blob: 70e35417c9e9fd1dab2dbb0100a483803bc95257 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# Manged by Ansible
server:
hide-version: yes
verbosity: 1
database: "" # disable database
## bind to a specific address/port
# ip-address: 192.0.2.53
# ip-address: 192.0.2.53@5678
# ip-address: 2001:db8::53
## make packets as small as possible, on by default
# minimal-responses: yes
## respond with truncation for ANY queries over UDP and allow ANY over TCP,
## on by default
# refuse-any: yes
remote-control:
control-enable: yes
control-interface: /var/run/nsd.sock
## tsig key example
#key:
# name: "tsig1.example.com."
# algorithm: hmac-sha256
# secret: "bWVrbWl0YXNkaWdvYXQ="
## master zone example
#zone:
# name: "example.com"
# zonefile: "master/example.com"
# notify: 192.0.2.1 NOKEY
# provide-xfr: 192.0.2.1 NOKEY
## slave zone example
#zone:
# name: "example.net"
# zonefile: "slave/example.net"
# allow-notify: 192.0.2.2 tsig1.example.com.
# request-xfr: 192.0.2.2 tsig1.example.com.
## dynamically configured zones, used with "nsd-control addzone/delzone".
## filenames are constructed using the pattern: %s - zone name.
## %1 - first character of zone name, %2 second, ## %3 third.
## %z - topleveldomain label of zone, %y, %x next labels in name.
#pattern:
# name: "master"
# zonefile: "master/%s.zone"
# notify: 192.0.2.1 NOKEY
# provide-xfr: 192.0.2.1 NOKEY
{% if nsd_keys is defined %}
{% for key in nsd_keys %}
key:
name: {{key.name}}
algorithm: {{key.algorithm}}
secret: "{{key.secret}}"
{% endfor %}
{% endif %}
{% for zone in nsd_zones %}
zone:
name: {{zone}}
zonefile: master/%s.zone
{% endfor %}
|
