WIP3

2020-08-17 12:06:41 -04:00
parent 9fa09f26bd
commit 6eb48873e6
455 changed files with 45184 additions and 14 deletions
--- a/roles/bertvv.bind/templates/auth_transfer.j2
+++ b/roles/bertvv.bind/templates/auth_transfer.j2
@@ -0,0 +1,12 @@
+
+server {{ ansible_default_ipv4.address }} {
+  keys { {% for mykey in bind_dns_keys %} {{ mykey.name }}; {% endfor %} };
+};
+
+{% for mykey in bind_dns_keys %}
+key {{ mykey.name }} {
+  algorithm {{ mykey.algorithm }};
+  secret "{{ mykey.secret }}";
+{% endfor %}
+};
+
--- a/roles/bertvv.bind/templates/bind_zone.j2
+++ b/roles/bertvv.bind/templates/bind_zone.j2
@@ -0,0 +1,140 @@
+{#
+ #  First create a dict holding the entire zone information and create a hash
+ #  from it, that it can be compared with subsequent task executions. In this
+ #  way the serial will only be updated if there are some content changes.
+ #}
+{% set _zone_data = {} %}
+{% set _ = _zone_data.update({'ttl': bind_zone_ttl}) %}
+{% set _ = _zone_data.update({'domain': item.name}) %}
+{% set _ = _zone_data.update({'mname': item.name_servers|default([])}) %}
+{% set _ = _zone_data.update({'aname': item.other_name_servers|default([])}) %}
+{% set _ = _zone_data.update({'mail': item.mail_servers|default([])}) %}
+{% if item.hostmaster_email is defined %}
+{% set _ = _zone_data.update({'rname': (( item.hostmaster_email )) + ('' if (item.hostmaster_email is search('\.')) else ('.' + _zone_data['domain']))}) %}
+{% else %}
+{% set _ = _zone_data.update({'rname': 'hostmaster.' + _zone_data['domain']}) %}
+{% endif %}
+{% set _ = _zone_data.update({'refresh': bind_zone_time_to_refresh}) %}
+{% set _ = _zone_data.update({'retry': bind_zone_time_to_retry}) %}
+{% set _ = _zone_data.update({'expire': bind_zone_time_to_expire}) %}
+{% set _ = _zone_data.update({'minimum': bind_zone_minimum_ttl}) %}
+{% set _ = _zone_data.update({'hosts': item.hosts|default([])}) %}
+{% set _ = _zone_data.update({'delegate': item.delegate|default([])}) %}
+{% set _ = _zone_data.update({'services': item.services|default([])}) %}
+{% set _ = _zone_data.update({'text': item.text|default([])}) %}
+{% set _ = _zone_data.update({'naptr': item.naptr|default([])}) %}
+{#
+ #  Compare the zone file hash with the current zone data hash and set serial
+ #  accordingly
+ #}
+{% set _zone = {'hash': _zone_data | string | hash('md5')} %}
+{% for _result in forward_hashes if _result.name == item.name %}
+{%   set _hash_serial = _result.hash.split(' ')[2:] %}
+{%   if _hash_serial and _hash_serial[0] == _zone['hash'] %}
+{%     set _ = _zone.update({'serial': _hash_serial[1]}) %}
+{%   else %}
+{%     set _ = _zone.update({'serial': timestamp.stdout}) %}
+{%   endif %}
+{% endfor %}
+{#
+ #  Eventually output the zone data
+ #}
+; Hash: {{ _zone['hash'] }} {{ _zone['serial'] }}
+; Zone file for {{ _zone_data['domain'] }}
+{{ ansible_managed | comment(decoration='; ') }}
+
+$ORIGIN {{ _zone_data['domain'] }}.
+$TTL {{ _zone_data['ttl'] }}
+
+{% if _zone_data['mname']|length > 0 %}
+@ IN SOA {{ _zone_data['mname']|first }}{% if not _zone_data['mname']|first|regex_search('\.$') %}.{{ _zone_data['domain'] }}.{% endif %} {{ _zone_data['rname'] }}. (
+{% else %}
+@ IN SOA {{ ansible_hostname }}.{{ _zone_data['domain'] }}. {{ _zone_data['rname'] }}. (
+{% endif %}
+  {{ _zone['serial'] }}
+  {{ _zone_data['refresh'] }}
+  {{ _zone_data['retry'] }}
+  {{ _zone_data['expire'] }}
+  {{ _zone_data['minimum'] }} )
+
+{% if _zone_data['mname']|length > 0 %}
+{% for ns in _zone_data['mname'] %}
+                           IN  NS     {{ ns }}{% if not ns|regex_search('\.$') %}.{{ _zone_data['domain'] }}.{% endif %}
+
+{% endfor %}
+{% else %}
+                           IN  NS     {{ ansible_hostname }}.{{ _zone_data['domain'] }}.
+{% endif %}
+{% for ns in _zone_data['aname'] %}
+                           IN  NS     {{ ns }}.
+{% endfor %}
+
+{% for mail in _zone_data['mail'] %}
+{% if loop.first %}@{% else %} {% endif %}                          IN  MX     {{ mail.preference}}  {{ mail.name }}{% if not mail.name.endswith('.') %}.{{ _zone_data['domain'] }}.{% endif %} 
+{% endfor %}
+
+{% if _zone_data['delegate']|length > 0 %}
+{% for host in _zone_data['delegate'] %}
+{{ host.zone.ljust(20) }}       IN  NS     {{ host.dns }}
+{% endfor %}
+{% endif %}
+
+{% if _zone_data['hosts']|length > 0 %}
+{% for host in _zone_data['hosts'] %}
+{% if host.ip is defined %}
+{% if host.ip is string %}
+{% if "$GENERATE" not in host.name.upper() %}
+{{ host.name.ljust(20) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  A      {{ host.ip }}
+{% endif %}
+{% if "$GENERATE" in host.name.upper() %}
+{{ host.name.ljust(20) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  A      {{ host.ip }}
+{% endif %}
+{% else %}
+{% for ip in host.ip %}
+{{ host.name.ljust(20) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  A      {{ ip }}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% if host.ipv6 is defined %}
+{% if host.ipv6 is string %}
+{{ host.name.ljust(20) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  AAAA   {{ host.ipv6 }}
+{% else %}
+{% for ip6 in host.ipv6 %}
+{{ host.name.ljust(20) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  AAAA   {{ ip6 }}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% if host.aliases is defined %}
+{% for alias in host.aliases %}
+{% if "$GENERATE" not in host.name.upper() %}
+{{ (alias.name|default(alias)).ljust(20) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  {{ alias.type|default('cname')|upper}}  {{ host.name }}
+{% endif %}
+{% if "$GENERATE" in host.name.upper() %}
+{{ alias.ljust(20) }} IN  CNAME  {{ host.name.rsplit(None, 1)[1] }}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if host.sshfp is defined %}
+{% for sshfp in host.sshfp %}
+{{ host.name.ljust(20) }} IN SSHFP {{ sshfp}}
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% else %}
+{{ ansible_hostname.ljust(26) }} IN A     {{ ansible_default_ipv4.address }}
+{% endif %}
+{% for service in _zone_data['services'] %}
