From 47e0fc62d3da2aed61f55d412e59be39be8cc0d1 Mon Sep 17 00:00:00 2001
From: Florian Bittner <github.com@daschatten.de>
Date: Thu, 2 Apr 2015 18:11:01 +0200
Subject: [PATCH] Add allow-transfer statement which disallows zone transfer by
 default.

---
 bind/files/debian/named.conf.local | 5 +++++
 pillar.example                     | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local
index ba58855..bdc3cee 100644
--- a/bind/files/debian/named.conf.local
+++ b/bind/files/debian/named.conf.local
@@ -25,6 +25,11 @@ zone "{{ key }}" {
   {%- endfor %}
   };
   {%- endif %}
+  allow-transfer {
+  {% for remote in args.get('allow-transfer', {}) %}
+    {{ remote }};
+  {% endfor %}
+  };
   {% if args['type'] == "master" -%}
     {% if args['notify'] -%}
   notify yes;
diff --git a/pillar.example b/pillar.example
index 2d322db..0e7e7b6 100644
--- a/pillar.example
+++ b/pillar.example
@@ -25,6 +25,9 @@ bind:
     1.168.192.in-addr.arpa:
       type: master
       notify: False
+      allow-transfer:
+        - 1.1.1.1
+        - 2.2.2.2 
     dynamic.domain.com:
       type: master
       allow-update: "key core_dhcp"