Commit 63d3125a authored by anarcat's avatar anarcat Committed by anarcat

#922278 - allow slaves to do zone transfers on all zones

we don't make an allow-transfer {} block global because the admin probably has another option {} block somewhere we can't duplicate
parent ea9c25a7
......@@ -50,4 +50,20 @@ class provisionConfig_bind_zone extends provisionConfig_dns_zone {
}
class provisionConfig_bind_server extends provisionConfig_dns_server {
}
/**
* pre-render the slave servers IP addresses
*
* This is done so we can configure the allow-transfer ACL.
*/
function process() {
parent::process();
$slaves = array();
if (!is_array($this->server->slave_servers)) {
$this->server->slave_servers = array($this->server->slave_servers);
}
foreach ($this->server->slave_servers as $slave) {
$slaves = array_merge($slaves, d($slave)->ip_addresses);
}
$this->data['server']->slave_servers_ips = $slaves;
}}
<?php
$slave_acl = "";
if (is_array($server->slave_servers_ips)) {
$slaves = implode(";", $server->slave_servers_ips);
if (!empty($slaves)) {
$slave_acl = "allow-transfer { $slaves; };\n";
}
}
foreach ($records as $key => $name) {
printf('zone "%s" { type master; file "%s/%s.zone"; allow-query { any; }; };' . "\n", $name, $dns_zoned_path, $name);
printf('zone "%s" { type master; file "%s/%s.zone"; allow-query { any; }; %s };' . "\n", $name, $dns_zoned_path, $name, $slave_acl);
}
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment