ functions.simple_item_list(options.root_delegation_only.exclude) }}} {{ functions.simple_item_list(item.options.root_delegation_only.exclude) }}}
{% endif %}; {% endif %};
{% endif %} {% endif %}
{% if option.sig_validity_interval is defined and option.sig_validity_interval %} {% if item.options.sig_validity_interval is defined and item.options.sig_validity_interval %}
sig-validity-interval {{ option.sig_validity_interval }}; sig-validity-interval {{ item.options.sig_validity_interval }};
{% endif %} {% endif %}
{% if option.tkey_dhkey is defined and option.tkey_dhkey is mapping %} {% if item.options.tkey_dhkey is defined and item.options.tkey_dhkey is mapping %}
tkey-dhkey "{{ option.tkey_dhkey.key_name }}" {{ option.tkey_dhkey.key_tag }}; tkey-dhkey "{{ item.options.tkey_dhkey.key_name }}" {{ item.options.tkey_dhkey.key_tag }};
{% endif %} {% endif %}
{# special_quoted_string options with reserved keywords #} {# special_quoted_string options with reserved keywords #}
{% if option.dnstap_identity is defined and option.dnstap_identity is string %} {% if item.options.dnstap_identity is defined and item.options.dnstap_identity is string %}
{{ functions.reserved_or_quoted('dnstap-identity', option.dnstap_identity, ['none', 'hostname']) -}} {{ functions.reserved_or_quoted('dnstap-identity', item.options.dnstap_identity, ['none', 'hostname']) -}}
{% endif %} {% endif %}
{% if option.dnstap_version is defined and option.dnstap_version is string %} {% if item.options.dnstap_version is defined and item.options.dnstap_version is string %}
{{ functions.reserved_or_quoted('dnstap-version', option.dnstap_version, ['none']) -}} {{ functions.reserved_or_quoted('dnstap-version', item.options.dnstap_version, ['none']) -}}
{% endif %} {% endif %}
{% if option.geoip_directory is defined and option.geoip_directory is string %} {% if item.options.geoip_directory is defined and item.options.geoip_directory is string %}
{{ functions.reserved_or_quoted('geoip-directory', option.geoip_directory, ['none']) -}} {{ functions.reserved_or_quoted('geoip-directory', item.options.geoip_directory, ['none']) -}}
{% endif %} {% endif %}
{% if option.hostname is defined and option.hostname is string %} {% if item.options.hostname is defined and item.options.hostname is string %}
{{ functions.reserved_or_quoted('hostname', option.hostname, ['none']) -}} {{ functions.reserved_or_quoted('hostname', item.options.hostname, ['none']) -}}
{% endif %} {% endif %}
{% if option.lock_file is defined and option.lock_file is string %} {% if item.options.lock_file is defined and item.options.lock_file is string %}
{{ functions.reserved_or_quoted('lock-file', option.lock_file, ['none']) -}} {{ functions.reserved_or_quoted('lock-file', item.options.lock_file, ['none']) -}}
{% endif %} {% endif %}
{% if option.pid_file is defined and option.pid_file is string %} {% if item.options.pid_file is defined and item.options.pid_file is string %}
{{ functions.reserved_or_quoted('pid-file', option.pid_file, ['none']) -}} {{ functions.reserved_or_quoted('pid-file', item.options.pid_file, ['none']) -}}
{% endif %} {% endif %}
{% if option.random_device is defined and option.random_device is string %} {% if item.options.random_device is defined and item.options.random_device is string %}
{{ functions.reserved_or_quoted('random-device', option.random_device, ['none']) -}} {{ functions.reserved_or_quoted('random-device', item.options.random_device, ['none']) -}}
{% endif %} {% endif %}
{% if option.server_id is defined and option.server_id is string %} {% if item.options.server_id is defined and item.options.server_id is string %}
{{ functions.reserved_or_quoted('server-id', option.server_id, ['none', 'hostname']) -}} {{ functions.reserved_or_quoted('server-id', item.options.server_id, ['none', 'hostname']) -}}
{% endif %} {% endif %}
{% if option.session_keyfile is defined and option.session_keyfile is string %} {% if item.options.session_keyfile is defined and item.options.session_keyfile is string %}
{{ functions.reserved_or_quoted('session-keyfile', option.session_keyfile, ['none']) -}} {{ functions.reserved_or_quoted('session-keyfile', item.options.session_keyfile, ['none']) -}}
{% endif %} {% endif %}
{% if option.version is defined and option.version is string %} {% if item.options.version is defined and item.options.version is string %}
{{ functions.reserved_or_quoted('version', option.version, ['none']) -}} {{ functions.reserved_or_quoted('version', item.options.version, ['none']) -}}
{% endif %} {% endif %}
{# simple list options #} {# simple list options #}
{{ ('avoid-v4-udp-ports {\n' + functions.simple_item_list(option.avoid_v4_udp_ports) + '};\n') if option.avoid_v4_udp_ports is defined and option.avoid_v4_udp_ports -}} {{ ('avoid-v4-udp-ports {\n' + functions.simple_item_list(item.options.avoid_v4_udp_ports) + '};\n') if item.options.avoid_v4_udp_ports is defined and item.options.avoid_v4_udp_ports -}}
{{ ('avoid-v6-udp-ports {\n' + functions.simple_item_list(option.avoid_v6_udp_ports) + '};\n') if option.avoid_v6_udp_ports is defined and option.avoid_v6_udp_ports -}} {{ ('avoid-v6-udp-ports {\n' + functions.simple_item_list(item.options.avoid_v6_udp_ports) + '};\n') if item.options.avoid_v6_udp_ports is defined and item.options.avoid_v6_udp_ports -}}
{{ ('use-v4-udp-ports {\n' + functions.simple_item_list(option.use_v4_udp_ports) + '};\n') if option.use_v4_udp_ports is defined and option.use_v4_udp_ports -}} {{ ('use-v4-udp-ports {\n' + functions.simple_item_list(item.options.use_v4_udp_ports) + '};\n') if item.options.use_v4_udp_ports is defined and item.options.use_v4_udp_ports -}}
{{ ('use-v6-udp-ports {\n' + functions.simple_item_list(option.use_v6_udp_ports) + '};\n') if option.use_v6_udp_ports is defined and option.use_v6_udp_ports -}} {{ ('use-v6-udp-ports {\n' + functions.simple_item_list(item.options.use_v6_udp_ports) + '};\n') if item.options.use_v6_udp_ports is defined and item.options.use_v6_udp_ports -}}
{{ ('validate-except {\n' + functions.simple_item_list(option.validate_except) + '};\n') if option.validate_except is defined and option.validate_except -}} {{ ('validate-except {\n' + functions.simple_item_list(item.options.validate_except) + '};\n') if item.options.validate_except is defined and item.options.validate_except -}}
{# boolean_or_string options #} {# boolean_or_string options #}
{{ ('dialup ' + functions.boolean_or_string(option.dialup) + ';\n') if option.dialup is defined -}} {{ ('dialup ' + functions.boolean_or_string(item.options.dialup) + ';\n') if item.options.dialup is defined -}}
{{ ('ixfr-from-differences ' + functions.boolean_or_string(option.ixfr_from_differences) + ';\n') if option.ixfr_from_differences is defined -}} {{ ('ixfr-from-differences ' + functions.boolean_or_string(item.options.ixfr_from_differences) + ';\n') if item.options.ixfr_from_differences is defined -}}
{{ ('minimal-responses ' + functions.boolean_or_string(option.minimal_responses) + ';\n') if option.minimal_responses is defined -}} {{ ('minimal-responses ' + functions.boolean_or_string(item.options.minimal_responses) + ';\n') if item.options.minimal_responses is defined -}}
{{ ('notify ' + functions.boolean_or_string(option.notify) + ';\n') if option.notify is defined -}} {{ ('notify ' + functions.boolean_or_string(item.options.notify) + ';\n') if item.options.notify is defined -}}
{{ ('zone-statistics ' + functions.boolean_or_string(option.zone_statistics) + ';\n') if option.zone_statistics is defined -}} {{ ('zone-statistics ' + functions.boolean_or_string(item.options.zone_statistics) + ';\n') if item.options.zone_statistics is defined -}}
{# duration_sizeval options #} {# duration_sizeval options #}
{{ ('fstrm-set-reopen-interval ' + option.fstrm_set_reopen_interval | string +';\n') if option.fstrm_set_reopen_interval is defined and option.fstrm_set_reopen_interval -}} {{ ('fstrm-set-reopen-interval ' + item.options.fstrm_set_reopen_interval | string +';\n') if item.options.fstrm_set_reopen_interval is defined and item.options.fstrm_set_reopen_interval -}}
{{ ('interface-interval ' + option.interface_interval | string +';\n') if option.interface_interval is defined and option.interface_interval -}} {{ ('interface-interval ' + item.options.interface_interval | string +';\n') if item.options.interface_interval is defined and item.options.interface_interval -}}
{{ ('lame-ttl ' + option.lame_ttl | string +';\n') if option.lame_ttl is defined and option.lame_ttl -}} {{ ('lame-ttl ' + item.options.lame_ttl | string +';\n') if item.options.lame_ttl is defined and item.options.lame_ttl -}}
{{ ('lmdb-mapsize ' + option.lmdb_mapsize | string +';\n') if option.lmdb_mapsize is defined and option.lmdb_mapsize -}} {{ ('lmdb-mapsize ' + item.options.lmdb_mapsize | string +';\n') if item.options.lmdb_mapsize is defined and item.options.lmdb_mapsize -}}
{{ ('max-cache-ttl ' + option.max_cache_ttl | string +';\n') if option.max_cache_ttl is defined and option.max_cache_ttl -}} {{ ('max-cache-ttl ' + item.options.max_cache_ttl | string +';\n') if item.options.max_cache_ttl is defined and item.options.max_cache_ttl -}}
{{ ('max-ncache-ttl ' + option.max_ncache_ttl | string +';\n') if option.max_ncache_ttl is defined and option.max_ncache_ttl -}} {{ ('max-ncache-ttl ' + item.options.max_ncache_ttl | string +';\n') if item.options.max_ncache_ttl is defined and item.options.max_ncache_ttl -}}
{{ ('max-stale-ttl ' + option.max_stale_ttl | string +';\n') if option.max_stale_ttl is defined and option.max_stale_ttl -}} {{ ('max-stale-ttl ' + item.options.max_stale_ttl | string +';\n') if item.options.max_stale_ttl is defined and item.options.max_stale_ttl -}}
{{ ('min-cache-ttl ' + option.min_cache_ttl | string +';\n') if option.min_cache_ttl is defined and option.min_cache_ttl -}} {{ ('min-cache-ttl ' + item.options.min_cache_ttl | string +';\n') if item.options.min_cache_ttl is defined and item.options.min_cache_ttl -}}
{{ ('min-ncache-ttl ' + option.min_ncache_ttl | string +';\n') if option.min_ncache_ttl is defined and option.min_ncache_ttl -}} {{ ('min-ncache-ttl ' + item.options.min_ncache_ttl | string +';\n') if item.options.min_ncache_ttl is defined and item.options.min_ncache_ttl -}}
{{ ('nta-lifetime ' + option.nta_lifetime | string +';\n') if option.nta_lifetime is defined and option.nta_lifetime -}} {{ ('nta-lifetime ' + item.options.nta_lifetime | string +';\n') if item.options.nta_lifetime is defined and item.options.nta_lifetime -}}
{{ ('nta-recheck ' + option.nta_recheck | string +';\n') if option.nta_recheck is defined and option.nta_recheck -}} {{ ('nta-recheck ' + item.options.nta_recheck | string +';\n') if item.options.nta_recheck is defined and item.options.nta_recheck -}}
{{ ('servfail-ttl ' + option.servfail_ttl | string +';\n') if option.servfail_ttl is defined and option.servfail_ttl -}} {{ ('servfail-ttl ' + item.options.servfail_ttl | string +';\n') if item.options.servfail_ttl is defined and item.options.servfail_ttl -}}
{{ ('stale-answer-ttl ' + option.stale_answer_ttl | string +';\n') if option.stale_answer_ttl is defined and option.stale_answer_ttl -}} {{ ('stale-answer-ttl ' + item.options.stale_answer_ttl | string +';\n') if item.options.stale_answer_ttl is defined and item.options.stale_answer_ttl -}}
{{ ('stale-refresh-time ' + option.stale_refresh_time | string +';\n') if option.stale_refresh_time is defined and option.stale_refresh_time -}} {{ ('stale-refresh-time ' + item.options.stale_refresh_time | string +';\n') if item.options.stale_refresh_time is defined and item.options.stale_refresh_time -}}
{# special options options #} {# special options options #}
{{ ('auto-dnssec ' + option.auto_dnssec | string +';\n') if option.auto_dnssec is defined and option.auto_dnssec -}} {{ ('auto-dnssec ' + item.options.auto_dnssec | string +';\n') if item.options.auto_dnssec is defined and item.options.auto_dnssec -}}
{{ ('check-dup-records ' + option.check_dup_records | string +';\n') if option.check_dup_records is defined and option.check_dup_records -}} {{ ('check-dup-records ' + item.options.check_dup_records | string +';\n') if item.options.check_dup_records is defined and item.options.check_dup_records -}}
{{ ('check-mx ' + option.check_mx | string +';\n') if option.check_mx is defined and option.check_mx -}} {{ ('check-mx ' + item.options.check_mx | string +';\n') if item.options.check_mx is defined and item.options.check_mx -}}
{{ ('check-mx-cname ' + option.check_mx_cname | string +';\n') if option.check_mx_cname is defined and option.check_mx_cname -}} {{ ('check-mx-cname ' + item.options.check_mx_cname | string +';\n') if item.options.check_mx_cname is defined and item.options.check_mx_cname -}}
{{ ('check-spf ' + option.check_spf | string +';\n') if option.check_spf is defined and option.check_spf -}} {{ ('check-spf ' + item.options.check_spf | string +';\n') if item.options.check_spf is defined and item.options.check_spf -}}
{{ ('check-srv-cname ' + option.check_srv_cname | string +';\n') if option.check_srv_cname is defined and option.check_srv_cname -}} {{ ('check-srv-cname ' + item.options.check_srv_cname | string +';\n') if item.options.check_srv_cname is defined and item.options.check_srv_cname -}}
{{ ('cookie-algorithm ' + option.cookie_algorithm | string +';\n') if option.cookie_algorithm is defined and option.cookie_algorithm -}} {{ ('cookie-algorithm ' + item.options.cookie_algorithm | string +';\n') if item.options.cookie_algorithm is defined and item.options.cookie_algorithm -}}
{{ ('coresize ' + option.coresize | string +';\n') if option.coresize is defined and option.coresize -}} {{ ('coresize ' + item.options.coresize | string +';\n') if item.options.coresize is defined and item.options.coresize -}}
{{ ('datasize ' + option.datasize | string +';\n') if option.datasize is defined and option.datasize -}} {{ ('datasize ' + item.options.datasize | string +';\n') if item.options.datasize is defined and item.options.datasize -}}
{{ ('dnssec-update-mode ' + option.dnssec_update_mode | string +';\n') if option.dnssec_update_mode is defined and option.dnssec_update_mode -}} {{ ('dnssec-update-mode ' + item.options.dnssec_update_mode | string +';\n') if item.options.dnssec_update_mode is defined and item.options.dnssec_update_mode -}}
{{ ('dnssec-validation ' + functions.boolean_or_string(option.dnssec_validation) +';\n') if option.dnssec_validation is defined -}} {{ ('dnssec-validation ' + functions.boolean_or_string(item.options.dnssec_validation) +';\n') if item.options.dnssec_validation is defined -}}
{{ ('files ' + option.files | string +';\n') if option.files is defined and option.files -}} {{ ('files ' + item.options.files | string +';\n') if item.options.files is defined and item.options.files -}}
{{ ('forward ' + option.forward | string +';\n') if option.forward is defined and option.forward -}} {{ ('forward ' + item.options.forward | string +';\n') if item.options.forward is defined and item.options.forward -}}
{{ ('fstrm-set-output-queue-model ' + option.fstrm_set_output_queue_model | string +';\n') if option.fstrm_set_output_queue_model is defined and option.fstrm_set_output_queue_model -}} {{ ('fstrm-set-output-queue-model ' + item.options.fstrm_set_output_queue_model | string +';\n') if item.options.fstrm_set_output_queue_model is defined and item.options.fstrm_set_output_queue_model -}}
{{ ('masterfile-format ' + option.masterfile_format | string +';\n') if option.masterfile_format is defined and option.masterfile_format -}} {{ ('masterfile-format ' + item.options.masterfile_format | string +';\n') if item.options.masterfile_format is defined and item.options.masterfile_format -}}
{{ ('masterfile-style ' + option.masterfile_style | string +';\n') if option.masterfile_style is defined and option.masterfile_style -}} {{ ('masterfile-style ' + item.options.masterfile_style | string +';\n') if item.options.masterfile_style is defined and item.options.masterfile_style -}}
{{ ('max-cache-size ' + option.max_cache_size | string +';\n') if option.max_cache_size is defined and option.max_cache_size -}} {{ ('max-cache-size ' + item.options.max_cache_size | string +';\n') if item.options.max_cache_size is defined and item.options.max_cache_size -}}
{{ ('max-ixfr-ratio ' + option.max_ixfr_ratio | string +';\n') if option.max_ixfr_ratio is defined and option.max_ixfr_ratio -}} {{ ('max-ixfr-ratio ' + item.options.max_ixfr_ratio | string +';\n') if item.options.max_ixfr_ratio is defined and item.options.max_ixfr_ratio -}}
