X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/7b25ff7fd52f81bde88ca4c3ab59f0c9950da5e1..f3691338d64eed5f570f3103cde00d471e39e961:/roles/bind/templates/named.conf.options

diff --git a/roles/bind/templates/named.conf.options b/roles/bind/templates/named.conf.options
new file mode 100644
index 0000000..7ed35ed
--- /dev/null
+++ b/roles/bind/templates/named.conf.options
@@ -0,0 +1,27 @@
+//========================================================================
+// If BIND logs error messages about the root key being expired,
+// you will need to update your keys.  See https://www.isc.org/bind-keys
+//========================================================================
+
+options {
+	directory "/var/cache/bind";
+	key-directory "/var/lib/bind/keys";
+
+	recursion no;
+	dnssec-enable yes;
+	sig-validity-interval 14;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on { {{ bind.listen }}; 127.0.0.1; };
+{% if bind.listen_v6 is defined %}
+	listen-on-v6 { {{ bind.listen_v6 }}; ::1; };
+{% endif %}
+
+	// hide BIND version
+	version "unknown";
+
+	// do rate-limiting
+	rate-limit {
+		responses-per-second 15;
+	};
+};