84 lines
2.7 KiB
Python
84 lines
2.7 KiB
Python
# -*- mode: python; encoding: utf-8 -*-
|
|
|
|
info["owner"] = "root"
|
|
info["group"] = "bind"
|
|
info["mode"] = 0644
|
|
|
|
comment_start = "//"
|
|
|
|
header("Options de Bind9")
|
|
|
|
import config
|
|
import config.dns
|
|
|
|
comment("Listes d'acces")
|
|
if has("vlan-isolement"):
|
|
out('acl "isolement" { %s; };' % ('; '.join(config.NETs['isolement']),))
|
|
if has("vlan-radin"):
|
|
out('acl "radins" { %s; };' % ('; '.join(config.NETs['gratuit']),))
|
|
if has("vlan-accueil"):
|
|
out('acl "accueil" { %s; };' % ('; '.join(config.NETs['accueil']),))
|
|
if has("vlan-ens"):
|
|
out('acl "appartement" { %s; };' % ('; '.join(config.NETs['personnel-ens'] + config.prefix['personnel-ens']),))
|
|
out('acl "crans" { %s; };' % ('; '.join(config.prefix['fil'] + config.prefix['wifi'] + config.NETs['all']),))
|
|
out('acl "cransadm" { %s; };' % ('; '.join(config.prefix['adm'] + config.NETs['adm']),))
|
|
out('acl "menteur" { %s; };' % ('; '.join(config.dns.menteur_clients),))
|
|
|
|
|
|
@options {
|
|
@ directory "/var/cache/bind";
|
|
@
|
|
|
|
|
|
if has("dns-recursif") or has("dns-forward-only"):
|
|
zones=["127.0.0.1", "crans", "cransadm"]
|
|
if has("vlan-ens"):
|
|
zones.append("appartement")
|
|
if has("vlan-radin"):
|
|
zones.append("radins")
|
|
if has("vlan-accueil"):
|
|
zones.append("accueil")
|
|
if has("vlan-isolement"):
|
|
zones.append("isolement")
|
|
out(" allow-query-cache { %s; };" % ('; '.join(zones),))
|
|
out(" allow-recursion { %s; };" % ('; '.join(zones),))
|
|
@ recursive-clients 5000;
|
|
|
|
else:
|
|
@ allow-query-cache { 127.0.0.1; };
|
|
@ allow-recursion { 127.0.0.1; };
|
|
if has("dns-primary") or has("dns-tv"):
|
|
@ include "/etc/bind/named.conf.notify";
|
|
@ allow-transfer {
|
|
@ 127.0.0.1;
|
|
@ 138.231.136.0/21; // fixes
|
|
@ 138.231.148.0/22; // wifi
|
|
@ 10.231.136.0/24; // adm
|
|
allowed = set()
|
|
if has("dns-primary"):
|
|
allowed = allowed.union(config.dns.slaves + config.dns.parents)
|
|
if has("dns-tv"):
|
|
allowed = allowed.union(config.dns.slaves_tv + config.dns.recursiv['adm'])
|
|
if allowed:
|
|
allowed = list(allowed)
|
|
allowed.sort()
|
|
out(" %s;" % (';\n '.join(allowed),))
|
|
@ };
|
|
@ allow-query { any; };
|
|
@ auth-nxdomain no; # conform to RFC1035
|
|
@
|
|
@ listen-on { any; };
|
|
@ listen-on-v6 { any; };
|
|
@
|
|
|
|
if not has("dns-secondary-no-forward") and not has("dns-forward-only"):
|
|
@ // Ne pas modifier le commentaire de fin de ligne suivant,
|
|
@ // traitement automatique pour la connexion de secours
|
|
@ // (ligne decommentee automatiquement en mode secours)
|
|
out("// forwarders { %s; } ; #POUR SECOURS" % (config.dns.secours_relay,))
|
|
|
|
if has("dnssec-validation"):
|
|
@ dnssec-enable yes;
|
|
@ dnssec-validation yes;
|
|
|
|
@};
|