{{ ('max-journal-size ' + option.max_journal_size | string +';\n') if option.max_journal_size is defined and option.max_journal_size -}} {{ ('max-journal-size ' + item.options.max_journal_size | string +';\n') if item.options.max_journal_size is defined and item.options.max_journal_size -}}
{{ ('max-zone-ttl ' + option.max_zone_ttl | string +';\n') if option.max_zone_ttl is defined and option.max_zone_ttl -}} {{ ('max-zone-ttl ' + item.options.max_zone_ttl | string +';\n') if item.options.max_zone_ttl is defined and item.options.max_zone_ttl -}}
{{ ('qname-minimization ' + option.qname_minimization | string +';\n') if option.qname_minimization is defined and option.qname_minimization -}} {{ ('qname-minimization ' + item.options.qname_minimization | string +';\n') if item.options.qname_minimization is defined and item.options.qname_minimization -}}
{{ ('serial-update-method ' + option.serial_update_method | string +';\n') if option.serial_update_method is defined and option.serial_update_method -}} {{ ('serial-update-method ' + item.options.serial_update_method | string +';\n') if item.options.serial_update_method is defined and item.options.serial_update_method -}}
{{ ('stacksize ' + option.stacksize | string +';\n') if option.stacksize is defined and option.stacksize -}} {{ ('stacksize ' + item.options.stacksize | string +';\n') if item.options.stacksize is defined and item.options.stacksize -}}
{{ ('stale-answer-client-timeout ' + option.stale_answer_client_timeout | string +';\n') if option.stale_answer_client_timeout is defined and option.stale_answer_client_timeout -}} {{ ('stale-answer-client-timeout ' + item.options.stale_answer_client_timeout | string +';\n') if item.options.stale_answer_client_timeout is defined and item.options.stale_answer_client_timeout -}}
{{ ('transfer-format ' + option.transfer_format | string +';\n') if option.transfer_format is defined and option.transfer_format -}} {{ ('transfer-format ' + item.options.transfer_format | string +';\n') if item.options.transfer_format is defined and item.options.transfer_format -}}
{# quoted_string options #} {# quoted_string options #}
{{ ('bindkeys-file "' + option.bindkeys_file | string +'";\n') if option.bindkeys_file is defined and option.bindkeys_file -}} {{ ('bindkeys-file "' + item.options.bindkeys_file | string +'";\n') if item.options.bindkeys_file is defined and item.options.bindkeys_file -}}
{{ ('directory "' + option.directory | string +'";\n') if option.directory is defined and option.directory -}} {{ ('directory "' + item.options.directory | string +'";\n') if item.options.directory is defined and item.options.directory -}}
{{ ('dump-file "' + option.dump_file | string +'";\n') if option.dump_file is defined and option.dump_file -}} {{ ('dump-file "' + item.options.dump_file | string +'";\n') if item.options.dump_file is defined and item.options.dump_file -}}
{{ ('key-directory "' + option.key_directory | string +'";\n') if option.key_directory is defined and option.key_directory -}} {{ ('key-directory "' + item.options.key_directory | string +'";\n') if item.options.key_directory is defined and item.options.key_directory -}}
{{ ('managed-keys-directory "' + option.managed_keys_directory | string +'";\n') if option.managed_keys_directory is defined and option.managed_keys_directory -}} {{ ('managed-keys-directory "' + item.options.managed_keys_directory | string +'";\n') if item.options.managed_keys_directory is defined and item.options.managed_keys_directory -}}
{{ ('memstatistics-file "' + option.memstatistics_file | string +'";\n') if option.memstatistics_file is defined and option.memstatistics_file -}} {{ ('memstatistics-file "' + item.options.memstatistics_file | string +'";\n') if item.options.memstatistics_file is defined and item.options.memstatistics_file -}}
{{ ('new-zones-directory "' + option.new_zones_directory | string +'";\n') if option.new_zones_directory is defined and option.new_zones_directory -}} {{ ('new-zones-directory "' + item.options.new_zones_directory | string +'";\n') if item.options.new_zones_directory is defined and item.options.new_zones_directory -}}
{{ ('recursing-file "' + option.recursing_file | string +'";\n') if option.recursing_file is defined and option.recursing_file -}} {{ ('recursing-file "' + item.options.recursing_file | string +'";\n') if item.options.recursing_file is defined and item.options.recursing_file -}}
{{ ('secroots-file "' + option.secroots_file | string +'";\n') if option.secroots_file is defined and option.secroots_file -}} {{ ('secroots-file "' + item.options.secroots_file | string +'";\n') if item.options.secroots_file is defined and item.options.secroots_file -}}
{{ ('statistics-file "' + option.statistics_file | string +'";\n') if option.statistics_file is defined and option.statistics_file -}} {{ ('statistics-file "' + item.options.statistics_file | string +'";\n') if item.options.statistics_file is defined and item.options.statistics_file -}}
{{ ('tkey-domain "' + option.tkey_domain | string +'";\n') if option.tkey_domain is defined and option.tkey_domain -}} {{ ('tkey-domain "' + item.options.tkey_domain | string +'";\n') if item.options.tkey_domain is defined and item.options.tkey_domain -}}
{{ ('tkey-gssapi-credential "' + option.tkey_gssapi_credential | string +'";\n') if option.tkey_gssapi_credential is defined and option.tkey_gssapi_credential -}} {{ ('tkey-gssapi-credential "' + item.options.tkey_gssapi_credential | string +'";\n') if item.options.tkey_gssapi_credential is defined and item.options.tkey_gssapi_credential -}}
{{ ('tkey-gssapi-keytab "' + option.tkey_gssapi_keytab | string +'";\n') if option.tkey_gssapi_keytab is defined and option.tkey_gssapi_keytab -}} {{ ('tkey-gssapi-keytab "' + item.options.tkey_gssapi_keytab | string +'";\n') if item.options.tkey_gssapi_keytab is defined and item.options.tkey_gssapi_keytab -}}
{# simple_item_list options #} {# simple_item_list options #}
{{ ('allow-notify {\n' + functions.simple_item_list(option.allow_notify) + '};\n') if option.allow_notify is defined and option.allow_notify -}} {{ ('allow-notify {\n' + functions.simple_item_list(item.options.allow_notify) + '};\n') if item.options.allow_notify is defined and item.options.allow_notify -}}
{{ ('allow-query {\n' + functions.simple_item_list(option.allow_query) + '};\n') if option.allow_query is defined and option.allow_query -}} {{ ('allow-query {\n' + functions.simple_item_list(item.options.allow_query) + '};\n') if item.options.allow_query is defined and item.options.allow_query -}}
{{ ('allow-query-cache {\n' + functions.simple_item_list(option.allow_query_cache) + '};\n') if option.allow_query_cache is defined and option.allow_query_cache -}} {{ ('allow-query-cache {\n' + functions.simple_item_list(item.options.allow_query_cache) + '};\n') if item.options.allow_query_cache is defined and item.options.allow_query_cache -}}
{{ ('allow-query-cache-on {\n' + functions.simple_item_list(option.allow_query_cache_on) + '};\n') if option.allow_query_cache_on is defined and option.allow_query_cache_on -}} {{ ('allow-query-cache-on {\n' + functions.simple_item_list(item.options.allow_query_cache_on) + '};\n') if item.options.allow_query_cache_on is defined and item.options.allow_query_cache_on -}}
{{ ('allow-query-on {\n' + functions.simple_item_list(option.allow_query_on) + '};\n') if option.allow_query_on is defined and option.allow_query_on -}} {{ ('allow-query-on {\n' + functions.simple_item_list(item.options.allow_query_on) + '};\n') if item.options.allow_query_on is defined and item.options.allow_query_on -}}
{{ ('allow-recursion {\n' + functions.simple_item_list(option.allow_recursion) + '};\n') if option.allow_recursion is defined and option.allow_recursion -}} {{ ('allow-recursion {\n' + functions.simple_item_list(item.options.allow_recursion) + '};\n') if item.options.allow_recursion is defined and item.options.allow_recursion -}}
{{ ('allow-recursion-on {\n' + functions.simple_item_list(option.allow_recursion_on) + '};\n') if option.allow_recursion_on is defined and option.allow_recursion_on -}} {{ ('allow-recursion-on {\n' + functions.simple_item_list(item.options.allow_recursion_on) + '};\n') if item.options.allow_recursion_on is defined and item.options.allow_recursion_on -}}
