# -*- mode: python; encoding: utf-8 -*-

info["owner"] = "root"
info["group"] = "bind"
info["perms"] = 0644

comment_start = "//"

header("Options de Bind9")

import config
import config.dns

comment("Listes d'acces")
if has("vlan-isolement"):
    print 'acl "isolement" { %s; };' % '; '.join(config.NETs['isolement'])
if has("vlan-radin"):
    print 'acl "radins" { %s; };' % '; '.join(config.NETs['gratuit'])
if has("vlan-accueil"):
    print 'acl "accueil" { %s; };' % '; '.join(config.NETs['accueil'])
if has("vlan-ens"):
     print 'acl "appartement" { %s; };' % '; '.join(config.NETs['personnel-ens'] + config.prefix['personnel-ens'])
print 'acl "crans" { %s; };' % '; '.join(config.prefix['fil'] + config.prefix['wifi'] + config.NETs['all'])
print 'acl "cransadm" { %s; };' % '; '.join(config.prefix['adm'] + config.NETs['adm'])


@options {
@    directory "/var/cache/bind";
@


if has("dns-recursif") or has("dns-forward-only"):
    zones=["127.0.0.1", "crans", "cransadm"]
    if has("vlan-ens"):
        zones.append("appartement")
    if has("vlan-radin"):
        zones.append("radins")
    if has("vlan-accueil"):
        zones.append("accueil")
    if has("vlan-isolement"):
        zones.append("isolement")
    print "    allow-query-cache { %s; };" % '; '.join(zones)
    print "    allow-recursion { %s; };" % '; '.join(zones)
    @    recursive-clients 5000;

else:
    @    allow-query-cache { 127.0.0.1; };
    @    allow-recursion { 127.0.0.1; };
if has("dns-primary") or has("dns-tv"):
    @    include "/etc/bind/named.conf.notify";
    @    allow-transfer {
    @         127.0.0.1;
    @         138.231.136.0/21; // fixes
    @         138.231.148.0/22; // wifi
    @         10.231.136.0/24;  // adm
    if has("dns-primary"):
        print "         %s;" % ';\n         '.join(config.dns.slaves + config.dns.parents)
    elif has("dns-tv"):
        print "         %s;" % ';\n         '.join(config.dns.slaves_tv + config.dns.recursiv)
    @    };
@    allow-query { any; };
@    auth-nxdomain no; # conform to RFC1035
@
@    listen-on { any; };
@    listen-on-v6 { any; };
@

if not has("dns-secondary-no-forward") and not has("dns-forward-only"):
    @    // Ne pas modifier le commentaire de fin de ligne suivant,
    @    // traitement automatique pour la connexion de secours
    @    // (ligne decommentee automatiquement en mode secours)
    print"//  forwarders { %s; } ; #POUR SECOURS" % config.dns.secours_relay

if has("dnssec-validation"):
    @    dnssec-enable yes;
    @    dnssec-validation yes;

@};