acl "lixonet_global" {
    ${network_address}/${global_prefix:-16};
};

acl "lixonet_local" {
    {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}{{.}};
    {{ end }}{{ end }}
};

options {
    directory "/var/cache/bind";
    
    listen-on { ${tinc_peer_address}; };
    
    forward only;
    forwarders { ${bind_forward_address-"${internal_gateway}"}; };
    
    dnssec-enable no;
    dnssec-validation no;
};

logging {
	channel custom {
		stderr;
		print-time yes;
		print-severity yes;
		print-category yes;
		severity debug 9;
	};
	category default { custom; };
};



view "lixonet" {
    recursion yes;
    match-clients { lixonet_global; };
	
    allow-query { any; };
    allow-recursion { any; };
    
    response-policy { zone "rpz.whitelist"; zone "rpz"; };
    
    zone "rpz.whitelist" {
        type master;
        file "/etc/bind/lixo.rpz.whitelist";
        allow-query { none; };
    };

    zone "rpz" {
       type master;
       file "/etc/bind/lixo.rpz";
       allow-query { none; };
    };
    
    # Local forwarding zone
    zone "{{ "$tinc_peer_name" | replace "_" "." }}" {
        type forward;
        forward only;
        forwarders { ${bind_forward_address-"${internal_gateway}"}; };
    };

    # Local reverse zone forwarders
    {{ if len "${local_reverse_zones:-}" }}{{ range "$local_reverse_zones" | split "," }}zone "{{ . }}" {
        type forward;
        forward only;
        forwarders { ${bind_forward_address-"${internal_gateway}"}; };
    };
    {{ end }}{{ end }}
    
    # Peer forwarding zones
    {{ range files "bind/peers" }} {{ if ne . "${tinc_peer_name}" }}
    zone "{{ . | replace "_" "." }}" {
        type forward;
        forward only;
        {{ include (print "bind/peers/" .) }}
    };{{ end }}{{ end }}
    
    # Custom mesh zones
    {{ range files "bind/zones" }}zone "{{ . | replace "_" "." }}" {
        {{ include (print "bind/zones/" .) }}
    };
    {{ end }}
};

view "default" {
	recursion no;
	match-clients { any; };
	allow-recursion { none; };
};