61 lines
2.5 KiB
YAML
61 lines
2.5 KiB
YAML
options:
|
|
allowed_nets:
|
|
default: ""
|
|
type: string
|
|
description: |
|
|
String containing a list of allowed networks of hosts for DNS
|
|
queries, separated by semicolons: e.g.,
|
|
"10.0.0.0/8;172.16.0.0/12;192.168.0.0/16". The option is
|
|
equivalent to "allow-query" in BIND9. If not specified, the
|
|
default is to allow queries from all hosts.
|
|
allowed_recursion_nets:
|
|
default: ""
|
|
type: string
|
|
description: |
|
|
String containing a list of allowed networks of hosts for
|
|
recursive queries through the designate-bind servers, spearated by
|
|
semicolons: e.g., "10.0.0.0/8;172.16.0.0/12;192.168.0.0/16". The
|
|
option is equivalent to "allow-recursion" in BIND9. If
|
|
allowed_recursion_nets is not set then allowed_nets is used if
|
|
set, otherwise any will be set to allow recursive queries from all
|
|
hosts.
|
|
forwarders:
|
|
default: ""
|
|
type: string
|
|
description: |
|
|
String containing a list of forwarders, separated by semicolons:
|
|
e.g., "8.8.8.8;8.8.4.4". As non-empty forwarders option implies
|
|
recursion, recursive queries will be enabled regardless of the
|
|
value set in the recursion option. When using this option, ACLs
|
|
should be used with allowed_nets and/or allowed_recursion_nets to
|
|
prevent it from being a open resolver.
|
|
recursion:
|
|
default: false
|
|
type: boolean
|
|
description: |
|
|
Whether or not to enable recursive queries with BIND9 itself to be
|
|
installed by the charm. The option is equivalent to "recursion" in
|
|
BIND9. When using this option, ACLs should be used with
|
|
allowed_nets and/or allowed_recursion_nets to prevent it from
|
|
being a open resolver.
|
|
disable-dnssec-validation:
|
|
default: false
|
|
type: boolean
|
|
description: |
|
|
Whether or not to disable DNSSEC validation. This may be helpful
|
|
in a situation that upstream DNS servers do not support DNSSEC,
|
|
and BIND9 reports "Unable to fetch DNSKEY". For production
|
|
deployments, it's encouraged to keep DNSSEC enabled.
|
|
service_ips:
|
|
default: ""
|
|
type: string
|
|
description: |
|
|
Service IPs are list of Virtual IPs that will be assigned to the
|
|
designate-bind units. This option accepts comma separated list of
|
|
IPv4 or IPv6 addresses that belong to the at least one directly
|
|
connected network.
|
|
This option also requires that relation with subordinate hacluster
|
|
unit is created, otherwise the designate-bind units go into the the
|
|
blocked state until the hacluster relation is made, or this option
|
|
is uncofigured.
|