diff --git a/roles/knot/templates/etc/knot/knot.conf.j2 b/roles/knot/templates/etc/knot/knot.conf.j2 index 0e27a5b..92b1587 100644 --- a/roles/knot/templates/etc/knot/knot.conf.j2 +++ b/roles/knot/templates/etc/knot/knot.conf.j2 @@ -24,7 +24,7 @@ log: # key: -{% for remote in ( (zones | map(attribute='replicas') ) + (zones | map(attribute='masters') ) + (zones | map(attribute='updaters') ) ) | flatten | unique %} +{% for remote in ( (zones | map(attribute='replicas') ) + (zones | map(attribute='masters') ) + (zones | map(attribute='updaters', default=[]) ) ) | flatten | unique %} - id: {{ hostvars[remote].knot_tsig_key.name }} algorithm: {{ hostvars[remote].knot_tsig_key.algorithm }} @@ -33,7 +33,7 @@ key: remote: -{% for remote in ( (zones | map(attribute='replicas') ) + (zones | map(attribute='masters') ) + (zones | map(attribute='updaters') ) ) | flatten | unique %} +{% for remote in ( (zones | map(attribute='replicas') ) + (zones | map(attribute='masters') ) + (zones | map(attribute='updaters', default=[]) ) ) | flatten | unique %} - id: remote-{{ remote }} {% for address in hostvars[remote].knot_dns_addresses %} @@ -68,7 +68,7 @@ acl: {% endif %} {% endfor %} -{% for remote in zones | map(attribute='updaters') | flatten | unique %} +{% for remote in zones | map(attribute='updaters', default=[]) | flatten | unique %} - id: acl-update-{{ remote }} action: update @@ -108,6 +108,9 @@ zone: {% for replica in zone.replicas %} acl: acl-xfr-{{ replica }} {% endfor %} +{% for updater in zone.updaters | default([]) %} + acl: acl-update-{{ updater }} +{% endfor %} {% for replica in zone.replicas %} notify: remote-{{ replica }} {% endfor %} @@ -127,7 +130,7 @@ zone: storage: {{ knot_zone_replica_storage_path }} serial-policy: unixtime {% for master in zone.masters %} - acl: acl-xfr-{{ master }} + acl: acl-notify-{{ master }} {% endfor %} {% for master in zone.masters %} master: remote-{{ master }}