From 71469832a67b05fae9f5a88ca3db3f16ff56c116 Mon Sep 17 00:00:00 2001
From: skorpy <magnus@skorpy.space>
Date: Thu, 4 Jul 2024 13:32:16 +0200
Subject: [PATCH] knot: add the option for secondary ns

---
 knot-dns/files/knot.conf.j2 | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/knot-dns/files/knot.conf.j2 b/knot-dns/files/knot.conf.j2
index c37adb98..c7648cc5 100644
--- a/knot-dns/files/knot.conf.j2
+++ b/knot-dns/files/knot.conf.j2
@@ -1,8 +1,4 @@
-{%- set knot = pillar['knot-dns'] -%}
-#
-# This is a sample of a minimal configuration file for Knot DNS.
-# For more details, see man 5 knot.conf or refer to the server documentation.
-#
+{%- set knot = salt['pillar.get']('knot-dns') -%}
 
 server:
     # Listen on all configured IPv4 interfaces.
@@ -13,6 +9,8 @@ server:
     user: knot:knot
     # https://www.knot-dns.cz/docs/latest/html/reference.html#edns-client-subnet
     edns-client-subnet: on
+    automatic-acl: on
+
 log:
     # Log info and more serious events to syslog.
   - target: syslog
@@ -46,22 +44,36 @@ mod-geoip:
     ttl: 200
     mode: subnet
 
+{%- if salt['pillar.get']('knot-dns.secondary-remote', []) %}
+remote:
+  {{ salt['pillar.get']('knot-dns.secondary-remote', [])) | yaml(False) | indent(2) }}
+{%- endif %}
+
 template:
   - id: default
-    file: /var/lib/knot/zones/%s.zone
     serial-policy: unixtime
-    storage: "/var/lib/knot"
+    storage: "/var/lib/knot/zones"
+    file: "%s.zone"
     global-module: [mod-stats, mod-rrl/default]
   - id: reverseV4
-    storage: "/var/lib/knot"
-    file: /var/lib/knot/zones/%s.zone
     serial-policy: unixtime
+    storage: "/var/lib/knot/zones"
+    file: "%s.zone"
     module: mod-synthrecord/v4185206208
   - id: reverseV6
-    storage: "/var/lib/knot"
-    file: /var/lib/knot/zones/%s.zone
+    storage: "/var/lib/knot/zones"
+    file: "%s.zone"
     serial-policy: unixtime
     module: mod-synthrecord/v63786
+{%- for remote in salt['pillar.get']('knot-dns.secondary-remote', []) %}
+  - id: secondary-{{ remote }}
+    master: {{ remote }}
+    storage: "/var/lib/knot/secondary"
+    file: "%s.zone"
+    zonefile-sync: -1
+    zonefile-load: difference
+    journal-content: changes
+{%- endfor %}
 
 zone:
-  {{ knot['zone']|yaml(False)| indent(2) }}
+  {{ (knot['zone'] + salt['pillar.get']('knot-dns.secondary-zone', [])) | yaml(False) | indent(2) }}
-- 
GitLab