Commit 0d30d12b authored by ale's avatar ale

Experimental support for having bind9 listen on specific interfaces

parent 87818fe8
Pipeline #6285 passed with stage
in 3 minutes and 25 seconds
......@@ -7,8 +7,26 @@ acl "net_{{ n.name }}" {
options {
directory "/var/cache/bind";
{% if float_limit_bind_to_known_interfaces | default(False) %}
listen-on {
127.0.0.1;
{% for h in groups['frontend'] | sort %}
{{ hostvars[h]['ip'] }};
{% for n in net_overlays | sort if ('ip_' + n) in hostvars[h] %}
{{ hostvars[h]['ip_' + n] }};
{% endfor %}
{% endfor %}
};
listen-on-v6 {
::1;
{% for h in groups['frontend'] | sort if 'ip6' in hostvars[h] %}
{{ hostvars[h]['ip6'] }};
{% endfor %}
};
{% else %}
listen-on { any; };
listen-on-v6 { any; };
{% endif %}
dnssec-enable yes;
dnssec-validation auto;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment