{{ ansible_header | comment(decoration='// ') }} // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; {% if is_master -%} // Let's Encrypt Challenge DNS-01 key key "certbot_challenge." { algorithm hmac-sha512; secret "{{ certbot_dns_secret }}"; }; key "certbot_adm_challenge." { algorithm hmac-sha512; secret "{{ certbot_adm_dns_secret }}"; }; {% endif %} // Let's Encrypt Challenge DNS-01 zone zone "_acme-challenge.crans.org" { {% if is_master %} type master; notify yes; update-policy { grant certbot_challenge. name _acme-challenge.crans.org. txt; }; {% else %} type slave; masters { {% for host in bind.masters %} {% for ip in query('ldap', 'ip', host, 'adm') %} {{ ip }}; {% endfor -%} {% endfor %} }; notify no; {% endif %} file "bak._acme-challenge.crans.org"; }; // Let's Encrypt Challenge DNS-01 zone zone "_acme-challenge.adm.crans.org" { {% if is_master %} type master; notify yes; update-policy { grant certbot_adm_challenge. name _acme-challenge.adm.crans.org. txt; }; {% else %} type slave; masters { {% for host in bind.masters %} {% for ip in query('ldap', 'ip', host, 'adm') %} {{ ip }}; {% endfor -%} {% endfor %} }; notify no; {% endif %} file "bak._acme-challenge.adm.crans.org"; }; zone "_acme-challenge.crans.fr" { {% if is_master %} type master; notify yes; update-policy { grant certbot_challenge. name _acme-challenge.crans.fr. txt; }; {% else %} type slave; masters { {% for host in bind.masters %} {% for ip in query('ldap', 'ip', host, 'adm') %} {{ ip }}; {% endfor -%} {% endfor %} }; notify no; {% endif %} file "bak._acme-challenge.crans.fr"; }; zone "_acme-challenge.crans.eu" { {% if is_master %} type master; notify yes; update-policy { grant certbot_challenge. name _acme-challenge.crans.eu. txt; }; {% else %} type slave; masters { {% for host in bind.masters %} {% for ip in query('ldap', 'ip', host, 'adm') %} {{ ip }}; {% endfor -%} {% endfor %} }; notify no; {% endif %} file "bak._acme-challenge.crans.eu"; }; // Crans zones {% for zone in bind.zones|sort %} zone "{{ zone }}" { {% if is_master %} type master; // Apparmor: Need to ln -s /var/cache/bind/generated /var/local/re2o-services/dns/generated file "generated/dns.{{ zone }}.zone"; notify yes; {% else %} type slave; file "bak.{{ zone }}"; masters { {% for host in bind.masters %} {% for ip in query('ldap', 'ip', host, 'adm') %} {{ ip }}; {% endfor -%} {% endfor %} }; notify no; {% endif %} }; {% endfor %} // Crans reverse zones {% for zone in bind.reverse %} zone "{{ zone }}" { {% if is_master %} type master; // Apparmor: Need to ln -s /var/cache/bind/generated /var/local/re2o-services/dns/generated file "generated/dns.{{ zone }}.zone"; notify yes; {% else %} type slave; file "bak.{{ zone }}"; masters { {% for host in bind.masters %} {% for ip in query('ldap', 'ip', host, 'adm') %} {{ ip }}; {% endfor -%} {% endfor %} }; notify no; {% endif %} }; {% endfor %}