+{{ service.name.ljust(20) }}{{ (service.ttl|string).rjust(6) if service.ttl is defined else ''.ljust(6) }} IN  SRV    {{ service.priority|default('0') }} {{ service.weight|default('0') }} {{ service.port }} {{ service.target }}
+{% endfor %}
+{% for text in _zone_data['text'] %}
+{% if text.text is string %}
+{{ text.name.ljust(20) }} IN  TXT    "{{ text.text }}"
+{% else %}
+{%   for entry in text.text %}
+{{ text.name.ljust(20) }} IN  TXT    "{{ entry }}"
+{%   endfor %}
+{% endif %}
+{% endfor %}
+{% for naptr in _zone_data['naptr'] %}
+{{ naptr.name.ljust(20) }} IN  NAPTR  {{ naptr.order|default('100') }} {{ naptr.pref|default('10') }} "{{ naptr.flags }}" "{{ naptr.service }}" "{{ naptr.regex }}" {{ naptr.replacement }}
+{% endfor %}
--- a/roles/bertvv.bind/templates/master_etc_named.conf.j2
+++ b/roles/bertvv.bind/templates/master_etc_named.conf.j2
@@ -0,0 +1,158 @@
+//
+// named.conf
+//
+{{ ansible_managed | comment('c') }}
+//
+{% for acl in bind_acls %}
+acl "{{ acl.name }}" {
+{% for match in acl.match_list %}
+  {{ match }};
+{% endfor %}
+};
+
+{% endfor %}
+options {
+  listen-on port 53 { {{ bind_listen_ipv4|join('; ') }}; };
+  listen-on-v6 port 53 { {{ bind_listen_ipv6|join('; ') }}; };
+  directory   "{{ bind_dir }}";
+  dump-file   "{{ bind_dir }}/data/cache_dump.db";
+  statistics-file "{{ bind_dir }}/data/named_stats.txt";
+  memstatistics-file "{{ bind_dir }}/data/named_mem_stats.txt";
+  allow-query     { {{ bind_allow_query|join('; ') }}; };
+{% if bind_acls|length != 0 %}
+  allow-transfer  { {% for acl in bind_acls %}"{{ acl.name }}"; {% endfor %}};
+{% endif %}
+{% if bind_check_names is defined %}
+  check-names  {{ bind_check_names }};
+{% endif %}
+
+  recursion {% if bind_recursion %}yes{% else %}no{% endif %};
+  {% if bind_recursion %}allow-recursion { {{ bind_allow_recursion|join('; ') }}; };
+  {% endif %}
+{% if bind_forwarders|length > 0 %}forwarders { {{ bind_forwarders|join('; ') }}; };{% endif %}
+  {% if bind_forward_only %}forward only;{% endif %}
+
+  rrset-order { order {{ bind_rrset_order }}; };
+
+  dnssec-enable {{ bind_dnssec_enable }};
+  dnssec-validation {{ bind_dnssec_validation }};
+
+  /* Path to ISC DLV key */
+  bindkeys-file "{{ bind_bindkeys_file }}";
+
+  managed-keys-directory "{{ bind_dir }}/dynamic";
+
+  pid-file "{{ bind_pid_file }}";
+  session-keyfile "{{ bind_session_keyfile }}";
+{% if bind_query_log is defined %}
+
+  querylog yes;
+{% endif %}
+};
+
+{% if bind_statistics_channels %}
+statistics-channels {
+  inet {{ bind_statistics_host }} port {{ bind_statistics_port }} allow { {{ bind_statistics_allow|join('; ') }}; };
+};
+{% endif %}
+
+logging {
+  channel default_debug {
+    file "{{ bind_log }}";
+    severity dynamic;
+    print-time yes;
+  };
+{% if bind_query_log is defined %}
+  channel querylog {
+    {% if bind_query_log.file is defined %}
+      file "{{ bind_query_log.file }}" versions {{ bind_query_log.versions }} size {{ bind_query_log.size }};
+    {% else %}
+      file "{{ bind_query_log }}" versions 600 size 20m;
+    {% endif %}
