//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

# zone "debuntu.foo" {
#        type master;
#        file "debuntu.foo.db";
#        notify no;
#};

// Unfortunately, AFAICT we need to list the Linode IPs as an ACL (so they
// can make the requests) *and* as masters (so they get the notify).
acl "linode" {
    // Linode
    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
    104.237.137.10;
    45.79.109.10;
    74.207.225.10;
    207.192.70.10;
    109.74.194.10;
    2600:3c00::a;
    2600:3c01::a;
    2600:3c02::a;
    2600:3c03::a;
    2a01:7e00::a;
    // Import
    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#import-a-dns-zone
    96.126.114.97;
    96.126.114.98;
    2600:3c00::5e;
    2600:3c00::5f;
};

masters "linode" {
    // Linode
    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
    104.237.137.10;
    45.79.109.10;
    74.207.225.10;
    207.192.70.10;
    109.74.194.10;
    2600:3c00::a;
    2600:3c01::a;
    2600:3c02::a;
    2600:3c03::a;
    2a01:7e00::a;
    // Import
    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#import-a-dns-zone
    96.126.114.97;
    96.126.114.98;
    2600:3c00::5e;
    2600:3c00::5f;
};

// The actual ACL building blocks
acl "transfer-allowed" {
    localhost;
    207.29.250.54;  // ???
    18.4.60.36;     // charon
    18.49.3.1;      // charon4
    18.25.131.1;    // charon4
    74.207.246.137; // arctic
    66.92.29.156;   // copan
    18.18.208.12;   // olinda
    18.25.129.162;  // adehnert3.xvm
    130.44.166.3;   // DD
    18.18.208.22;   // chankillo
    "linode";
};

masters "primary-ns" {
    18.18.208.22;   // chankillo
};

masters "secondary-ns" {
    18.25.129.162;  // adehnert3.xvm
    18.18.208.12;   // olinda
    linode;
};

include "/etc/bind/named.conf.per-host";

zone "dynamic.dehnert.arctic.org" IN {
	// DNAME to the real, dynamic.dehnerts.com, zone
	type master;
	file "/etc/bind/pri/arctic-dynamic.zone";
	allow-update { none; };
	allow-transfer { "transfer-allowed"; };
	allow-query { any; };
	//notify no;
};

zone "dehnert.arctic.org" IN {
	type master;
	file "/etc/bind/pri/combined-dehnerts.zone";
        allow-update { none; };
	allow-transfer { "transfer-allowed"; };
	allow-query { any; };
	//notify no;
};
zone "dehnerts.com" IN {
	type master;
	file "/etc/bind/pri/combined-dehnerts.zone";
	#update-policy { grant * selfsub * A TXT;};
        allow-update { none; };
	allow-transfer { "transfer-allowed"; };
	allow-query { any; };
	also-notify { "secondary-ns"; };
};

logging {
    channel query.log {
        file "/var/log/named/query.log" versions 10 size 100M;
        // Set the severity to dynamic to see all the debug messages.
        severity debug 3;
        print-category yes;
        print-severity yes;
        print-time yes;
    };

    category queries { query.log; };
};