On the geo-nameservers, do not bind to localhost

diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb
index f80122285de44d762e3cbc701fcd1b2a48ab2e38..4cb466ea254225f91e0fc60a571a54e294b60c75 100644 (file)
--- a/modules/named/templates/named.conf.options.erb
+++ b/modules/named/templates/named.conf.options.erb
@@ -20,7 +20,12 @@ options {
        directory "/var/cache/bind";
 
        auth-nxdomain no;    # conform to RFC1035
+<% if classes.include?("named::geodns") -%>
+       listen-on { ! 127.0.0.1; any; };
+       listen-on-v6 { ! ::1; any; };
+<% else -%>
        listen-on-v6 { any; };
+<% end -%>
 
        allow-transfer { none; };
        allow-update { none; };