s3lph/ansible-collection-nameserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add ip filter for transfers even if tsig key is present

Browse source
This commit is contained in:
s3lph 2021-02-05 22:57:03 +01:00
parent 47bf844bf1
commit 9cbf45e958
1 changed files with 2 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/knot/templates/etc/knot/knot.conf.j2
View file

@ -50,11 +50,10 @@ acl:
action: transfer
{% if 'knot_tsig_key' in hostvars[remote] %}
key: {{ hostvars[remote].knot_tsig_key.name }}
{% else %}
{% endif %}
{% for address in hostvars[remote].knot_dns_addresses %}
address: "{{ address }}"
{% endfor %}
{% endif %}
{% endfor %}
{% for remote in zones | map(attribute='masters') | flatten | unique %}
@ -63,11 +62,10 @@ acl:
action: notify
{% if 'knot_tsig_key' in hostvars[remote] %}
key: {{ hostvars[remote].knot_tsig_key.name }}
{% else %}
{% endif %}
{% for address in hostvars[remote].knot_dns_addresses %}
address: "{{ address }}"
{% endfor %}
{% endif %}
{% endfor %}
{% for remote in zones | map(attribute='updaters') | select('defined') | flatten | unique %}