ansible-roles/dns_server/templates/nsd.conf

# $OpenBSD: nsd.conf,v 1.13 2018/08/16 17:59:12 florian Exp $

server:
	hide-version: yes
	verbosity: 1
	database: "" # disable database

remote-control:
	control-enable: yes
	control-interface: /var/run/nsd.sock

## tsig key example
#key:
#	name: "tsig1.example.com."
#	algorithm: hmac-sha256
#	secret: "bWVrbWl0YXNkaWdvYXQ="

{% for zone in dns_zones %}
zone:
    name: "{{ zone.name }}"
    zonefile: "{{ zone.role }}/{{ zone.name }}"
{% if zone.role == "master" %}
{% for slave in zone.slaves %}
	notify: {{ slave }} NOKEY
	provide-xfr: {{ slave }} NOKEY
{% endfor %}
{% elif zone.role == "slave" %}
#	allow-notify: 192.0.2.2 tsig1.example.com.
#	request-xfr: 192.0.2.2 tsig1.example.com.
{% endif %}
{% endfor %}

## slave zone example
#zone:
#	name: "example.net"
#	zonefile: "slave/example.net"
#	allow-notify: 192.0.2.2 tsig1.example.com.
#	request-xfr: 192.0.2.2 tsig1.example.com.