# -*- mode: python; encoding: utf-8 -*-

info["owner"] = "root"
info["group"] = "bind"
info["mode"] = 0644

comment_start = "//"

header("Options de Bind9")

import config
import config.dns

comment("Listes d'acces")
if has("vlan-isolement"):
    out('acl "isolement" { %s; };' % ('; '.join(config.NETs['isolement']),))
if has("vlan-radin"):
    out('acl "radins" { %s; };' % ('; '.join(config.NETs['gratuit']),))
if has("vlan-accueil"):
    out('acl "accueil" { %s; };' % ('; '.join(config.NETs['accueil']),))
if has("vlan-ens"):
     out('acl "appartement" { %s; };' % ('; '.join(config.NETs['personnel-ens'] + config.prefix['personnel-ens']),))
out('acl "crans" { %s; };' % ('; '.join(config.prefix['fil'] + config.prefix['wifi'] + config.NETs['all']),))
out('acl "cransadm" { %s; };' % ('; '.join(config.prefix['adm'] + config.NETs['adm']),))
out('acl "menteur" { %s; };' % ('; '.join(config.dns.menteur_clients),))


@options {
@    directory "/var/cache/bind";
@


if has("dns-recursif") or has("dns-forward-only"):
    zones=["127.0.0.1", "crans", "cransadm"]
    if has("vlan-ens"):
        zones.append("appartement")
    if has("vlan-radin"):
        zones.append("radins")
    if has("vlan-accueil"):
        zones.append("accueil")
    if has("vlan-isolement"):
        zones.append("isolement")
    out("    allow-query-cache { %s; };" % ('; '.join(zones),))
    out("    allow-recursion { %s; };" % ('; '.join(zones),))
    @    recursive-clients 5000;

else:
    @    allow-query-cache { 127.0.0.1; };
    @    allow-recursion { 127.0.0.1; };
if has("dns-primary") or has("dns-tv"):
    @    include "/etc/bind/named.conf.notify";
    @    allow-transfer {
    @         127.0.0.1;
    @         138.231.136.0/21; // fixes
    @         138.231.148.0/22; // wifi
    @         10.231.136.0/24;  // adm
    allowed = set()
    if has("dns-primary"):
        allowed = allowed.union(config.dns.slaves + config.dns.parents)
    if has("dns-tv"):
        allowed = allowed.union(config.dns.slaves_tv + config.dns.recursiv['adm'])
    if allowed:
        allowed = list(allowed)
        allowed.sort()
        out("         %s;" % (';\n         '.join(allowed),))
    @    };
@    allow-query { any; };
@    auth-nxdomain no; # conform to RFC1035
@
@    listen-on { any; };
@    listen-on-v6 { any; };
@

if not has("dns-secondary-no-forward") and not has("dns-forward-only"):
    @    // Ne pas modifier le commentaire de fin de ligne suivant,
    @    // traitement automatique pour la connexion de secours
    @    // (ligne decommentee automatiquement en mode secours)
    out("//  forwarders { %s; } ; #POUR SECOURS" % (config.dns.secours_relay,))

if has("dnssec-validation"):
    @    dnssec-enable yes;
    @    dnssec-validation yes;

@};