diff --git a/roles/dns_intern/templates/dnsdist.conf.j2 b/roles/dns_intern/templates/dnsdist.conf.j2 index a852e28..ae43a97 100644 --- a/roles/dns_intern/templates/dnsdist.conf.j2 +++ b/roles/dns_intern/templates/dnsdist.conf.j2 @@ -10,11 +10,11 @@ newServer({address='127.0.0.1:5353', pool='resolve'}) {% if dns_secondary is defined %} -- allow AXFR/IXFR only from slaves -addAction(AndRule({OrRule({QTypeRule(dnsdist.AXFR), QTypeRule(dnsdist.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(dnsdist.REFUSED)) +addAction(AndRule({OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(DNSRCode.REFUSED)) {% endif %} -- allow NOTIFY only from master -addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(dnsdist.REFUSED)) +addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(DNSRCode.REFUSED)) -- use auth servers for own zones addAction('binary.kitchen', PoolAction('authdns'))