config-nameservers/roles/knot/templates/knot.conf.j2

server:
    rundir: "/run/knot"
    user: knot:knot
    listen: [ 0.0.0.0@53, ::@53 ]

log:
  - target: syslog
    any: info

{{ tsig_key_content }}

remote:
{% for host in groups.all %}
  - id: {{ hostvars[host].ansible_hostname }}
    address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
    key: {{ key_name }}
{% endfor %}

acl:
{% for host in groups.all %}
  - id: {{ hostvars[host].ansible_hostname }}
    address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
    action: {% if host in groups.secondary %} transfer {% elif host in groups.primary %} notify {% endif %}
    key: {{ key_name }}
{% endfor %}

template:
  - id: default
    storage: "/var/lib/knot"
    file: "zones/%s.zone"

{% if inventory_hostname in groups.primary %}
    zonefile-load: difference-no-serial
    journal-content: all
    dnssec-signing: on
    dnssec-policy: default
    notify: [ {{ groups.secondary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
    acl: [ {{ groups.secondary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
{% endif %}

{% if inventory_hostname in groups.secondary %}
    master: [ {{ groups.primary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
    acl: [ {{ groups.primary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
{% endif %}

zone:
{% for zone in catalog_zones %}
  - domain: dns-witch-catalog
    file: "catalog-zones/%s.zone"
    catalog-role: interpret
    catalog-template: "default"
    dnssec-signing: off
{% endfor %}
init config 2021-07-30 09:15:36 +00:00			`server:`
			`rundir: "/run/knot"`
			`user: knot:knot`
			`listen: [ 0.0.0.0@53, ::@53 ]`

			`log:`
			`- target: syslog`
			`any: info`

test 2021-07-30 10:36:02 +00:00			`{{ tsig_key_content }}`
init config 2021-07-30 09:15:36 +00:00
			`remote:`
			`{% for host in groups.all %}`
			`- id: {{ hostvars[host].ansible_hostname }}`
			`address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) \| ansible.netcommon.ipaddr('public') \| join(', ') }} ]`
			`key: {{ key_name }}`
			`{% endfor %}`

			`acl:`
			`{% for host in groups.all %}`
			`- id: {{ hostvars[host].ansible_hostname }}`
			`address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) \| ansible.netcommon.ipaddr('public') \| join(', ') }} ]`
			`action: {% if host in groups.secondary %} transfer {% elif host in groups.primary %} notify {% endif %}`
fix config 2021-07-30 10:58:14 +00:00			`key: {{ key_name }}`
init config 2021-07-30 09:15:36 +00:00			`{% endfor %}`

			`template:`
			`- id: default`
			`storage: "/var/lib/knot"`
			`file: "zones/%s.zone"`

			`{% if inventory_hostname in groups.primary %}`
			`zonefile-load: difference-no-serial`
			`journal-content: all`
			`dnssec-signing: on`
			`dnssec-policy: default`
			`notify: [ {{ groups.secondary \| map('extract', hostvars) \| map(attribute='ansible_hostname') \| join(', ') }} ]`
			`acl: [ {{ groups.secondary \| map('extract', hostvars) \| map(attribute='ansible_hostname') \| join(', ') }} ]`
			`{% endif %}`

			`{% if inventory_hostname in groups.secondary %}`
			`master: [ {{ groups.primary \| map('extract', hostvars) \| map(attribute='ansible_hostname') \| join(', ') }} ]`
			`acl: [ {{ groups.primary \| map('extract', hostvars) \| map(attribute='ansible_hostname') \| join(', ') }} ]`
			`{% endif %}`

			`zone:`
			`{% for zone in catalog_zones %}`
			`- domain: dns-witch-catalog`
			`file: "catalog-zones/%s.zone"`
			`catalog-role: interpret`
			`catalog-template: "default"`
			`dnssec-signing: off`
			`{% endfor %}`