vn-ansible/roles/ns/templates/named.conf.master.j2

options {
    directory "/var/cache/bind";
    max-cache-size 500m;
    auth-nxdomain no;
    listen-on-v6 { none; };
    version "DNS";
    allow-update { none; };
    blackhole { rfc5735; };

    allow-transfer {
    {% for ip in bind_allow_transfer %}
        {{ ip }};
    {% endfor %}
    };
};

view "lan" {
        match-clients {
        {% for item in key_match_clients_lan_master if item.startswith("!key") %}
          {{ item }};
          {% endfor %}
{% for item in acl_match_clients %}
        {{ item }};
          {% endfor %}
{% for item in key_match_clients_lan_master if not item.startswith("!key") %}
        {{ item }};
          {% endfor %}
};

    plugin query "filter-aaaa.so" {
        filter-aaaa-on-v4 yes;
        filter-aaaa-on-v6 yes;
        filter-aaaa { any; };
    };

    recursion yes;
    allow-recursion { any; };
    empty-zones-enable yes;
    notify yes;

    include "/etc/bind/named.conf.default-zones";

    {% for zone in bind_zones.lan %}
    zone "{{ zone.name }}" {
        type master;
        forwarders {};
        allow-update { key {{ zone.key }}; };
        file "{{ zone.file }}";
    };
    {% endfor %}
};

view "wan" {
    match-clients { any; };

    recursion no;
    allow-query-cache { none; };
    empty-zones-enable no;

    notify explicit;

    also-notify {
    {% for entry in bind_also_notify %}
        {{ entry.ip }} key {{ entry.key }};
    {% endfor %}
    };

    {% for zone in bind_zones.wan %}
    {% if zone.in_view is defined %}
    {% for z in zone.in_view %}
    zone "{{ z }}" {
        in-view "lan";
    };
    {% endfor %}
    {% else %}
    zone "{{ zone.name }}" {
        type master;
        forwarders {};
        allow-update { key {{ zone.key }}; };
        file "{{ zone.file }}";
    };
    {% endif %}
    {% endfor %}
};