homeserver-iac/roles/networking/nameserver/templates/named.conf.j2

// vim:set filetype=named ts=4 sw=4 et:

acl locals {
    127.0.0.0/8;
};

acl internals { 
    {{ local_subnet }};
};

acl vpns {
{% if wireguard is defined %}
    {{ wireguard.ip.cidr }};
{% endif %}
};

options {
    directory "/var/named";
    pid-file "/run/named/named.pid";
    forwarders { {{ dns_forward }}; };

    listen-on { any; };

    recursion yes;
    allow-recursion { internals; locals; vpns; };
    allow-query { internals; locals; vpns; };
    allow-transfer { none; };
    dnssec-validation no;
    resolver-query-timeout 30000;
};

view "local-view" {
    match-clients { locals; };
    zone "localhost" IN {
        type master;
        file "localhost.zone";
    };

    zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "127.0.0.zone";
    };

    zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
        type master;
        file "localhost.ip6.zone";
    };
};


view "internal-view" {
    match-clients { internals; };
    zone "{{ dyndns_domain }}" {
        type master;
        file "/var/named/{{ dyndns_domain }}";
    };
};

view "vpn-view" {
    match-clients { vpns; };
    zone "{{ dyndns_domain }}" {
        type master;
        file "/var/named/{{ dyndns_domain }}.vpn";
    };
};