From 5406ec7a0553a4d8f230e0757960e2fa4fa7cfde Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Fri, 1 May 2020 16:59:47 +0200
Subject: [PATCH] [bind-authoritative] Add zone _acme-challenge.adm.crans.org

---
 .../templates/bind/named.conf.local.j2        | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/roles/bind-authoritative/templates/bind/named.conf.local.j2 b/roles/bind-authoritative/templates/bind/named.conf.local.j2
index 9752be76..e11f50c3 100644
--- a/roles/bind-authoritative/templates/bind/named.conf.local.j2
+++ b/roles/bind-authoritative/templates/bind/named.conf.local.j2
@@ -35,6 +35,29 @@ zone "_acme-challenge.crans.org" {
 	file "bak._acme-challenge.crans.org";
 };
 
+// Let's Encrypt Challenge DNS-01 zone
+zone "_acme-challenge.adm.crans.org" {
+{% if is_master %}
+	type master;
+	notify yes;
+	update-policy {
+		grant certbot_challenge. name _acme-challenge.adm.crans.org. txt;
+	};
+{% else %}
+	type slave;
+	masters {
+{% for ip in masters_ipv4 %}
+		{{ ip }};
+{% endfor -%}
+{% for ip in masters_ipv6 %}
+		{{ ip }};
+{% endfor %}
+	};
+	notify no;
+{% endif %}
+	file "bak._acme-challenge.adm.crans.org";
+};
+
 zone "_acme-challenge.crans.fr" {
 {% if is_master %}
 	type master;