--- bind9_acls: - name: internalnets permissions: [] # - "111.222.111.222" bind9_controls: [] # - acls: # - localhost # inet: "127.0.0.1" # port: "953" # tsig_keys: # - rndc bind9_logging: categories: - name: "security" channels: - "security_file" channels: - name: "security_file" file: path: "/var/log/named/security.log" options: "versions 3 size 30m" severity: "dynamic" print_times: "yes" bind9_options: allow_query: [] allow_query_on: [] allow_query_cache: [] allow_query_cache_on: [] allow_recursion: - "localhost" - "localnets" - "internalnets" allow_recursion_on: [] allow_transfer: [] allow_update: [] allow_update_forwarding: [] auth_nxdomain: false blackhole: [] dnssec_accept_expired: false dnssec_validation: "auto" forwarders: - ip: "8.8.8.8" # Google IPv4 port: "53" - ip: "8.8.4.4" # Google IPv4 port: "53" - ip: "2001:4860:4860::8888" # Google IPv6 port: "53" - ip: "2001:4860:4860::8844" # Google IPv6 port: "53" - ip: "208.67.222.222" # OpenDNS IPv4 port: "53" - ip: "208.67.220.220" # OpenDNS IPv4 port: "53" - ip: "2620:0:ccc::2" # OpenDNS IPv6 port: "53" - ip: "2620:0:ccd::2" # OpenDNS IPv6 port: "53" interface_interval: 0 key_directory: "/var/named/dnssec-keys" listen_on_ipv4: - "127.0.0.1" listen_on_ipv6: - "::1" max_transfer_time: "60" minimal_responses: "no" notify: "yes" recursion: "yes" update_policies: [] # - action: grant # identity: keyname # ruletype: name # name: _acme-challenge.example.com. # types: # - TXT transfer_format: "many-answers" bind9_rndc_key: name: "" algorithm: "" secret: "" bind9_dnssec_keys: [] # - origin: "hellenthal.cryptic.systems" # key_signing_key: # private: # filename: "{{ bind9_options.key_directory }}/example.com.private" # content: "private key" # public: # filename: "{{ bind9_options.key_directory }}/example.com.private" # content: "public key" # zone_signing_key: # private: # filename: "{{ bind9_options.key_directory }}/example.com.private" # content: "private key" # public: # filename: "{{ bind9_options.key_directory }}/example.com.private" # content: "public key" bind9_statics: enabled: true channels: - inet: "127.0.0.1" port: "8053" acls: - "localhost" bind9_tsigkeys: [] # - name: "name" # algorithm: "algorithm" # secret: "secret" bind9_views: [] # - name: external # match_clients: # - "!internalnets" # - "any" # zones: # - config: # allow_notify: [] # allow_query: # - "any" # allow_query_on: [] # allow_update: [] # allow_update_forwarding: [] # allow_transfer: [] # file: zones/external/db.local.example # origin: "example.local." # type: master # notify: true # file: zones/external/db.local.example # - name: internal # match_clients: # - "!192.168.178.1" # - "internalnets" # - "127.0.0.0/8" # zones: # - config: # allow_notify: [] # allow_query: # - "any" # allow_query_on: [] # allow_update: [] # allow_update_forwarding: [] # allow_transfer: [] # file: zones/internal/db.local.example # origin: "example.local." # type: master # file: zones/internal/db.local.example # - config: # allow_notify: [] # allow_query: [] # allow_query_on: [] # allow_update: [] # allow_update_forwarding: [] # allow_transfer: [] # forward: only # forwarders: # - 192.168.175.1 # origin: "gitlab-runner.external.local" # type: forward # file: "gitlab-runner.external.local"