configpolicy/group_vars/pyrocufflink-dns.yml

named_listen:
- addresses:
  - any
named_listen_v6:
- addresses:
  - any
named_allow_query:
- any
named_dnssec_validation: false
named_response_policy:
- zone "blackhole.rpz"
named_queries_syslog: true
named_rpz_syslog: true

pyrocufflink_common_zones:
- zone: pyrocufflink.blue
  type: forward
  forward: only
  forwarders:
  - 172.30.0.10
  - 172.30.0.9
- zone: 0.30.172.in-addr.arpa
  type: forward
  forward: only
  forwarders:
  - 172.30.0.10
  - 172.30.0.9
- zone: securepassage.com
  type: forward
  forward: only
  forwarders:
  - 192.168.20.146
  - 192.168.20.147
- zone: lab.firemon.com
  type: forward
  forward: only
  forwarders:
  - 192.168.20.146
  - 192.168.20.147
- zone: fmos.test
  type: forward
  forward: only
  forwarders:
  - 192.168.20.146
  - 192.168.20.147
- zone: 168.192.in-addr.arpa
  type: forward
  forward: only
  forwarders:
  - 192.168.20.146
  - 192.168.20.147
- zone: 4.16.172.in-addr.arpa
  type: forward
  forward: only
  forwarders:
  - 192.168.20.146
  - 192.168.20.147
- zone: 5.16.172.in-addr.arpa
  type: forward
  forward: only
  forwarders:
  - 192.168.20.146
  - 192.168.20.147

named_zones: '{{ pyrocufflink_red_zones + pyrocufflink_common_zones + rpz_zones }}'