// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//

include "/etc/bind/named.conf.options";

include "/etc/bind/rndc.key";

view "internal" {
    match-clients { 140.221.9.6;140.221.8.10;140.221.8.88;140.221.8.15; };
        recursion yes;
        // prime the server with knowledge of the root servers
        zone "." {
                type hint;
                file "/etc/bind/db.root";
        };
	{% for zone in zones %}
	zone "{{ zone.1 }}" {
		type master;
		file "/etc/bind/hostbase/{{ zone.1 }}";
		notify no;
		also-notify { 140.221.9.6;140.221.8.10;140.221.8.88;140.221.8.15; };
	};{% endfor %}
	// be authoritative for the localhost forward and reverse zones, and for
	// broadcast zones as per RFC 1912

	zone "localhost" {
		type master;
		file "/etc/bind/db.local";
	};

	zone "127.in-addr.arpa" {
		type master;
		file "/etc/bind/db.127";
	};

	zone "0.in-addr.arpa" {
		type master;
		file "/etc/bind/db.0";
	};

	zone "255.in-addr.arpa" {
		type master;
		file "/etc/bind/db.255";
	};
	{% for reverse in reverses %}
	zone "{{ reverse.0 }}.in-addr.arpa" {
		type master;
		file "/etc/bind/hostbase/{{ reverse.0 }}.rev";
		notify no;
		also-notify { 140.221.9.6;140.221.8.10;140.221.8.88; };
	};{% endfor %}
	include "/etc/bind/named.conf.static";
};

view "external" {
    match-clients { any; };
        recursion no;
	{% for zone in zones %}
	zone "{{ zone.1 }}" {
		type master;
		file "/etc/bind/hostbase/{{ zone.1 }}.external";
		notify no;
	};{% endfor %}

	{% for reverse in reverses %}
	zone "{{ reverse.0 }}.in-addr.arpa" {
		type master;
		file "/etc/bind/hostbase/{{ reverse.0 }}.rev.external";
		notify no;
	};{% endfor %}
	include "/etc/bind/named.conf.static";
};


// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
//  Because many of our users are uncomfortable receiving undelegated answers
//  from root or top level domains, other than a few for whom that behaviour
//  has been trusted and expected for quite some length of time, we have now
//  introduced the "root-delegations-only" feature which applies delegation-only
//  logic to all top level domains, and to the root domain.  An exception list
//  should be specified, including "MUSEUM" and "DE", and any other top level
//  domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/named.conf.local";