Remove the ability of dns_forward_zones to configure ip listening/allowed ranges
Update documentation to reflect this change.
Change restart behavior to run `systemctl daemon-reload` to adapt to
possible reconfiguration of unit file.
Bug fix in config file - had listen instead of access-control in one
section.
Change-Id: I0aa01a1ad5cd06f79e5c4fda68367e1416c6bd9d
diff --git a/templates/unbound.conf.j2 b/templates/unbound.conf.j2
index d6b3feb..1c2f1c3 100644
--- a/templates/unbound.conf.j2
+++ b/templates/unbound.conf.j2
@@ -25,16 +25,10 @@
{% else %}
# allow queries from localhost
access-control: 127.0.0.0/24 allow
-{% if unbound_allow_zone_ips and dns_forward_zones %}
- # allow from networks defined in zones
-{% for key, value in dns_forward_zones.items() %}
- access-control: {{ value.ip_range }} allow
-{% endfor %}
-{% endif %}
{% if unbound_allow_ips %}
# listen on specific IPs
{% for ip in unbound_allow_ips %}
- interface: {{ ip }} allow
+ access-control: {{ ip }} allow
{% endfor %}
{% endif %}
{% endif %}
@@ -45,16 +39,7 @@
interface: {{ ansible_default_ipv4.address }}
{% endif %}
-{% if unbound_listen_zone_ips and dns_forward_zones %}
-{% for key, value in dns_forward_zones.items() %}
-{% set if_ip = value.ip_range | ipaddr('next_usable') | ipaddr('address') %}
-{% if if_ip in ansible_all_ipv4_addresses %}
- # listen on IPs defined by dns_forward_zones: {{ key }}
- interface: {{ if_ip }}
-{% endif %}
-{% endfor %}
-{% endif %}
{% if unbound_listen_ips %}
# listen on specific IPs
{% for ip in unbound_listen_ips %}