From 05b4c3a9f44f9ccd832f8a5e9d638091ffd037e8 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 19 Jun 2025 13:55:28 +0000
Subject: [PATCH] Add only required reverse zones for dna gw hosts

---
 group_vars/dnagw.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/group_vars/dnagw.yml b/group_vars/dnagw.yml
index 1434d5a..c79813f 100644
--- a/group_vars/dnagw.yml
+++ b/group_vars/dnagw.yml
@@ -34,8 +34,16 @@ network_ether_interfaces:
     proto: none
 
 unbound_zones:
-  - 20.172.in-addr.arpa
-  - home.foo.sh
+  - 144-28.96.16.37.in-addr.arpa
+  - foo.sh
+  - >-
+    {% set reverse = intnet | ansible.utils.ipaddr('network') | ansible.utils.ipaddr('revdns') -%}
+    {% if intnet | ansible.utils.ipaddr('prefix') < 24 -%}
+    {{ reverse[:-1] | split('.', 2) | last -}}
+    {% else -%}
+    {{ reverse[:-1] | split('.', 1) | last -}}
+    {% endif -%}
+  - "{{ inventory_hostname.split('.')[1:] | join('.') }}"
 
 # use custom firewall config
 firewall_src: pf.conf.gw_dna.j2