server:
verbosity: 1
- # specify the interfaces to answer queries from by ip-address.
- # The default is to listen to localhost (127.0.0.1 and ::1).
- # specify 0.0.0.0 and ::0 to bind to all available interfaces.
- # specify every interface[@port] on a new 'interface:' labelled line.
- # The listen interfaces are not changed on reload, only on restart.
- # interface: 192.0.2.153
- # interface: 192.0.2.154
- # interface: 192.0.2.154@5003
- # interface: 2001:DB8::5
-
- # enable this feature to copy the source address of queries to reply.
- # Socket options are not supported on all platforms. experimental.
- interface-automatic: yes
+<%=
+ out = []
+ if nodeinfo['misc']['resolver-recursive'] and nodeinfo['hoster']['allow_dns_query']
+ out << " interface: 0.0.0.0"
+ out << " interface: ::0"
+ out << ""
+ out << " interface-automatic: yes"
- # control which clients are allowed to make (recursive) queries
- # to this server. Specify classless netblocks with /size and action.
- # By default everything is refused, except for localhost.
- # Choose deny (drop message), refuse (polite error reply),
- # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
- # access-control: 0.0.0.0/0 refuse
- # access-control: 127.0.0.0/8 allow
- # access-control: ::0/0 refuse
- # access-control: ::1 allow
- # access-control: ::ffff:127.0.0.1 allow
+ out << " access-control: 0.0.0.0/0 refuse"
+ out << " access-control: ::0/0 refuse"
+ out << " access-control: 127.0.0.0/8 allow"
+ out << " access-control: ::0/0 refuse"
+ out << " access-control: ::1 allow"
+ out << " access-control: ::ffff:127.0.0.1 allow"
+ nodeinfo['hoster']['allow_dns_query'].each do |net|
+ out << " access-control: #{net} allow"
+ end
+ end
+ out.join("\n")
+%>
#chroot: ""
projects / dsa-puppet.git / commitdiff