//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).

{% if inventory_hostname in groups["primary"] %}
acl secondaries { 172.25.250.11; 172.25.250.12; };
{% endif %}

options {
	listen-on port 53 { any; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	secroots-file	"/var/named/data/named.secroots";
	recursing-file	"/var/named/data/named.recursing";
	allow-query     { localhost; };

	recursion no;

	dnssec-enable yes;
	dnssec-validation yes;

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";

	include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "int.example.com" IN {
{% if inventory_hostname in groups["primary"] %}
	type master;
	allow-query { secondaries; };
	allow-transfer { secondaries; };
{% else %}
	type slave;
	masters { 172.25.250.13; };
	allow-query { any; };
	allow-transfer { none; };
{% endif %}
	file "int.example.com.zone";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";