-- {{ ansible_managed }} setLocal('127.0.0.1') addLocal('::1') addLocal('{{ ansible_default_ipv4.address }}') -- define downstream servers/pools newServer({address='127.0.0.1:5300', pool='authdns'}) newServer({address='127.0.0.1:5353', pool='resolve'}) -- allow AXFR/IXFR only from slaves addAction(AndRule({OrRule({QTypeRule(dnsdist.AXFR), QTypeRule(dnsdist.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(dnsdist.REFUSED)) -- allow NOTIFY only from master addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(dnsdist.REFUSED)) -- use auth servers for own zones addAction('binary.kitchen', PoolAction('authdns')) addAction('23.172.in-addr.arpa', PoolAction('authdns')) -- use resolver for anything else addAction(AllRule(), PoolAction('resolve')) -- disable security status polling via DNS setSecurityPollSuffix('')