On the geo-nameservers, do not bind to localhost

[mirror/dsa-puppet.git] / modules / named / templates / named.conf.options.erb

diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb
index f801222..4cb466e 100644 (file)
--- a/modules/named/templates/named.conf.options.erb
+++ b/modules/named/templates/named.conf.options.erb
@@ -20,7 +20,12 @@ options {
        directory "/var/cache/bind";
 
        auth-nxdomain no;    # conform to RFC1035
+<% if classes.include?("named::geodns") -%>
+       listen-on { ! 127.0.0.1; any; };
+       listen-on-v6 { ! ::1; any; };
+<% else -%>
        listen-on-v6 { any; };
+<% end -%>
 
        allow-transfer { none; };
        allow-update { none; };