{% extends "base.html" %}
{% load i18n %}{% load bootstrap %}

{% block content %}
    <div class="row">
        <div class="col-lg-12">
            <div class="well">
                <h3>{% trans "Nameserver Shared Secret Generated" %}</h3>
                <p>{% trans "New nameserver shared secret generated for you. Everytime you visit this page a new secret will be generated and the old one becomes invalid." %}</p>
                <p>{% trans "Algorithm:" %} <b>{{ object.get_bind9_algorithm }}</b></p>
                <p>{% trans "Secret:" %} <b>{{ shared_secret }}</b></p>
            </div>
        </div>
    </div>
    <div class="row">
        <div class="col-lg-12">
            <div class="well">
                <h3>{% trans "How to configure your bind9 nameserver to accept dynamic DNS updates?" %}</h3>
                <pre>
// configuration snippet for bind 9 nameserver (put it into /etc/bind9/named.conf )

key "{{ object.name }}." {
    // everyone who has this key may update this zone:
    // must be same algorithm as in the Domain record of the nsupdate.info based service
    algorithm {{ object.get_bind9_algorithm }};
    // the secret is just a shared secret in base64-encoding, you don't need
    // to use a special tool to create it. Some random in base64 encoding should
    // be OK. must be same secret as in the Domain database record of the nsupdate.info based service
    secret "{{ shared_secret }}";
};

zone {{ object.name }} {
        type master;
        // bind9 needs write permissions into that directory and into that file:
        file "/etc/bind/zones/{{ object.name }}";
        update-policy {
            // these "deny" entries are needed for the service domain,
            // if you add another domain, you may want to check the need
            // for other "deny" entries if the zone is not fully available.
            // we don't allow updates to the infrastructure hosts:
            deny  {{ object.name }}.      name      {{ object.name }};
            deny  {{ object.name }}.      name  www.{{ object.name }};
            deny  {{ object.name }}.      name ipv4.{{ object.name }};
            deny  {{ object.name }}.      name ipv6.{{ object.name }};
            // but we allow updates to any other host:
            grant {{ object.name }}. subdomain {{ object.name }};
        };
};
</pre>
            </div>
            <div class="well">
                <h3>How to setup the initial zone file?</h3>
                <pre>
$ORIGIN .
$TTL 3600       ; 1 hour
; note: please fix SOA, NS, A, AAAA, MX as needed:
{{ object.name }}       IN SOA  ns1.{{ object.name }}. root.{{ object.name }}. (
                                2013123101 ; serial YYYYMMDDNN
                                7200       ; refresh (2 hours)
                                1800       ; retry (30 minutes)
                                604800     ; expire (1 week)
                                60         ; minimum (1 minute)
                                )
                        NS      ns1.{{ object.name }}.
                        NS      ns2.{{ object.name }}.
                        A       1.2.3.4
                        AAAA    ::
                        MX      10 mail.{{ object.name }}.
$ORIGIN {{ object.name }}.
$TTL 3600       ; 1 hour
; note: the www, ipv4, ipv6 host entries are ONLY needed if you run the
; nsupdate.info service on these hosts. if you just want to add another
; domain that can be updated from an existing nsupdate.info service, you
; won't need these host records:
www                     A       1.2.3.4
                        AAAA    ::1
ipv4                    A       1.2.3.4
ipv6                    AAAA    ::1
</pre>
            </div>
    </div>
{% endblock %}