From e9c9445a966a7817a501cf6a9c03a39885935569 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Fri, 6 Apr 2018 20:11:08 -0500
Subject: [PATCH] roles/named: Support global forwarders

The *named* role now supports configuring BIND to use forwarders for
recursive queries instead of or in addition to the root nameservers.
---
 roles/named/templates/named.conf.j2 | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/roles/named/templates/named.conf.j2 b/roles/named/templates/named.conf.j2
index 73981dc..0240a12 100644
--- a/roles/named/templates/named.conf.j2
+++ b/roles/named/templates/named.conf.j2
@@ -37,6 +37,18 @@ options {
 
 	dnssec-enable {{ yesno(named_dnssec) }};
 	dnssec-validation {{ yesno(named_dnssec_validation) }};
+{% if named_forwarders is defined %}
+{% if named_forward_only|d|bool %}
+	forward only;
+{% else %}
+	forward first;
+{% endif %}
+	forwarders {
+{% for host in named_forwarders %}
+		{{ host }};
+{% endfor %}
+	};
+{% endif %}
 
 	managed-keys-directory "{{ named_managed_keys_dir }}";