77 lines
1.5 KiB
Cheetah
77 lines
1.5 KiB
Cheetah
acl "lixonet_global" {
|
|
${network_address}/${global_prefix:-16};
|
|
};
|
|
|
|
acl "lixonet_local" {
|
|
{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}{{.}};
|
|
{{ end }}{{ end }}
|
|
};
|
|
|
|
options {
|
|
directory "/var/cache/bind";
|
|
|
|
listen-on { ${tinc_peer_address}; };
|
|
|
|
forward only;
|
|
forwarders { ${bind_forward_address-"${internal_gateway}"}; };
|
|
|
|
dnssec-enable no;
|
|
dnssec-validation no;
|
|
};
|
|
|
|
logging {
|
|
channel custom {
|
|
stderr;
|
|
print-time yes;
|
|
print-severity yes;
|
|
print-category yes;
|
|
severity debug 9;
|
|
};
|
|
category default { custom; };
|
|
};
|
|
|
|
|
|
|
|
view "lixonet" {
|
|
recursion yes;
|
|
match-clients { lixonet_global; };
|
|
|
|
allow-query { any; };
|
|
allow-recursion { any; };
|
|
|
|
response-policy { zone "rpz.whitelist"; zone "rpz"; };
|
|
|
|
zone "rpz.whitelist" {
|
|
type master;
|
|
file "/etc/bind/lixo.rpz.whitelist";
|
|
allow-query { none; };
|
|
};
|
|
|
|
zone "rpz" {
|
|
type master;
|
|
file "/etc/bind/lixo.rpz";
|
|
allow-query { none; };
|
|
};
|
|
|
|
# Self zone
|
|
zone "{{ "$tinc_peer_name" | replace "_" "." }}" {
|
|
type forward;
|
|
forward only;
|
|
forwarders { ${bind_forward_address-"${internal_gateway}"}; };
|
|
};
|
|
|
|
# Forwarders
|
|
{{ range files "bind/peers" }} {{ if ne . "${tinc_peer_name}" }}
|
|
zone "{{ . | replace "_" "." }}" {
|
|
type forward;
|
|
forward only;
|
|
{{ include (print "bind/peers/" .) }}
|
|
};{{ end }}{{ end }}
|
|
};
|
|
|
|
view "default" {
|
|
recursion no;
|
|
match-clients { any; };
|
|
allow-recursion { none; };
|
|
};
|