{{ ('allow-update {\n' + functions.simple_item_list(option.allow_update) + '};\n') if option.allow_update is defined and option.allow_update -}} {{ ('allow-update {\n' + functions.simple_item_list(item.options.allow_update) + '};\n') if item.options.allow_update is defined and item.options.allow_update -}}
{{ ('allow-update-forwarding {\n' + functions.simple_item_list(option.allow_update_forwarding) + '};\n') if option.allow_update_forwarding is defined and option.allow_update_forwarding -}} {{ ('allow-update-forwarding {\n' + functions.simple_item_list(item.options.allow_update_forwarding) + '};\n') if item.options.allow_update_forwarding is defined and item.options.allow_update_forwarding -}}
{{ ('blackhole {\n' + functions.simple_item_list(option.blackhole) + '};\n') if option.blackhole is defined and option.blackhole -}} {{ ('blackhole {\n' + functions.simple_item_list(item.options.blackhole) + '};\n') if item.options.blackhole is defined and item.options.blackhole -}}
{{ ('keep-response-order {\n' + functions.simple_item_list(option.keep_response_order) + '};\n') if option.keep_response_order is defined and option.keep_response_order -}} {{ ('keep-response-order {\n' + functions.simple_item_list(item.options.keep_response_order) + '};\n') if item.options.keep_response_order is defined and item.options.keep_response_order -}}
{{ ('no-case-compress {\n' + functions.simple_item_list(option.no_case_compress) + '};\n') if option.no_case_compress is defined and option.no_case_compress -}} {{ ('no-case-compress {\n' + functions.simple_item_list(item.options.no_case_compress) + '};\n') if item.options.no_case_compress is defined and item.options.no_case_compress -}}
{{ ('sortlist {\n' + functions.simple_item_list(option.sortlist) + '};\n') if option.sortlist is defined and option.sortlist -}} {{ ('sortlist {\n' + functions.simple_item_list(item.options.sortlist) + '};\n') if item.options.sortlist is defined and item.options.sortlist -}}
{# String options #} {# String options #}
{{ ('attach-cache ' + option.attach_cache | string +';\n') if option.attach_cache is defined and option.attach_cache -}} {{ ('attach-cache ' + item.options.attach_cache | string +';\n') if item.options.attach_cache is defined and item.options.attach_cache -}}
{{ ('cookie-secret ' + option.cookie_secret | string +';\n') if option.cookie_secret is defined and option.cookie_secret -}} {{ ('cookie-secret ' + item.options.cookie_secret | string +';\n') if item.options.cookie_secret is defined and item.options.cookie_secret -}}
{{ ('disable-empty-zone ' + option.disable_empty_zone | string +';\n') if option.disable_empty_zone is defined and option.disable_empty_zone -}} {{ ('disable-empty-zone ' + item.options.disable_empty_zone | string +';\n') if item.options.disable_empty_zone is defined and item.options.disable_empty_zone -}}
{{ ('dns64-contact ' + option.dns64_contact | string +';\n') if option.dns64_contact is defined and option.dns64_contact -}} {{ ('dns64-contact ' + item.options.dns64_contact | string +';\n') if item.options.dns64_contact is defined and item.options.dns64_contact -}}
{{ ('dns64-server ' + option.dns64_server | string +';\n') if option.dns64_server is defined and option.dns64_server -}} {{ ('dns64-server ' + item.options.dns64_server | string +';\n') if item.options.dns64_server is defined and item.options.dns64_server -}}
{{ ('dnssec-policy ' + option.dnssec_policy | string +';\n') if option.dnssec_policy is defined and option.dnssec_policy -}} {{ ('dnssec-policy ' + item.options.dnssec_policy | string +';\n') if item.options.dnssec_policy is defined and item.options.dnssec_policy -}}
{{ ('empty-contact ' + option.empty_contact | string +';\n') if option.empty_contact is defined and option.empty_contact -}} {{ ('empty-contact ' + item.options.empty_contact | string +';\n') if item.options.empty_contact is defined and item.options.empty_contact -}}
{{ ('empty-server ' + option.empty_server | string +';\n') if option.empty_server is defined and option.empty_server -}} {{ ('empty-server ' + item.options.empty_server | string +';\n') if item.options.empty_server is defined and item.options.empty_server -}}
{{ ('ipv4only-contact ' + option.ipv4only_contact | string +';\n') if option.ipv4only_contact is defined and option.ipv4only_contact -}} {{ ('ipv4only-contact ' + item.options.ipv4only_contact | string +';\n') if item.options.ipv4only_contact is defined and item.options.ipv4only_contact -}}
{{ ('ipv4only-server ' + option.ipv4only_server | string +';\n') if option.ipv4only_server is defined and option.ipv4only_server -}} {{ ('ipv4only-server ' + item.options.ipv4only_server | string +';\n') if item.options.ipv4only_server is defined and item.options.ipv4only_server -}}
{{ ('nxdomain-redirect ' + option.nxdomain_redirect | string +';\n') if option.nxdomain_redirect is defined and option.nxdomain_redirect -}} {{ ('nxdomain-redirect ' + item.options.nxdomain_redirect | string +';\n') if item.options.nxdomain_redirect is defined and item.options.nxdomain_redirect -}}
{{ ('preferred-glue ' + option.preferred_glue | string +';\n') if option.preferred_glue is defined and option.preferred_glue -}} {{ ('preferred-glue ' + item.options.preferred_glue | string +';\n') if item.options.preferred_glue is defined and item.options.preferred_glue -}}
{{ ('session-keyalg ' + option.session_keyalg | string +';\n') if option.session_keyalg is defined and option.session_keyalg -}} {{ ('session-keyalg ' + item.options.session_keyalg | string +';\n') if item.options.session_keyalg is defined and item.options.session_keyalg -}}
{{ ('session-keyname ' + option.session_keyname | string +';\n') if option.session_keyname is defined and option.session_keyname -}} {{ ('session-keyname ' + item.options.session_keyname | string +';\n') if item.options.session_keyname is defined and item.options.session_keyname -}}
{# Integer options #} {# Integer options #}
{{ ('clients-per-query ' + option.clients_per_query | string +';\n') if option.clients_per_query is defined and option.clients_per_query -}} {{ ('clients-per-query ' + item.options.clients_per_query | string +';\n') if item.options.clients_per_query is defined and item.options.clients_per_query -}}
{{ ('dnskey-sig-validity ' + option.dnskey_sig_validity | string +';\n') if option.dnskey_sig_validity is defined and option.dnskey_sig_validity -}} {{ ('dnskey-sig-validity ' + item.options.dnskey_sig_validity | string +';\n') if item.options.dnskey_sig_validity is defined and item.options.dnskey_sig_validity -}}
{{ ('dnssec-loadkeys-interval ' + option.dnssec_loadkeys_interval | string +';\n') if option.dnssec_loadkeys_interval is defined and option.dnssec_loadkeys_interval -}} {{ ('dnssec-loadkeys-interval ' + item.options.dnssec_loadkeys_interval | string +';\n') if item.options.dnssec_loadkeys_interval is defined and item.options.dnssec_loadkeys_interval -}}
{{ ('dscp ' + option.dscp | string +';\n') if option.dscp is defined and option.dscp -}} {{ ('dscp ' + item.options.dscp | string +';\n') if item.options.dscp is defined and item.options.dscp -}}
{{ ('edns-udp-size ' + option.edns_udp_size | string +';\n') if option.edns_udp_size is defined and option.edns_udp_size -}} {{ ('edns-udp-size ' + item.options.edns_udp_size | string +';\n') if item.options.edns_udp_size is defined and item.options.edns_udp_size -}}
{{ ('fstrm-set-buffer-hint ' + option.fstrm_set_buffer_hint | string +';\n') if option.fstrm_set_buffer_hint is defined and option.fstrm_set_buffer_hint -}} {{ ('fstrm-set-buffer-hint ' + item.options.fstrm_set_buffer_hint | string +';\n') if item.options.fstrm_set_buffer_hint is defined and item.options.fstrm_set_buffer_hint -}}
{{ ('fstrm-set-flush-timeout ' + option.fstrm_set_flush_timeout | string +';\n') if option.fstrm_set_flush_timeout is defined and option.fstrm_set_flush_timeout -}} {{ ('fstrm-set-flush-timeout ' + item.options.fstrm_set_flush_timeout | string +';\n') if item.options.fstrm_set_flush_timeout is defined and item.options.fstrm_set_flush_timeout -}}