+    severity dynamic;
+    print-time yes;
+  };
+  category queries { querylog; };
+{% endif %}
+{% if bind_other_logs is defined %}
+
+{% for log in bind_other_logs %}
+  channel {{ log.name }} {
+    file "{{ log.file }}" versions {{ log.versions }} size {{ log.size }};
+    severity dynamic;
+    print-time yes;
+  };
+  category "{{ log.name }}" { "{{ log.name }}"; };
+{% endfor %}
+{% endif %}
+};
+
+{% for file in bind_default_zone_files %}
+include "{{ file }}";
+{% endfor %}
+{% for file in bind_extra_include_files %}
+include "{{ file }}";
+{% endfor %}
+
+{% if bind_zone_domains is defined %}
+{% for bind_zone in bind_zone_domains %}
+{% if bind_zone.create_forward_zones is not defined or bind_zone.create_forward_zones %}
+zone "{{ bind_zone.name }}" IN {
+  type master;
+  file "{{ bind_zone_dir }}/{{ bind_zone.name }}";
+  notify yes;
+{% if bind_zone.also_notify is defined %}
+  also-notify  { {{ bind_zone.also_notify|join('; ') }}; };
+{% endif %}
+{% if bind_zone.allow_update is defined %}
+  allow-update { {{ bind_zone.allow_update|join('; ') }}; };
+{% else %}
+  allow-update { none; };
+{% endif %}
+{% if bind_zone.delegate is defined %}
+  forwarders {};
+{% endif %}
+};
+{% endif %}
+
+{% if bind_zone.networks is defined %}
+{% if bind_zone.create_reverse_zones is not defined or bind_zone.create_reverse_zones %}
+{% for network in bind_zone.networks %}
+zone "{{ ('.'.join(network.replace(network+'.','').split('.')[::-1])) }}.in-addr.arpa" IN {
+  type master;
+  file "{{ bind_zone_dir }}/{{ ('.'.join(network.replace(network+'.','').split('.')[::-1])) }}.in-addr.arpa";
+  notify yes;
+{% if bind_zone.also_notify is defined %}
+  also-notify  { {{ bind_zone.also_notify|join('; ') }}; };
+{% endif %}
+{% if bind_zone.allow_update is defined %}
+  allow-update { {{ bind_zone.allow_update|join('; ') }}; };
+{% else %}
+  allow-update { none; };
+{% endif %}
+};
+{% endfor %}
+{% endif %}
+{% endif %}
+
+{% if bind_zone.ipv6_networks is defined %}
+{% if bind_zone.create_reverse_zones is not defined or bind_zone.create_reverse_zones %}
+{% for network in bind_zone.ipv6_networks %}
+zone "{{ (network | ipaddr('revdns'))[-(9+(network|regex_replace('^.*/','')|int)//2):] }}" IN {
+  type master;
+  file "{{ bind_zone_dir }}/{{ (network | ipaddr('revdns'))[-(9+(network|regex_replace('^.*/','')|int)//2):-1] }}";
+  notify yes;
+{% if bind_zone.also_notify is defined %}
+  also-notify  { {{ bind_zone.also_notify|join('; ') }}; };
+{% endif %}
+{% if bind_zone.allow_update is defined %}
+  allow-update { {{ bind_zone.allow_update|join('; ') }}; };
+{% else %}
+  allow-update { none; };
+{% endif %}
+};
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endif %}
--- a/roles/bertvv.bind/templates/reverse_zone.j2
+++ b/roles/bertvv.bind/templates/reverse_zone.j2
@@ -0,0 +1,101 @@
+{#
+ #  First create a dict holding the entire zone information and create a hash
+ #  from it, that it can be compared with subsequent task executions. In this
+ #  way the serial will only be updated if there are some content changes.
+ #}
+{% set _zone_data = {} %}
+{% set _ = _zone_data.update({'ttl': bind_zone_ttl}) %}
+{% set _ = _zone_data.update({'domain': item.0.name}) %}
+{% set _ = _zone_data.update({'mname': item.0.name_servers|default([])}) %}
+{% set _ = _zone_data.update({'aname': item.0.other_name_servers|default([])}) %}
+{% if item.0.hostmaster_email is defined %}
+{% set _ = _zone_data.update({'rname': (( item.0.hostmaster_email )) + ('' if (item.0.hostmaster_email is search('\.')) else ('.' + _zone_data['domain']))}) %}
+{% else %}
+{% set _ = _zone_data.update({'rname': 'hostmaster.' + _zone_data['domain']}) %}
+{% endif %}
+{% set _ = _zone_data.update({'refresh': bind_zone_time_to_refresh}) %}
+{% set _ = _zone_data.update({'retry': bind_zone_time_to_retry}) %}
+{% set _ = _zone_data.update({'expire': bind_zone_time_to_expire}) %}
+{% set _ = _zone_data.update({'minimum': bind_zone_minimum_ttl}) %}
+{% set _ = _zone_data.update({'hosts': item.0.hosts|default([]) | selectattr('ip', 'defined') | selectattr('ip', 'string') | selectattr('ip', 'search', '^'+item.1) | list}) %}
+{% set _ = _zone_data.update({'revip': ('.'.join(item.1.replace(item.1+'.','').split('.')[::-1]))}) %}
+{#
+ #  Compare the zone file hash with the current zone data hash and set serial
+ #  accordingly
+ #}
+{% set _zone = {'hash': _zone_data | string | hash('md5')} %}
+{% for _result in reverse_hashes if _result.network == item.1 %}
+{%   set _hash_serial = _result.hash.split(' ')[2:] %}
+{%   if _hash_serial and _hash_serial[0] == _zone['hash'] %}
+{%     set _ = _zone.update({'serial': _hash_serial[1]}) %}
+{%   else %}
+{%     set _ = _zone.update({'serial': timestamp.stdout}) %}
+{%   endif %}
+{% endfor %}
+{#
+ #  Eventually output the zone data
+ #}
+; Hash: {{ _zone['hash'] }} {{ _zone['serial'] }}
+; Reverse zone file for {{ _zone_data['domain'] }}
+{{ ansible_managed | comment(decoration='; ') }}
+
+$TTL {{ _zone_data['ttl'] }}
+$ORIGIN {{ ('.'.join(item.1.replace(item.1+'.','').split('.')[::-1])) }}.in-addr.arpa.
+
+{% if _zone_data['mname']|length > 0 %}
+@ IN SOA {{ _zone_data['mname']|first }}{% if not _zone_data['mname']|first|regex_search('\.$') %}.{{ _zone_data['domain'] }}.{% endif %} {{ _zone_data['rname'] }}. (
+{% else %}
+@ IN SOA {{ ansible_hostname }}.{{ _zone_data['domain'] }}. {{ _zone_data['rname'] }}. (
+{% endif %}
+  {{ _zone['serial'] }}
+  {{ _zone_data['refresh'] }}
+  {{ _zone_data['retry'] }}
+  {{ _zone_data['expire'] }}
+  {{ _zone_data['minimum'] }} )
+
+{% if _zone_data['mname']|length > 0 %}
+{% for ns in _zone_data['mname'] %}
+                       IN  NS   {{ ns }}{% if not ns|regex_search('\.$') %}.{{ _zone_data['domain'] }}.{% endif %}
+
+{% endfor %}
+{% else %}
+                       IN  NS   {{ ansible_hostname }}.{{ _zone_data['domain'] }}.
+{% endif %}
+{% for ns in _zone_data['aname'] %}
+                       IN  NS   {{ ns }}.
+{% endfor %}
+
+{% if _zone_data['hosts']|length > 0 %}
+{% for host in _zone_data['hosts'] %}
+{% if host.ip is defined %}
+{% if host.ip == item.1 %}
+@                      IN  PTR  {{ host.name }}.{{ _zone_data['domain'] }}.
+{% else %}
+{% if host.ip is string and host.ip.startswith(item.1) %}
+{% if host.name == '@' %}
+{{ ('.'.join(host.ip.replace(item.1+'.','').split('.')[::-1])).ljust(16) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  PTR  {{ _zone_data['domain'] }}.
+{% else %}
+{% if "$GENERATE" not in host.name.upper() %}
+{{ ('.'.join(host.ip.replace(item.1+'.','').split('.')[::-1])).ljust(16) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  PTR  {{ host.name }}.{{ _zone_data['domain'] }}.
+{% endif %}
+{% if "$GENERATE" in host.name.upper() %}
+{{ host.name.rsplit(None, 1)[0] }} {{ ('.'.join(host.ip.replace(item.1+'.','').split('.')[::-1])).ljust(16) }} IN  PTR  {{ host.name.rsplit(None, 1)[1] }}.{{ _zone_data['domain'] }}.
+{% endif %}
+{% endif %}
+{% else %}
+{% for ip in host.ip %}
+{% if ip.startswith(item.1) %}
+{{ ('.'.join(ip.replace(item.1+'.','').split('.')[::-1])).ljust(16) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  PTR  {{ _zone_data['domain'] }}.
+{% if host.name == '@' %}
+{% else %}
+{{ ('.'.join(ip.replace(item.1+'.','').split('.')[::-1])).ljust(16) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  PTR  {{ host.name }}.{{ _zone_data['domain'] }}.
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% else %}
+{{ ('.'.join(ansible_default_ipv4.address.replace(item.1+'.','').split('.')[::-1])).ljust(16) }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  PTR  {{ ansible_hostname }}.{{ _zone_data['domain'] }}.
+{% endif %}
--- a/roles/bertvv.bind/templates/reverse_zone_ipv6.j2
+++ b/roles/bertvv.bind/templates/reverse_zone_ipv6.j2
@@ -0,0 +1,96 @@
+{#
+ #  First create a dict holding the entire zone information and create a hash
+ #  from it, that it can be compared with subsequent task executions. In this
+ #  way the serial will only be updated if there are some content changes.
+ #}
+{% set _zone_data = {} %}
+{% set _ = _zone_data.update({'ttl': bind_zone_ttl}) %}
+{% set _ = _zone_data.update({'domain': item.0.name}) %}
+{% set _ = _zone_data.update({'mname': item.0.name_servers|default([])}) %}
+{% set _ = _zone_data.update({'aname': item.0.other_name_servers|default([])}) %}
+{% if item.0.hostmaster_email is defined %}
+{% set _ = _zone_data.update({'rname': (( item.0.hostmaster_email )) + ('' if (item.0.hostmaster_email is search('\.')) else ('.' + _zone_data['domain']))}) %}
+{% else %}
+{% set _ = _zone_data.update({'rname': 'hostmaster.' + _zone_data['domain']}) %}
+{% endif %}
+{% set _ = _zone_data.update({'refresh': bind_zone_time_to_refresh}) %}
+{% set _ = _zone_data.update({'retry': bind_zone_time_to_retry}) %}
+{% set _ = _zone_data.update({'expire': bind_zone_time_to_expire}) %}
+{% set _ = _zone_data.update({'minimum': bind_zone_minimum_ttl}) %}
+{% set _ = _zone_data.update({'hosts': item.0.hosts|default([]) | selectattr('ipv6','defined') | selectattr('ipv6','string') | selectattr('ipv6', 'search', '^'+item.1|regex_replace('/.*$','')) | list }) %}
+{% set _ = _zone_data.update({'revip': (item.1 | ipaddr('revdns'))[-(9+(item.1|regex_replace('^.*/','')|int)//2):] }) %}
+{#
+ #  Compare the zone file hash with the current zone data hash and set serial
+ #  accordingly
+ #}
+{% set _zone = {'hash': _zone_data | string | hash('md5')} %}
+{% for _result in reverse_hashes_ipv6 if _result.network == item.1 %}
+{%   set _hash_serial = _result.hash.split(' ')[2:] %}
+{%   if _hash_serial and _hash_serial[0] == _zone['hash'] %}
+{%     set _ = _zone.update({'serial': _hash_serial[1]}) %}
+{%   else %}
+{%     set _ = _zone.update({'serial': timestamp.stdout}) %}
+{%   endif %}
+{% endfor %}
+{#
+ #  Eventually output the zone data
+ #}
+; Hash: {{ _zone['hash'] }} {{ _zone['serial'] }}
+; Reverse zone file for {{ _zone_data['domain'] }}
+{{ ansible_managed | comment(decoration='; ') }}
+
+$TTL {{ _zone_data['ttl'] }}
+$ORIGIN {{ (item.1 | ipaddr('revdns'))[-(9+(item.1|regex_replace('^.*/','')|int)//2):] }}
+
+{% if _zone_data['mname']|length > 0 %}
+@ IN SOA {{ _zone_data['mname']|first }}{% if not _zone_data['mname']|first|regex_search('\.$') %}.{{ _zone_data['domain'] }}.{% endif %} {{ _zone_data['rname'] }}. (
+{% else %}
+@ IN SOA {{ ansible_hostname }}.{{ _zone_data['domain'] }}. {{ _zone_data['rname'] }}. (
+{% endif %}
+  {{ _zone['serial'] }}
+  {{ _zone_data['refresh'] }}
+  {{ _zone_data['retry'] }}
+  {{ _zone_data['expire'] }}
+  {{ _zone_data['minimum'] }} )
+
+{% if _zone_data['mname']|length > 0 %}
+{% for ns in _zone_data['mname'] %}
+                       IN  NS   {{ ns }}{% if not ns|regex_search('\.$') %}.{{ _zone_data['domain'] }}.{% endif %}
+
+{% endfor %}
+{% else %}
+                       IN  NS   {{ ansible_hostname }}.{{ _zone_data['domain'] }}.
+{% endif %}
+{% for ns in _zone_data['aname'] %}
+                       IN  NS   {{ ns }}.
+{% endfor %}
+
+{% if _zone_data['hosts']|length > 0 %}
+{% for host in _zone_data['hosts'] %}
+{% if host.ipv6 is defined %}
+{% if host.ipv6 == item.1 %}
+@                      IN  PTR  {{ host.name }}.{{ _zone_data['domain'] }}.
+{% else %}
+{% if host.ipv6 is string and host.ipv6.startswith(item.1|regex_replace('/.*$','')) %}
+{% if host.name == '@' %}
+{{ host.ipv6 | ipaddr('revdns') }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  PTR  {{ _zone_data['domain'] }}.
+{% else %}
+{{ host.ipv6 | ipaddr('revdns') }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  PTR  {{ host.name }}.{{ _zone_data['domain'] }}.
+{% endif %}
+{% else %}
+{% for ip in host.ipv6 %}
+{% if ip.startswith(item.1|regex_replace('/.*$','')) %}
+{{ ip | ipaddr('revdns') }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  PTR  {{ _zone_data['domain'] }}.
+{% if host.name == '@' %}
+{% else %}
+{{ ip | ipaddr('revdns') }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  PTR  {{ host.name }}.{{ _zone_data['domain'] }}.
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% else %}
+{{ ansible_default_ipv6.address | ipaddr('revdns') }}{{ (host.ttl|string).rjust(6) if host.ttl is defined else ''.ljust(6) }} IN  PTR  {{ ansible_hostname }}.{{ _zone_data['domain'] }}.
