lixonet-ee/bind/named.conf.tmpl

acl "lixonet_global" {
    ${network_address}/${global_prefix:-16};
};

acl "lixonet_local" {
    {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}{{.}};
    {{ end }}{{ end }}
};

options {
    directory "/var/cache/bind";
    
    listen-on { any; };
{{ if eq "1" "${bind_forward_enable:-1}" }}
    forward only;
    forwarders { ${bind_forward_address-"${internal_gateway}"}; };
{{ end }}
    dnssec-validation no;
};

logging {
	channel custom {
		stderr;
		print-time yes;
		print-severity yes;
		print-category yes;
		severity warning;
	};
	category default { custom; };
};


view "lixonet" {
    recursion yes;
    match-clients { any; };
	
    allow-query { any; };
    allow-recursion { any; };
    
    response-policy { zone "rpz.whitelist"; zone "rpz"; };
    
    zone "rpz.whitelist" {
        type master;
        file "/etc/bind/lixo.rpz.whitelist";
        allow-query { none; };
    };

    zone "rpz" {
       type master;
       file "/etc/bind/lixo.rpz";
       allow-query { none; };
    };
    
    # Local forwarding zone
{{ if eq "1" "${bind_forward_enable:-1}" }}
    zone "{{ "$tinc_peer_name" | replace "_" "." }}" {
        type forward;
        forward only;
        forwarders { ${bind_forward_address-"${internal_gateway}"}; };
    };
{{ end }}

    # Local reverse zone forwarders
{{ if eq "1" "${bind_forward_enable:-1}" }}
    {{ if len "${local_reverse_zones:-}" }}{{ range "$local_reverse_zones" | split "," }}zone "{{ . }}" {
        type forward;
        forward only;
        forwarders { ${bind_forward_address-"${internal_gateway}"}; };
    };
    {{ end }}{{ end }}
{{ end }}
	
    # Peer forwarding zones
    {{ range files "bind/peers" }} {{ if ne . "${tinc_peer_name}" }}
    zone "{{ . | replace "_" "." }}" {
        type forward;
        forward only;
        {{ include (print "bind/peers/" .) }}
    };{{ end }}{{ end }}
    
    # Custom mesh zones
    {{ range files "bind/zones" }}zone "{{ . | replace "_" "." }}" {
        {{ include (print "bind/zones/" .) }}
    };
    {{ end }}
};

view "default" {
	recursion no;
	match-clients { any; };
	allow-recursion { none; };
};
Feature bind 2020-06-13 04:22:42 +00:00			`acl "lixonet_global" {`
			`${network_address}/${global_prefix:-16};`
			`};`

			`acl "lixonet_local" {`
			`{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" \| split "," }}{{.}};`
			`{{ end }}{{ end }}`
			`};`

			`options {`
			`directory "/var/cache/bind";`

Bird monitoring 2020-06-22 00:18:11 +00:00			`listen-on { any; };`
Update named.conf.tmpl 2023-04-12 18:36:32 -06:00			`{{ if eq "1" "${bind_forward_enable:-1}" }}`
Feature bind 2020-06-13 04:22:42 +00:00			`forward only;`
			`forwarders { ${bind_forward_address-"${internal_gateway}"}; };`
Update named.conf.tmpl 2023-04-12 18:36:32 -06:00			`{{ end }}`
Update named.conf.tmpl 2023-01-08 21:49:03 -07:00			`dnssec-validation no;`
Feature bind 2020-06-13 04:22:42 +00:00			`};`

			`logging {`
			`channel custom {`
			`stderr;`
			`print-time yes;`
			`print-severity yes;`
			`print-category yes;`
Update named.conf.tmpl 2020-06-21 06:03:30 +00:00			`severity warning;`
Feature bind 2020-06-13 04:22:42 +00:00			`};`
			`category default { custom; };`
			`};`



			`view "lixonet" {`
			`recursion yes;`
Update named.conf.tmpl 2020-06-23 16:31:49 +00:00			`match-clients { any; };`
Feature bind 2020-06-13 04:22:42 +00:00
			`allow-query { any; };`
			`allow-recursion { any; };`

			`response-policy { zone "rpz.whitelist"; zone "rpz"; };`

			`zone "rpz.whitelist" {`
			`type master;`
			`file "/etc/bind/lixo.rpz.whitelist";`
			`allow-query { none; };`
			`};`

			`zone "rpz" {`
			`type master;`
			`file "/etc/bind/lixo.rpz";`
			`allow-query { none; };`
			`};`

Update named.conf.tmpl 2020-06-13 04:45:08 +00:00			`# Local forwarding zone`
Update named.conf.tmpl 2023-04-12 18:38:29 -06:00			`{{ if eq "1" "${bind_forward_enable:-1}" }}`
Feature bind 2020-06-13 04:22:42 +00:00			`zone "{{ "$tinc_peer_name" \| replace "_" "." }}" {`
			`type forward;`
			`forward only;`
			`forwarders { ${bind_forward_address-"${internal_gateway}"}; };`
			`};`
Update named.conf.tmpl 2023-04-12 18:38:29 -06:00			`{{ end }}`
usage: netcalc split [-h] NETWORK LENGTH [MAXLENGTH] netcalc split: error: argument LENGTH: invalid int value: '172.31.16.0/21' 2020-06-21 03:52:29 +00:00
			`# Local reverse zone forwarders`
Update docs 2021-09-21 17:28:39 -06:00			`{{ if eq "1" "${bind_forward_enable:-1}" }}`
usage: netcalc split [-h] NETWORK LENGTH [MAXLENGTH] netcalc split: error: argument LENGTH: invalid int value: '172.31.16.0/21' 2020-06-21 03:52:29 +00:00			`{{ if len "${local_reverse_zones:-}" }}{{ range "$local_reverse_zones" \| split "," }}zone "{{ . }}" {`
			`type forward;`
			`forward only;`
			`forwarders { ${bind_forward_address-"${internal_gateway}"}; };`
			`};`
			`{{ end }}{{ end }}`
Update docs 2021-09-21 17:28:39 -06:00			`{{ end }}`

Update named.conf.tmpl 2020-06-13 04:45:08 +00:00			`# Peer forwarding zones`
Feature bind 2020-06-13 04:22:42 +00:00			`{{ range files "bind/peers" }} {{ if ne . "${tinc_peer_name}" }}`
			`zone "{{ . \| replace "_" "." }}" {`
			`type forward;`
			`forward only;`
			`{{ include (print "bind/peers/" .) }}`
			`};{{ end }}{{ end }}`
Update named.conf.tmpl 2020-06-13 04:45:08 +00:00
			`# Custom mesh zones`
usage: netcalc split [-h] NETWORK LENGTH [MAXLENGTH] netcalc split: error: argument LENGTH: invalid int value: '172.31.16.0/21' 2020-06-21 03:52:29 +00:00			`{{ range files "bind/zones" }}zone "{{ . \| replace "_" "." }}" {`
Update named.conf.tmpl 2020-06-13 04:45:08 +00:00			`{{ include (print "bind/zones/" .) }}`
usage: netcalc split [-h] NETWORK LENGTH [MAXLENGTH] netcalc split: error: argument LENGTH: invalid int value: '172.31.16.0/21' 2020-06-21 03:52:29 +00:00			`};`
			`{{ end }}`
Feature bind 2020-06-13 04:22:42 +00:00			`};`

			`view "default" {`
			`recursion no;`
			`match-clients { any; };`
			`allow-recursion { none; };`
			`};`