fix: support update-policies
Some checks reported errors
continuous-integration/drone/push Build encountered an error

This commit is contained in:
Markus Pesch 2023-01-18 23:35:36 +01:00
parent 937b6c85de
commit b7cba859e2
Signed by: volker.raschek
GPG Key ID: 852BCC170D81A982
2 changed files with 25 additions and 1 deletions

View File

@ -33,7 +33,7 @@ bind9_options:
allow_update_forwarding: [] allow_update_forwarding: []
auth_nxdomain: false auth_nxdomain: false
blackhole: [] blackhole: []
dnssec_validations: true dnssec_validation: true
forwarders: forwarders:
- ip: "8.8.8.8" # Google IPv4 - ip: "8.8.8.8" # Google IPv4
port: "53" port: "53"
@ -60,6 +60,14 @@ bind9_options:
minimal_responses: "no" minimal_responses: "no"
notify: "yes" notify: "yes"
recursion: "yes" recursion: "yes"
update_policies: []
# - action: grant
# identity: keyname
# ruletype: name
# name: _acme-challenge.example.com.
# types:
# - TXT
transfer_format: "many-answers" transfer_format: "many-answers"
bind9_tsigkeys: [] bind9_tsigkeys: []

View File

@ -224,6 +224,22 @@ view "{{ view.name }}" {
type {{ zone.type }}; type {{ zone.type }};
# The update-policy clause allows more fine-grained control over which
# updates are allowed. It specifies a set of rules, in which each rule
# either grants or denies permission for one or more names in the zone to be
# updated by one or more identities. Identity is determined by the key that
# signed the update request, using either TSIG or SIG(0).
# https://bind9.readthedocs.io/en/v9_16_5/reference.html#dynamic-update-policies
{% if zone.update_policies is defined and zone.update_policies | length > 0 %}
update-policy {
{% for update_policy in zone.update_policies %}
{{ update_policy.action }} {{ update_policy.identity }} {{ update_policy.ruletype }} {{ update_policy.name | default('') }} {{ update_policy.types | default('') | join(' ') }};
{% endfor %}
};
{% else %}
# update-policy {};
{% endif %}
}; };
{% endfor %} {% endfor %}