{{ ('fstrm-set-input-queue-size ' + option.fstrm_set_input_queue_size | string +';\n') if option.fstrm_set_input_queue_size is defined and option.fstrm_set_input_queue_size -}} {{ ('fstrm-set-input-queue-size ' + item.options.fstrm_set_input_queue_size | string +';\n') if item.options.fstrm_set_input_queue_size is defined and item.options.fstrm_set_input_queue_size -}}
{{ ('fstrm-set-output-notify-threshold ' + option.fstrm_set_output_notify_threshold | string +';\n') if option.fstrm_set_output_notify_threshold is defined and option.fstrm_set_output_notify_threshold -}} {{ ('fstrm-set-output-notify-threshold ' + item.options.fstrm_set_output_notify_threshold | string +';\n') if item.options.fstrm_set_output_notify_threshold is defined and item.options.fstrm_set_output_notify_threshold -}}
{{ ('fstrm-set-output-queue-size ' + option.fstrm_set_output_queue_size | string +';\n') if option.fstrm_set_output_queue_size is defined and option.fstrm_set_output_queue_size -}} {{ ('fstrm-set-output-queue-size ' + item.options.fstrm_set_output_queue_size | string +';\n') if item.options.fstrm_set_output_queue_size is defined and item.options.fstrm_set_output_queue_size -}}
{{ ('heartbeat-interval ' + option.heartbeat_interval | string +';\n') if option.heartbeat_interval is defined and option.heartbeat_interval -}} {{ ('heartbeat-interval ' + item.options.heartbeat_interval | string +';\n') if item.options.heartbeat_interval is defined and item.options.heartbeat_interval -}}
{{ ('http-listener-clients ' + option.http_listener_clients | string +';\n') if option.http_listener_clients is defined and option.http_listener_clients -}} {{ ('http-listener-clients ' + item.options.http_listener_clients | string +';\n') if item.options.http_listener_clients is defined and item.options.http_listener_clients -}}
{{ ('http-port ' + option.http_port | string +';\n') if option.http_port is defined and option.http_port -}} {{ ('http-port ' + item.options.http_port | string +';\n') if item.options.http_port is defined and item.options.http_port -}}
{{ ('http-streams-per-connection ' + option.http_streams_per_connection | string +';\n') if option.http_streams_per_connection is defined and option.http_streams_per_connection -}} {{ ('http-streams-per-connection ' + item.options.http_streams_per_connection | string +';\n') if item.options.http_streams_per_connection is defined and item.options.http_streams_per_connection -}}
{{ ('https-port ' + option.https_port | string +';\n') if option.https_port is defined and option.https_port -}} {{ ('https-port ' + item.options.https_port | string +';\n') if item.options.https_port is defined and item.options.https_port -}}
{{ ('max-clients-per-query ' + option.max_clients_per_query | string +';\n') if option.max_clients_per_query is defined and option.max_clients_per_query -}} {{ ('max-clients-per-query ' + item.options.max_clients_per_query | string +';\n') if item.options.max_clients_per_query is defined and item.options.max_clients_per_query -}}
{{ ('max-records ' + option.max_records | string +';\n') if option.max_records is defined and option.max_records -}} {{ ('max-records ' + item.options.max_records | string +';\n') if item.options.max_records is defined and item.options.max_records -}}
{{ ('max-recursion-depth ' + option.max_recursion_depth | string +';\n') if option.max_recursion_depth is defined and option.max_recursion_depth -}} {{ ('max-recursion-depth ' + item.options.max_recursion_depth | string +';\n') if item.options.max_recursion_depth is defined and item.options.max_recursion_depth -}}
{{ ('max-recursion-queries ' + option.max_recursion_queries | string +';\n') if option.max_recursion_queries is defined and option.max_recursion_queries -}} {{ ('max-recursion-queries ' + item.options.max_recursion_queries | string +';\n') if item.options.max_recursion_queries is defined and item.options.max_recursion_queries -}}
{{ ('max-refresh-time ' + option.max_refresh_time | string +';\n') if option.max_refresh_time is defined and option.max_refresh_time -}} {{ ('max-refresh-time ' + item.options.max_refresh_time | string +';\n') if item.options.max_refresh_time is defined and item.options.max_refresh_time -}}
{{ ('max-retry-time ' + option.max_retry_time | string +';\n') if option.max_retry_time is defined and option.max_retry_time -}} {{ ('max-retry-time ' + item.options.max_retry_time | string +';\n') if item.options.max_retry_time is defined and item.options.max_retry_time -}}
{{ ('max-rsa-exponent-size ' + option.max_rsa_exponent_size | string +';\n') if option.max_rsa_exponent_size is defined and option.max_rsa_exponent_size -}} {{ ('max-rsa-exponent-size ' + item.options.max_rsa_exponent_size | string +';\n') if item.options.max_rsa_exponent_size is defined and item.options.max_rsa_exponent_size -}}
{{ ('max-transfer-idle-in ' + option.max_transfer_idle_in | string +';\n') if option.max_transfer_idle_in is defined and option.max_transfer_idle_in -}} {{ ('max-transfer-idle-in ' + item.options.max_transfer_idle_in | string +';\n') if item.options.max_transfer_idle_in is defined and item.options.max_transfer_idle_in -}}
{{ ('max-transfer-idle-out ' + option.max_transfer_idle_out | string +';\n') if option.max_transfer_idle_out is defined and option.max_transfer_idle_out -}} {{ ('max-transfer-idle-out ' + item.options.max_transfer_idle_out | string +';\n') if item.options.max_transfer_idle_out is defined and item.options.max_transfer_idle_out -}}
{{ ('max-transfer-time-in ' + option.max_transfer_time_in | string +';\n') if option.max_transfer_time_in is defined and option.max_transfer_time_in -}} {{ ('max-transfer-time-in ' + item.options.max_transfer_time_in | string +';\n') if item.options.max_transfer_time_in is defined and item.options.max_transfer_time_in -}}
{{ ('max-transfer-time-out ' + option.max_transfer_time_out | string +';\n') if option.max_transfer_time_out is defined and option.max_transfer_time_out -}} {{ ('max-transfer-time-out ' + item.options.max_transfer_time_out | string +';\n') if item.options.max_transfer_time_out is defined and item.options.max_transfer_time_out -}}
{{ ('max-udp-size ' + option.max_udp_size | string +';\n') if option.max_udp_size is defined and option.max_udp_size -}} {{ ('max-udp-size ' + item.options.max_udp_size | string +';\n') if item.options.max_udp_size is defined and item.options.max_udp_size -}}
{{ ('min-refresh-time ' + option.min_refresh_time | string +';\n') if option.min_refresh_time is defined and option.min_refresh_time -}} {{ ('min-refresh-time ' + item.options.min_refresh_time | string +';\n') if item.options.min_refresh_time is defined and item.options.min_refresh_time -}}
{{ ('min-retry-time ' + option.min_retry_time | string +';\n') if option.min_retry_time is defined and option.min_retry_time -}} {{ ('min-retry-time ' + item.options.min_retry_time | string +';\n') if item.options.min_retry_time is defined and item.options.min_retry_time -}}
{{ ('nocookie-udp-size ' + option.nocookie_udp_size | string +';\n') if option.nocookie_udp_size is defined and option.nocookie_udp_size -}} {{ ('nocookie-udp-size ' + item.options.nocookie_udp_size | string +';\n') if item.options.nocookie_udp_size is defined and item.options.nocookie_udp_size -}}
{{ ('notify-delay ' + option.notify_delay | string +';\n') if option.notify_delay is defined and option.notify_delay -}} {{ ('notify-delay ' + item.options.notify_delay | string +';\n') if item.options.notify_delay is defined and item.options.notify_delay -}}
{{ ('notify-rate ' + option.notify_rate | string +';\n') if option.notify_rate is defined and option.notify_rate -}} {{ ('notify-rate ' + item.options.notify_rate | string +';\n') if item.options.notify_rate is defined and item.options.notify_rate -}}
{{ ('port ' + option.port | string +';\n') if option.port is defined and option.port -}} {{ ('port ' + item.options.port | string +';\n') if item.options.port is defined and item.options.port -}}
{{ ('recursive-clients ' + option.recursive_clients | string +';\n') if option.recursive_clients is defined and option.recursive_clients -}} {{ ('recursive-clients ' + item.options.recursive_clients | string +';\n') if item.options.recursive_clients is defined and item.options.recursive_clients -}}
