Open epou opened 1 year ago
Sorry, I don't understand your issue. What is happening and what would you expect instead?
I wondered what the expected behavior would be for setting bind9_hidden_master: yes
. In the defaults/main.yml
the comment says that it limits the queries to our_networks
but by looking at the templates it limits the queries to our_neighbors
.
At first, I expected to have allow-query { our_neighbors; };
as a result of enabling the hidden master. Is there something I am missing?
You are right, the documentation is a bit ambiguous. But the code is very clear:
❯ rg -B1 bind9_hidden_master
defaults/main.yml
28-# Run bind as a hidden master (i.e. limit queries to our_networks)
29:bind9_hidden_master: no
templates/bind/named.conf.options.j2
34-
35: allow-query { {% if bind9_hidden_master|default() %}our_neighbors{% elif bind9_authoritative|default() %}any{% else %}our_networks{% endif %}; };
A PR with better doc is very welcome
Setting
bind9_hidden_master: yes
is setting the following in thenamed.conf.options
file:But I'm not sure if it should set the
allow-query
param toour_networks
, as specified in defaults/main.yaml: https://github.com/systemli/ansible-role-bind9/blob/c6f785499ca992fb827f7d633cca0306f504d5af/defaults/main.yml#L28-L29