Allow local netblocks to access bind as well as known hosts

author Tom Hughes <tom@compton.nu>

Wed, 26 Jun 2019 17:58:27 +0000 (18:58 +0100)

committer Tom Hughes <tom@compton.nu>

Wed, 26 Jun 2019 17:58:27 +0000 (18:58 +0100)
author Tom Hughes <tom@compton.nu>
Wed, 26 Jun 2019 17:58:27 +0000 (18:58 +0100)
committer Tom Hughes <tom@compton.nu>
Wed, 26 Jun 2019 17:58:27 +0000 (18:58 +0100)
diff --git a/cookbooks/bind/templates/default/named.options.erb b/cookbooks/bind/templates/default/named.options.erb

index f9cebbc..2ec4094 100644 (file)
--- a/cookbooks/bind/templates/default/named.options.erb
+++ b/cookbooks/bind/templates/default/named.options.erb
@@ -2,11 +2,17 @@
  
  acl "osm" {
         127.0.0.1/32;
+<% node.interfaces(:family => :inet).each do |interface| -%>
+        <%= interface[:network] %>/<%= interface[:prefix] %>;
+<% end -%>
  <% @ipv4_clients.sort.each do |address| -%>
         <%= address %>/32;
  <% end -%>
  
         ::1/128;
+<% node.interfaces(:family => :inet6).each do |interface| -%>
+        <%= interface[:network] %>/<%= interface[:prefix] %>;
+<% end -%>
  <% @ipv6_clients.sort.each do |address| -%>
         <%= address %>/128;
  <% end -%>
author	Tom Hughes <tom@compton.nu>
	Wed, 26 Jun 2019 17:58:27 +0000 (18:58 +0100)
committer	Tom Hughes <tom@compton.nu>
	Wed, 26 Jun 2019 17:58:27 +0000 (18:58 +0100)