diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local index 0077de8..5f2c20f 100644 --- a/bind/files/debian/named.conf.local +++ b/bind/files/debian/named.conf.local @@ -18,9 +18,9 @@ zone "{{ key }}" { }; {% else -%} {% if args['dnssec'] is defined and args['dnssec'] -%} - file "zones/{{ file }}.signed"; + file "{{ map.named_directory }}/{{ file }}.signed"; {% else -%} - file "zones/{{ file }}"; + file "{{ map.named_directory }}/{{ file }}"; {%- endif %} {% if args['allow-update'] is defined -%} @@ -90,3 +90,11 @@ logging { }; category queries { querylog; }; }; + +{%- for name, data in salt['pillar.get']('bind:configured_acls', {}).items() %} +acl {{ name }} { + {%- for d in data %} + {{ d }}; + {%- endfor %} +}; +{%- endfor %} diff --git a/pillar.example b/pillar.example index bab6530..91cde93 100644 --- a/pillar.example +++ b/pillar.example @@ -54,6 +54,10 @@ bind: notify: False update_policy: - "grant core_dhcp name dns_entry_allowed_to_update. ANY" + configured_acls: + my_net: + - 127.0.0.0/8 + - 10.20.0.0/16 bind: available_zones: