//
// {{ ansible_managed }}
//
options {
	directory "/var/cache/bind";

	dnssec-validation no;
	auth-nxdomain no;

	allow-query { any; };
	allow-recursion {
		127.0.0.1;
		::1;
		internal;
	};
	allow-transfer { any; };

	listen-on {
		127.0.0.1;
		{{ anycast_ipv4 | ipaddr('address') }};
		{{ loopback_net_ipv4 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% for mesh in meshes %}
		{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% endfor %}
		{{ icvpn_ipv4_transfer_net | ipaddr('net') | ipsubnet(24, 37) | ipaddr(magic) | ipaddr('address') }};
	};

	listen-on-v6 {
		::1;
		{{ anycast_ipv6 | ipaddr('address') }};
		{{ loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% for mesh in meshes %}
{% for ip in mesh.ipv6_ula %}
		{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
{% endfor %}
{% endfor %}
		{{ icvpn_ipv6_transfer_net | ipaddr('net') | ipsubnet(112, 37) | ipaddr(magic) | ipaddr('address') }};
	};
};