{{ ('resolver-nonbackoff-tries ' + option.resolver_nonbackoff_tries | string +';\n') if option.resolver_nonbackoff_tries is defined and option.resolver_nonbackoff_tries -}} {{ ('resolver-nonbackoff-tries ' + item.options.resolver_nonbackoff_tries | string +';\n') if item.options.resolver_nonbackoff_tries is defined and item.options.resolver_nonbackoff_tries -}}
{{ ('resolver-query-timeout ' + option.resolver_query_timeout | string +';\n') if option.resolver_query_timeout is defined and option.resolver_query_timeout -}} {{ ('resolver-query-timeout ' + item.options.resolver_query_timeout | string +';\n') if item.options.resolver_query_timeout is defined and item.options.resolver_query_timeout -}}
{{ ('resolver-retry-interval ' + option.resolver_retry_interval | string +';\n') if option.resolver_retry_interval is defined and option.resolver_retry_interval -}} {{ ('resolver-retry-interval ' + item.options.resolver_retry_interval | string +';\n') if item.options.resolver_retry_interval is defined and item.options.resolver_retry_interval -}}
{{ ('serial-query-rate ' + option.serial_query_rate | string +';\n') if option.serial_query_rate is defined and option.serial_query_rate -}} {{ ('serial-query-rate ' + item.options.serial_query_rate | string +';\n') if item.options.serial_query_rate is defined and item.options.serial_query_rate -}}
{{ ('sig-signing-nodes ' + option.sig_signing_nodes | string +';\n') if option.sig_signing_nodes is defined and option.sig_signing_nodes -}} {{ ('sig-signing-nodes ' + item.options.sig_signing_nodes | string +';\n') if item.options.sig_signing_nodes is defined and item.options.sig_signing_nodes -}}
{{ ('sig-signing-signatures ' + option.sig_signing_signatures | string +';\n') if option.sig_signing_signatures is defined and option.sig_signing_signatures -}} {{ ('sig-signing-signatures ' + item.options.sig_signing_signatures | string +';\n') if item.options.sig_signing_signatures is defined and item.options.sig_signing_signatures -}}
{{ ('sig-signing-type ' + option.sig_signing_type | string +';\n') if option.sig_signing_type is defined and option.sig_signing_type -}} {{ ('sig-signing-type ' + item.options.sig_signing_type | string +';\n') if item.options.sig_signing_type is defined and item.options.sig_signing_type -}}
{{ ('startup-notify-rate ' + option.startup_notify_rate | string +';\n') if option.startup_notify_rate is defined and option.startup_notify_rate -}} {{ ('startup-notify-rate ' + item.options.startup_notify_rate | string +';\n') if item.options.startup_notify_rate is defined and item.options.startup_notify_rate -}}
{{ ('tcp-advertised-timeout ' + option.tcp_advertised_timeout | string +';\n') if option.tcp_advertised_timeout is defined and option.tcp_advertised_timeout -}} {{ ('tcp-advertised-timeout ' + item.options.tcp_advertised_timeout | string +';\n') if item.options.tcp_advertised_timeout is defined and item.options.tcp_advertised_timeout -}}
{{ ('tcp-clients ' + option.tcp_clients | string +';\n') if option.tcp_clients is defined and option.tcp_clients -}} {{ ('tcp-clients ' + item.options.tcp_clients | string +';\n') if item.options.tcp_clients is defined and item.options.tcp_clients -}}
{{ ('tcp-idle-timeout ' + option.tcp_idle_timeout | string +';\n') if option.tcp_idle_timeout is defined and option.tcp_idle_timeout -}} {{ ('tcp-idle-timeout ' + item.options.tcp_idle_timeout | string +';\n') if item.options.tcp_idle_timeout is defined and item.options.tcp_idle_timeout -}}
{{ ('tcp-initial-timeout ' + option.tcp_initial_timeout | string +';\n') if option.tcp_initial_timeout is defined and option.tcp_initial_timeout -}} {{ ('tcp-initial-timeout ' + item.options.tcp_initial_timeout | string +';\n') if item.options.tcp_initial_timeout is defined and item.options.tcp_initial_timeout -}}
{{ ('tcp-keepalive-timeout ' + option.tcp_keepalive_timeout | string +';\n') if option.tcp_keepalive_timeout is defined and option.tcp_keepalive_timeout -}} {{ ('tcp-keepalive-timeout ' + item.options.tcp_keepalive_timeout | string +';\n') if item.options.tcp_keepalive_timeout is defined and item.options.tcp_keepalive_timeout -}}
{{ ('tcp-listen-queue ' + option.tcp_listen_queue | string +';\n') if option.tcp_listen_queue is defined and option.tcp_listen_queue -}} {{ ('tcp-listen-queue ' + item.options.tcp_listen_queue | string +';\n') if item.options.tcp_listen_queue is defined and item.options.tcp_listen_queue -}}
{{ ('tcp-receive-buffer ' + option.tcp_receive_buffer | string +';\n') if option.tcp_receive_buffer is defined and option.tcp_receive_buffer -}} {{ ('tcp-receive-buffer ' + item.options.tcp_receive_buffer | string +';\n') if item.options.tcp_receive_buffer is defined and item.options.tcp_receive_buffer -}}
{{ ('tcp-send-buffer ' + option.tcp_send_buffer | string +';\n') if option.tcp_send_buffer is defined and option.tcp_send_buffer -}} {{ ('tcp-send-buffer ' + item.options.tcp_send_buffer | string +';\n') if item.options.tcp_send_buffer is defined and item.options.tcp_send_buffer -}}
{{ ('tls-port ' + option.tls_port | string +';\n') if option.tls_port is defined and option.tls_port -}} {{ ('tls-port ' + item.options.tls_port | string +';\n') if item.options.tls_port is defined and item.options.tls_port -}}
{{ ('transfer-message-size ' + option.transfer_message_size | string +';\n') if option.transfer_message_size is defined and option.transfer_message_size -}} {{ ('transfer-message-size ' + item.options.transfer_message_size | string +';\n') if item.options.transfer_message_size is defined and item.options.transfer_message_size -}}
{{ ('transfers-in ' + option.transfers_in | string +';\n') if option.transfers_in is defined and option.transfers_in -}} {{ ('transfers-in ' + item.options.transfers_in | string +';\n') if item.options.transfers_in is defined and item.options.transfers_in -}}
{{ ('transfers-out ' + option.transfers_out | string +';\n') if option.transfers_out is defined and option.transfers_out -}} {{ ('transfers-out ' + item.options.transfers_out | string +';\n') if item.options.transfers_out is defined and item.options.transfers_out -}}
{{ ('transfers-per-ns ' + option.transfers_per_ns | string +';\n') if option.transfers_per_ns is defined and option.transfers_per_ns -}} {{ ('transfers-per-ns ' + item.options.transfers_per_ns | string +';\n') if item.options.transfers_per_ns is defined and item.options.transfers_per_ns -}}
{{ ('udp-receive-buffer ' + option.udp_receive_buffer | string +';\n') if option.udp_receive_buffer is defined and option.udp_receive_buffer -}} {{ ('udp-receive-buffer ' + item.options.udp_receive_buffer | string +';\n') if item.options.udp_receive_buffer is defined and item.options.udp_receive_buffer -}}
{{ ('udp-send-buffer ' + option.udp_send_buffer | string +';\n') if option.udp_send_buffer is defined and option.udp_send_buffer -}} {{ ('udp-send-buffer ' + item.options.udp_send_buffer | string +';\n') if item.options.udp_send_buffer is defined and item.options.udp_send_buffer -}}
{{ ('v6-bias ' + option.v6_bias | string +';\n') if option.v6_bias is defined and option.v6_bias -}} {{ ('v6-bias ' + item.options.v6_bias | string +';\n') if item.options.v6_bias is defined and item.options.v6_bias -}}
{# Boolean options #} {# Boolean options #}
{{ (functions.boolean_option('allow-new-zones', option.allow_new_zones) + '\n') if option.allow_new_zones is defined -}} {{ (functions.boolean_option('allow-new-zones', item.options.allow_new_zones) + '\n') if item.options.allow_new_zones is defined -}}
{{ (functions.boolean_option('answer-cookie', option.answer_cookie) + '\n') if option.answer_cookie is defined -}} {{ (functions.boolean_option('answer-cookie', item.options.answer_cookie) + '\n') if item.options.answer_cookie is defined -}}
{{ (functions.boolean_option('auth-nxdomain', option.auth_nxdomain) + '\n') if option.auth_nxdomain is defined -}} {{ (functions.boolean_option('auth-nxdomain', item.options.auth_nxdomain) + '\n') if item.options.auth_nxdomain is defined -}}
{{ (functions.boolean_option('automatic-interface-scan', option.automatic_interface_scan) + '\n') if option.automatic_interface_scan is defined -}} {{ (functions.boolean_option('automatic-interface-scan', item.options.automatic_interface_scan) + '\n') if item.options.automatic_interface_scan is defined -}}
