Merge pull request #51 from saw-leipzig/master

Improvements for Debian based systems

bind/files/debian/named.conf

@@ -8,6 +8,10 @@
 
 include "{{ map.options_config }}";
 include "{{ map.local_config }}";
-{%- if salt['pillar.get']('bind:keys', {}) is defined %}
+{%- if 'keys' in salt['pillar.get']('bind') %}
 include "{{ map.key_config }}";
 {% endif %}
+{%- if salt['pillar.get']('bind:config:default_zones', False) %}
+include "{{ map.default_zones_config }}";
+{% endif %}
+

bind/files/debian/named.conf.local

@@ -18,9 +18,9 @@ zone "{{ key }}" {
   };
   {% else -%}
   {% if args['dnssec'] is defined and args['dnssec'] -%}
-  file "zones/{{ file }}.signed";
+  file "{{ map.named_directory }}/{{ file }}.signed";
   {% else -%}
-  file "zones/{{ file }}";
+  file "{{ map.named_directory }}/{{ file }}";
   {%- endif %}
 
   {% if args['allow-update'] is defined -%}
@@ -90,3 +90,11 @@ logging {
   };
   category queries { querylog; };
 };
+
+{%- for name, data in salt['pillar.get']('bind:configured_acls', {}).items() %}
+acl {{ name }} {
+  {%- for d in data %}
+  {{ d }};
+  {%- endfor %}
+};
+{%- endfor %}

pillar.example

@@ -16,6 +16,10 @@ bind:
     # force bind to serve only one IP protocol (ipv4: 4, ipv6: 6). omitting this reverts to binds default of both.
     protocol: 4
 
+    # For Debian based systems:
+    # If set to True, the default-zones configuration will be enabled. Defaults to False.
+    default_zones: True
+
 bind:
   keys:
     "core_dhcp":
@@ -50,6 +54,10 @@ bind:
           notify: False
           update_policy:
             - "grant core_dhcp name dns_entry_allowed_to_update. ANY"
+  configured_acls:
+    my_net:
+      - 127.0.0.0/8
+      - 10.20.0.0/16
 
 bind:
   available_zones: