From f5b922265b5d392ee2a075d3860c5c54270242f5 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 18 Feb 2018 10:04:27 -0600
Subject: [PATCH] roles/named: Add allow-update block to named.conf

The `allow-update` block in `named.conf` enumerates the hosts/networks
that are allowed to issue dynamic DNS updates. This is required in
Active Directory and other environments where clients and/or DHCP
servers create DNS records automatically.

By default, the block is omitted from the generated configuration file.
The `named_allow_update` variable can be set to a list of patterns (e.g.
CIDR blocks, ACL names, etc.) to populate it.
---
 roles/named/templates/named.conf.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/named/templates/named.conf.j2 b/roles/named/templates/named.conf.j2
index 1e47a9f..f7a9fc8 100644
--- a/roles/named/templates/named.conf.j2
+++ b/roles/named/templates/named.conf.j2
@@ -23,6 +23,14 @@ options {
 		{{ match }};
 {% endfor %}
 	};
+{% if named_allow_update %}
+
+	allow-update {
+{% for match in named_allow_update %}
+		{{ match }};
+{% endfor %}
+	};
+{% endif %}
 
 	recursion {{ yesno(named_recursion) }};