From e12a8f6981fd0f46de0cf658e3531729e387e6bd Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Sat, 6 Feb 2021 00:16:19 +0100
Subject: [PATCH] only use tsig keys mutually

---
 roles/knot/templates/etc/knot/knot.conf.j2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/knot/templates/etc/knot/knot.conf.j2 b/roles/knot/templates/etc/knot/knot.conf.j2
index 707030a..7bdc712 100644
--- a/roles/knot/templates/etc/knot/knot.conf.j2
+++ b/roles/knot/templates/etc/knot/knot.conf.j2
@@ -38,7 +38,8 @@ remote:
 {% for remote in ( (zones | map(attribute='replicas') ) + (zones | map(attribute='masters') ) ) | flatten | unique %}
 
   - id: remote-{{ remote }}
-{% if knot_tsig_key is defined %}
+{% if knot_tsig_key is defined and 'knot_tsig_key' in hostvars[remote %}
+{# only use TSIG mutually, i.e. if both parties have a key #}
     key: {{ knot_tsig_key.name }}
 {% endif %}
 {% for address in hostvars[remote].knot_dns_addresses %}