dnssec-validation yes;
<% end -%>
-<% if classes.include?('named::authoritative') and not scope.lookupvar('site::nodeinfo')['dns_primary'] -%>
+<% if scope.function_has_role(['dns_secondary']) -%>
rate-limit {
responses-per-second 25;
window 5;
};
<% end -%>
+ max-journal-size 100K;
};
logging {
};
category queries { queries; };
category lame-servers { null; };
+
+ channel transfers {
+ file "/var/log/bind9/named-transfers.log" versions 4 size 40m;
+ print-time yes;
+ print-category yes;
+ };
+ category xfer-out { transfers; };
+ category notify { transfers; };
+
};
-
<% if classes.include?('named::authoritative') -%>
include "/etc/bind/named.conf.puppet-shared-keys";
<% end -%>