server:
verbosity: 1
-<%=
- out = []
- if nodeinfo['misc']['resolver-recursive'] and nodeinfo['hoster']['allow_dns_query']
- out << " interface: 0.0.0.0"
- out << " interface: ::0"
- out << ""
- out << " interface-automatic: yes"
-
- out << " access-control: 0.0.0.0/0 refuse"
- out << " access-control: ::0/0 refuse"
- out << " access-control: 127.0.0.0/8 allow"
- out << " access-control: ::0/0 refuse"
- out << " access-control: ::1 allow"
- out << " access-control: ::ffff:127.0.0.1 allow"
- nodeinfo['hoster']['allow_dns_query'].each do |net|
- out << " access-control: #{net} allow"
- end
- end
- out.join("\n")
-%>
+<% if (@is_recursor and (not @client_ranges.empty?)) -%>
+ interface: 0.0.0.0
+ interface: ::0
+
+ interface-automatic: yes
+
+ access-control: 0.0.0.0/0 refuse
+ access-control: ::0/0 refuse
+ access-control: 127.0.0.0/8 allow
+ access-control: ::0/0 refuse
+ access-control: ::1 allow
+ access-control: ::ffff:127.0.0.1 allow
+<% @client_ranges.to_a.flatten.each do |net| -%>
+ access-control: <%= net -%> allow
+<% end -%>
+<% end -%>
#chroot: ""
hide-identity: yes
hide-version: yes
- use-caps-for-id: yes
-
# Do not query the following addresses. No DNS queries are sent there.
# List one address per entry. List classless netblocks with /size,
# do-not-query-address: 127.0.0.1/8
auto-trust-anchor-file: "/var/lib/unbound/root.key"
auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
-<%=
- out = []
- unless nodeinfo['misc']['resolver-recursive'] and not nodeinfo['hoster']['nameservers_break_dnssec']
- forwarders = nodeinfo['hoster']['nameservers']
- forwarders ||= []
-
- out << 'forward-zone:'
- out << ' name: "."'
- forwarders.each do |ns|
- out << " forward-addr: #{ns}"
- end
- end
- out.join("\n")
-%>
+# recursive: <%= @is_recursor ? "y" : "n" %>
+<% if not @is_recursor -%>
+forward-zone:
+ name: "."
+<% @ns.to_a.flatten.each do |nms| -%>
+ forward-addr: <%= nms %>
+<% end -%>
+<% end -%>
+<% if hostname == "zappa" -%>
+edns-buffer-size: 512
+<% end -%>
projects / dsa-puppet.git / blobdiff