include "/etc/bind/rndc.key";

controls {
  inet 127.0.0.1 port 953
  allow { 127.0.0.1; } keys { "rndc-key"; };
};

options {
  directory "/var/bind";

  // Configure the IPs to listen on here.
  listen-on { any; };
  listen-on-v6 { none; };

  // Specify a list of IPs/masks to allow zone transfers to here.
  //
  // You can override this on a per-zone basis by specifying this inside a zone
  // block.
  //
  // Warning: Removing this block will cause BIND to revert to its default
  //          behaviour of allowing zone transfers to any host (!).
  allow-transfer {
    none;
  };

  // If you have problems and are behind a firewall:
  //query-source address * port 53;

  pid-file "/var/run/named/named.pid";

  allow-recursion { none; };
  recursion no;

  lame-ttl 60;
  notify master-only; // No notifications within slaves
  allow-notify { 159.69.27.184; };
};
{% for zone in zones %}
zone "{{ zone }}" IN {
  type slave;
  file "/src/zones/db.{{ zone }}.repl";
  masters port 1053 { 10.232.0.6; };
  allow-query { any; };
};
{% endfor %}