+{% endif %}
--- a/roles/bertvv.bind/templates/slave_etc_named.conf.j2
+++ b/roles/bertvv.bind/templates/slave_etc_named.conf.j2
@@ -0,0 +1,120 @@
+//
+// named.conf
+//
+{{ ansible_managed | comment('c') }}
+//
+{% for acl in bind_acls %}
+acl "{{ acl.name }}" {
+{% for match in acl.match_list %}
+  {{ match }};
+{% endfor %}
+};
+
+{% endfor %}
+options {
+  listen-on port 53 { {{ bind_listen_ipv4|join(';') }}; };
+  listen-on-v6 port 53 { {{ bind_listen_ipv6|join(';') }}; };
+  directory   "{{ bind_dir }}";
+  dump-file   "{{ bind_dir }}/data/cache_dump.db";
+  statistics-file "{{ bind_dir }}/data/named_stats.txt";
+  memstatistics-file "{{ bind_dir }}/data/named_mem_stats.txt";
+  allow-query     { {{ bind_allow_query|join(';') }}; };
+{% if bind_acls|length != 0 %}
+  allow-transfer  { {% for acl in bind_acls %}"{{ acl.name }}"; {% endfor %}};
+{% endif %}
+
+  recursion {% if bind_recursion %}yes{% else %}no{% endif %};
+  {% if bind_recursion %}allow-recursion { {{ bind_allow_recursion|join('; ') }}; };
+  {% endif %}
+{% if bind_forwarders|length > 0 %}forwarders { {{ bind_forwarders|join('; ') }}; };{% endif %}
+  {% if bind_forward_only %}forward only;{% endif %}
+
+  rrset-order { order {{ bind_rrset_order }}; };
+
+  dnssec-enable {{ bind_dnssec_enable }};
+  dnssec-validation {{ bind_dnssec_validation }};
+
+  /* Path to ISC DLV key */
+  bindkeys-file "{{ bind_bindkeys_file }}";
+
+  managed-keys-directory "{{ bind_dir }}/dynamic";
+
+  pid-file "{{ bind_pid_file }}";
+  session-keyfile "{{ bind_session_keyfile }}";
+
+{% if bind_query_log is defined %}
+  querylog yes;
+{% endif %}
+};
+
+{% if bind_statistics_channels %}
+statistics-channels {
+  inet {{ bind_statistics_host }} port {{ bind_statistics_port }} allow { {{ bind_statistics_allow|join('; ') }}; };
+};
+{% endif %}
+
+logging {
+  channel default_debug {
+    file "{{ bind_log }}";
+    severity dynamic;
+    print-time yes;
+  };
+{% if bind_query_log is defined %}
+  channel querylog {
+    {% if bind_query_log.file is defined %}
+      file "{{ bind_query_log.file }}" versions {{ bind_query_log.versions }} size {{ bind_query_log.size }};
+    {% else %}
+      file "{{ bind_query_log }}" versions 600 size 20m;
+    {% endif %}
+    severity dynamic;
+    print-time yes;
+  };
+  category queries { querylog; };
+{% endif %}
+};
+
+{% for file in bind_default_zone_files %}
+include "{{ file }}";
+{% endfor %}
+{% for file in bind_extra_include_files %}
+include "{{ file }}";
+{% endfor %}
+
+{% if bind_zone_domains is defined %}
+{% for bind_zone in bind_zone_domains %}
+{% if bind_zone.create_forward_zones is not defined or bind_zone.create_forward_zones %}
+zone "{{ bind_zone.name }}" IN {
+  type slave;
+  masters { {{ bind_zone_master_server_ip }}; };
+  file "{{ bind_slave_dir }}/{{ bind_zone.name }}";
+{% if bind_zone.delegate is defined %}
+  forwarders {};
+{% endif %}
+};
+{% endif %}
+
+{% if bind_zone.create_reverse_zones is not defined or bind_zone.create_reverse_zones %}
+{% if bind_zone.networks is defined %}
+{% for network in bind_zone.networks %}
+zone "{{ ('.'.join(network.replace(network+'.','').split('.')[::-1])) }}.in-addr.arpa" IN {
+  type slave;
+  masters { {{ bind_zone_master_server_ip }}; };
+  file "{{ bind_slave_dir }}/{{ ('.'.join(network.replace(network+'.','').split('.')[::-1])) }}.in-addr.arpa";
+};
+{% endfor %}
+{% endif %}
+{% endif %}
+
+{% if bind_zone.create_reverse_zones is not defined or bind_zone.create_reverse_zones %}
+{% if bind_zone.ipv6_networks is defined %}
+{% for network in bind_zone.ipv6_networks %}
+zone "{{ (network | ipaddr('revdns'))[-(9+(network|regex_replace('^.*/','')|int)//2):] }}" IN {
+  type slave;
+  masters { {{ bind_zone_master_server_ip }}; };
+  file "{{ bind_slave_dir }}/{{ (network | ipaddr('revdns'))[-(9+(network|regex_replace('^.*/','')|int)//2):-1] }}";
+};
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endif %}