From 88996a3700f5ac5aed50ac3c0a73e2222b9c36b3 Mon Sep 17 00:00:00 2001 From: s3lph Date: Tue, 4 Apr 2023 20:54:24 +0200 Subject: [PATCH] Add support for on-secondary signing --- roles/knot/templates/etc/knot/knot.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/knot/templates/etc/knot/knot.conf.j2 b/roles/knot/templates/etc/knot/knot.conf.j2 index 3b931a7..ad26447 100644 --- a/roles/knot/templates/etc/knot/knot.conf.j2 +++ b/roles/knot/templates/etc/knot/knot.conf.j2 @@ -68,7 +68,7 @@ acl: key: {{ hostvars[remote].knot_tsig_key.name }} {% endif %} {% for address in hostvars[remote].knot_dns_addresses %} - address: "{{ address }}" + address: "{{ address.split('@')[0] }}" {% endfor %} {% endfor %} @@ -86,7 +86,7 @@ acl: submission: {% for zone in zones %} -{% if inventory_hostname in zone.masters %} +{% if inventory_hostname in zone.masters or (inventory_hostname in zone.replicas and zone.sign_on_secondary | default(false)) %} - id: submission-{{ zone.name }} check-interval: {{ knot_dnssec_submission_check_interval }}