{{ (functions.boolean_option('check-integrity', option.check_integrity) + '\n') if option.check_integrity is defined -}} {{ (functions.boolean_option('check-integrity', item.options.check_integrity) + '\n') if item.options.check_integrity is defined -}}
{{ (functions.boolean_option('check-sibling', option.check_sibling) + '\n') if option.check_sibling is defined -}} {{ (functions.boolean_option('check-sibling', item.options.check_sibling) + '\n') if item.options.check_sibling is defined -}}
{{ (functions.boolean_option('check-wildcard', option.check_wildcard) + '\n') if option.check_wildcard is defined -}} {{ (functions.boolean_option('check-wildcard', item.options.check_wildcard) + '\n') if item.options.check_wildcard is defined -}}
{{ (functions.boolean_option('dnsrps-enable', option.dnsrps_enable) + '\n') if option.dnsrps_enable is defined -}} {{ (functions.boolean_option('dnsrps-enable', item.options.dnsrps_enable) + '\n') if item.options.dnsrps_enable is defined -}}
{{ (functions.boolean_option('dnssec-accept-expired', option.dnssec_accept_expired) + '\n') if option.dnssec_accept_expired is defined -}} {{ (functions.boolean_option('dnssec-accept-expired', item.options.dnssec_accept_expired) + '\n') if item.options.dnssec_accept_expired is defined -}}
{{ (functions.boolean_option('dnssec-dnskey-kskonly', option.dnssec_dnskey_kskonly) + '\n') if option.dnssec_dnskey_kskonly is defined -}} {{ (functions.boolean_option('dnssec-dnskey-kskonly', item.options.dnssec_dnskey_kskonly) + '\n') if item.options.dnssec_dnskey_kskonly is defined -}}
{{ (functions.boolean_option('dnssec-secure-to-insecure', option.dnssec_secure_to_insecure) + '\n') if option.dnssec_secure_to_insecure is defined -}} {{ (functions.boolean_option('dnssec-secure-to-insecure', item.options.dnssec_secure_to_insecure) + '\n') if item.options.dnssec_secure_to_insecure is defined -}}
{{ (functions.boolean_option('empty-zones-enable', option.empty_zones_enable) + '\n') if option.empty_zones_enable is defined -}} {{ (functions.boolean_option('empty-zones-enable', item.options.empty_zones_enable) + '\n') if item.options.empty_zones_enable is defined -}}
{{ (functions.boolean_option('flush-zones-on-shutdown', option.flush_zones_on_shutdown) + '\n') if option.flush_zones_on_shutdown is defined -}} {{ (functions.boolean_option('flush-zones-on-shutdown', item.options.flush_zones_on_shutdown) + '\n') if item.options.flush_zones_on_shutdown is defined -}}
{{ (functions.boolean_option('glue-cache', option.glue_cache) + '\n') if option.glue_cache is defined -}} {{ (functions.boolean_option('glue-cache', item.options.glue_cache) + '\n') if item.options.glue_cache is defined -}}
{{ (functions.boolean_option('ipv4only-enable', option.ipv4only_enable) + '\n') if option.ipv4only_enable is defined -}} {{ (functions.boolean_option('ipv4only-enable', item.options.ipv4only_enable) + '\n') if item.options.ipv4only_enable is defined -}}
{{ (functions.boolean_option('match-mapped-addresses', option.match_mapped_addresses) + '\n') if option.match_mapped_addresses is defined -}} {{ (functions.boolean_option('match-mapped-addresses', item.options.match_mapped_addresses) + '\n') if item.options.match_mapped_addresses is defined -}}
{{ (functions.boolean_option('memstatistics', option.memstatistics) + '\n') if option.memstatistics is defined -}} {{ (functions.boolean_option('memstatistics', item.options.memstatistics) + '\n') if item.options.memstatistics is defined -}}
{{ (functions.boolean_option('message-compression', option.message_compression) + '\n') if option.message_compression is defined -}} {{ (functions.boolean_option('message-compression', item.options.message_compression) + '\n') if item.options.message_compression is defined -}}
{{ (functions.boolean_option('minimal-any', option.minimal_any) + '\n') if option.minimal_any is defined -}} {{ (functions.boolean_option('minimal-any', item.options.minimal_any) + '\n') if item.options.minimal_any is defined -}}
{{ (functions.boolean_option('multi-master', option.multi_master) + '\n') if option.multi_master is defined -}} {{ (functions.boolean_option('multi-master', item.options.multi_master) + '\n') if item.options.multi_master is defined -}}
{{ (functions.boolean_option('notify-to-soa', option.notify_to_soa) + '\n') if option.notify_to_soa is defined -}} {{ (functions.boolean_option('notify-to-soa', item.options.notify_to_soa) + '\n') if item.options.notify_to_soa is defined -}}
{{ (functions.boolean_option('provide-ixfr', option.provide_ixfr) + '\n') if option.provide_ixfr is defined -}} {{ (functions.boolean_option('provide-ixfr', item.options.provide_ixfr) + '\n') if item.options.provide_ixfr is defined -}}
{{ (functions.boolean_option('querylog', option.querylog) + '\n') if option.querylog is defined -}} {{ (functions.boolean_option('querylog', item.options.querylog) + '\n') if item.options.querylog is defined -}}
{{ (functions.boolean_option('recursion', option.recursion) + '\n') if option.recursion is defined -}} {{ (functions.boolean_option('recursion', item.options.recursion) + '\n') if item.options.recursion is defined -}}
{{ (functions.boolean_option('request-expire', option.request_expire) + '\n') if option.request_expire is defined -}} {{ (functions.boolean_option('request-expire', item.options.request_expire) + '\n') if item.options.request_expire is defined -}}
{{ (functions.boolean_option('request-ixfr', option.request_ixfr) + '\n') if option.request_ixfr is defined -}} {{ (functions.boolean_option('request-ixfr', item.options.request_ixfr) + '\n') if item.options.request_ixfr is defined -}}
{{ (functions.boolean_option('request-nsid', option.request_nsid) + '\n') if option.request_nsid is defined -}} {{ (functions.boolean_option('request-nsid', item.options.request_nsid) + '\n') if item.options.request_nsid is defined -}}
{{ (functions.boolean_option('require-server-cookie', option.require_server_cookie) + '\n') if option.require_server_cookie is defined -}} {{ (functions.boolean_option('require-server-cookie', item.options.require_server_cookie) + '\n') if item.options.require_server_cookie is defined -}}
{{ (functions.boolean_option('reuseport', option.reuseport) + '\n') if option.reuseport is defined -}} {{ (functions.boolean_option('reuseport', item.options.reuseport) + '\n') if item.options.reuseport is defined -}}
{{ (functions.boolean_option('root-key-sentinel', option.root_key_sentinel) + '\n') if option.root_key_sentinel is defined -}} {{ (functions.boolean_option('root-key-sentinel', item.options.root_key_sentinel) + '\n') if item.options.root_key_sentinel is defined -}}
{{ (functions.boolean_option('send-cookie', option.send_cookie) + '\n') if option.send_cookie is defined -}} {{ (functions.boolean_option('send-cookie', item.options.send_cookie) + '\n') if item.options.send_cookie is defined -}}
{{ (functions.boolean_option('stale-answer-enable', option.stale_answer_enable) + '\n') if option.stale_answer_enable is defined -}} {{ (functions.boolean_option('stale-answer-enable', item.options.stale_answer_enable) + '\n') if item.options.stale_answer_enable is defined -}}
{{ (functions.boolean_option('stale-cache-enable', option.stale_cache_enable) + '\n') if option.stale_cache_enable is defined -}} {{ (functions.boolean_option('stale-cache-enable', item.options.stale_cache_enable) + '\n') if item.options.stale_cache_enable is defined -}}
{{ (functions.boolean_option('synth-from-dnssec', option.synth_from_dnssec) + '\n') if option.synth_from_dnssec is defined -}} {{ (functions.boolean_option('synth-from-dnssec', item.options.synth_from_dnssec) + '\n') if item.options.synth_from_dnssec is defined -}}
{{ (functions.boolean_option('trust-anchor-telemetry', option.trust_anchor_telemetry) + '\n') if option.trust_anchor_telemetry is defined -}} {{ (functions.boolean_option('trust-anchor-telemetry', item.options.trust_anchor_telemetry) + '\n') if item.options.trust_anchor_telemetry is defined -}}
{{ (functions.boolean_option('try-tcp-refresh', option.try_tcp_refresh) + '\n') if option.try_tcp_refresh is defined -}} {{ (functions.boolean_option('try-tcp-refresh', item.options.try_tcp_refresh) + '\n') if item.options.try_tcp_refresh is defined -}}
{{ (functions.boolean_option('update-check-ksk', option.update_check_ksk) + '\n') if option.update_check_ksk is defined -}} {{ (functions.boolean_option('update-check-ksk', item.options.update_check_ksk) + '\n') if item.options.update_check_ksk is defined -}}
{{ (functions.boolean_option('use-alt-transfer-source', option.use_alt_transfer_source) + '\n') if option.use_alt_transfer_source is defined -}} {{ (functions.boolean_option('use-alt-transfer-source', item.options.use_alt_transfer_source) + '\n') if item.options.use_alt_transfer_source is defined -}}
{{ (functions.boolean_option('zero-no-soa-ttl', option.zero_no_soa_ttl) + '\n') if option.zero_no_soa_ttl is defined -}} {{ (functions.boolean_option('zero-no-soa-ttl', item.options.zero_no_soa_ttl) + '\n') if item.options.zero_no_soa_ttl is defined -}}
{{ (functions.boolean_option('zero-no-soa-ttl-cache', option.zero_no_soa_ttl_cache) + '\n') if option.zero_no_soa_ttl_cache is defined -}} {{ (functions.boolean_option('zero-no-soa-ttl-cache', item.options.zero_no_soa_ttl_cache) + '\n') if item.options.zero_no_soa_ttl_cache is defined -}}
{% endmacro %} {% endfilter %}
};
+2 -3
View File
@@ -1,9 +1,8 @@
{% macro parental_agents(parental_agents) %} {% for agent in item.parental_agents if item.parental_agents is iterable %}
{% for agent in parental_agents if parental_agents is iterable %}
parental-agents {{ agent.name -}} parental-agents {{ agent.name -}}
{{ (' port ' + agent.port | string) if agent.port is defined and agent.port -}} {{ (' port ' + agent.port | string) if agent.port is defined and agent.port -}}
{{ (' dscp ' + agent.dscp | string) if agent.dscp is defined and agent.dscp }} { {{ (' dscp ' + agent.dscp | string) if agent.dscp is defined and agent.dscp }} {
{{ functions.list_address_port_key_tls(agent.addresses) -}}}; {{ functions.list_address_port_key_tls(agent.addresses) -}}};
{% endfor %} {% endfor %}
{% endmacro %}
+2 -3
View File
@@ -1,8 +1,7 @@
{% macro primaries(primaries) %} {% for primary in item.primaries if item.primaries is iterable %}
{% for primary in primaries if primaries is iterable %}
primaries {{ primary.name -}} primaries {{ primary.name -}}
{{ (' port ' + primary.port | string) if primary.port is defined and primary.port -}} {{ (' port ' + primary.port | string) if primary.port is defined and primary.port -}}
{{ (' dscp ' + primary.dscp | string) if primary.dscp is defined and primary.dscp }} { {{ (' dscp ' + primary.dscp | string) if primary.dscp is defined and primary.dscp }} {
{{ functions.list_address_port_key_tls(primary.addresses) -}}}; {{ functions.list_address_port_key_tls(primary.addresses) -}}};
{% endfor %} {% endfor %}
{% endmacro %}
+2 -3
View File
@@ -1,5 +1,5 @@
{% macro server(servers) %} {% for server in item.server if item.server is iterable %}
{% for server in servers if servers is iterable %}
server {{ server.prefix }} { server {{ server.prefix }} {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% if server.transfer_source is defined and server.transfer_source is mapping %} {% if server.transfer_source is defined and server.transfer_source is mapping %}
@@ -54,4 +54,3 @@ query-source
{{ (functions.boolean_option('send-cookie', server.send_cookie) + '\n') if server.send_cookie is defined -}} {{ (functions.boolean_option('send-cookie', server.send_cookie) + '\n') if server.send_cookie is defined -}}
{% endfilter %}}; {% endfilter %}};
{% endfor %} {% endfor %}
{% endmacro %}
+2 -3
View File
@@ -1,10 +1,9 @@
{% macro statistics_channels(statistics_channels) %}
statistics-channels { statistics-channels {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% for channel in statistics_channels if statistics_channels is iterable %} {% for channel in item.statistics_channels if item.statistics_channels is iterable %}
inet {{ channel.address | string }} inet {{ channel.address | string }}
{{- (' port ' + channel.port | string) if channel.port is defined and channel.port -}} {{- (' port ' + channel.port | string) if channel.port is defined and channel.port -}}
{{- (' allow {\n' + functions.simple_item_list(channel.allow) + '};\n') if channel.allow is defined and channel.allow -}} {{- (' allow {\n' + functions.simple_item_list(channel.allow) + '};\n') if channel.allow is defined and channel.allow -}}
{% endfor %} {% endfor %}
{% endfilter %}}; {% endfilter %}};
{% endmacro %}
+2 -3
View File
@@ -1,5 +1,5 @@
{% macro tls(tlss) %} {% for tls in item.tls if item.tls is iterable %}
{% for tls in tlss if tlss is iterable %}
tls {{ tls.name }} { tls {{ tls.name }} {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{{ ('cert-file "' + tls.cert_file + '";\n') if tls.cert_file is defined and tls.cert_file -}} {{ ('cert-file "' + tls.cert_file + '";\n') if tls.cert_file is defined and tls.cert_file -}}
@@ -13,4 +13,3 @@ tls {{ tls.name }} {
{{ (functions.boolean_option('session-tickets', tls.session_tickets) + '\n') if tls.session_tickets is defined -}} {{ (functions.boolean_option('session-tickets', tls.session_tickets) + '\n') if tls.session_tickets is defined -}}
{% endfilter %}}; {% endfilter %}};
{% endfor %} {% endfor %}
{% endmacro %}
+2 -3
View File
@@ -1,7 +1,7 @@
{% macro trust_anchors(trust_anchors) %}
trust-anchors { trust-anchors {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{% for anchor in trust_anchors if trust_anchors is iterable %} {% for anchor in item.trust_anchors if item.trust_anchors is iterable %}
{{ (anchor.name | string) -}} {{ (anchor.name | string) -}}
{{ (' ' + anchor.type) -}} {{ (' ' + anchor.type) -}}
{{ (' ' + anchor.flags | string) -}} {{ (' ' + anchor.flags | string) -}}
@@ -10,4 +10,3 @@ trust-anchors {
{{ (' "' + anchor.key + '"') -}}; {{ (' "' + anchor.key + '"') -}};
{% endfor %} {% endfor %}
{% endfilter %}}; {% endfilter %}};
{% endmacro %}
+3 -3
View File
@@ -1,5 +1,5 @@
{% macro view(views) %} {% for view in item.view if item.view is iterable %}
{% for view in views if views is iterable %}
view {{ view.name }} { view {{ view.name }} {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
{{ ('match-recursive-only ' + functions.named_boolean(view.match_recursive_only) + ';\n') if view.match_recursive_only is defined -}} {{ ('match-recursive-only ' + functions.named_boolean(view.match_recursive_only) + ';\n') if view.match_recursive_only is defined -}}
@@ -75,4 +75,4 @@ view {{ view.name }} {
{{ trust_anchors(view.trust_anchors) -}} {{ trust_anchors(view.trust_anchors) -}}
{% endif %} {% endif %}
{% endfilter %} {% endfilter %}
};{% endfor %}{% endmacro %} };{% endfor %}
+3 -6
View File
@@ -1,6 +1,5 @@
# Zones Macro {% for zone in item.zones %}
{% macro zones(zones) -%}
{% for zone in zones %}
zone "{{ zone.name }}" { zone "{{ zone.name }}" {
{% filter indent(bind9_config_indent, true) %} {% filter indent(bind9_config_indent, true) %}
# Zone {{ zone.name }} type {{ zone.type }} # Zone {{ zone.name }} type {{ zone.type }}
@@ -48,7 +47,7 @@ server-names {
server-addresses { server-addresses {
{{ functions.simple_item_list(zone.server_addresses) }}}; {{ functions.simple_item_list(zone.server_addresses) }}};
{% endif %} {% endif %}
{{ functions.parent_address_port_dscp('forwarders', zone.forwarders) if zone.forwarders is defined and zone.forwarders -}} {{ functions.parent_address_port_tls('forwarders', zone.forwarders) if zone.forwarders is defined and zone.forwarders -}}
{% if zone.allow_transfer is defined and zone.allow_transfer is not string %} {% if zone.allow_transfer is defined and zone.allow_transfer is not string %}
allow-transfer allow-transfer
{{- (' port ' + zone.allow_transfer.port | string) if zone.allow_transfer.port is defined and zone.allow_transfer.port -}} {{- (' port ' + zone.allow_transfer.port | string) if zone.allow_transfer.port is defined and zone.allow_transfer.port -}}
@@ -157,6 +156,4 @@ parental-source-v6 {{ zone.parental_source_v6.address -}}
{{ ('in-view ' + zone.in_view | string+';\n') if zone.in_view is defined and zone.in_view -}} {{ ('in-view ' + zone.in_view | string+';\n') if zone.in_view is defined and zone.in_view -}}
{% endfilter %} {% endfilter %}
}; };
{% endfor %} {% endfor %}
{% endmacro %}
+1 -1
View File
@@ -2,4 +2,4 @@
- hosts: localhost - hosts: localhost
remote_user: root remote_user: root
roles: roles:
- bind9 - bind9 # noqa: syntax-check[specific]