From 3078ba57f8dd1d31eb483722dc445ff0f3011f71 Mon Sep 17 00:00:00 2001
From: Adrien Waksberg <git@yae.im>
Date: Sun, 8 Jul 2018 23:02:11 +0200
Subject: [PATCH] fix: full disable allow_transfer if empty

---
 templates/named.conf.local.j2 | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/named.conf.local.j2 b/templates/named.conf.local.j2
index 8079c05..ed569c5 100644
--- a/templates/named.conf.local.j2
+++ b/templates/named.conf.local.j2
@@ -9,13 +9,15 @@ zone "{{ zone }}" IN {
 {% else %}
   file "/etc/bind/zones/{{ zone }}/db";
 {% endif %}
-{% if 'allow_transfer' in value and value.dnssec %}
   allow-transfer {
+{% if 'allow_transfer' in value and value.dnssec %}
 {% for ip in value.allow_transfer %}
     {{ ip }};
 {% endfor %}
-  };
+{% else %}
+    "none";
 {% endif %}
+  };
 {% if 'options' in value %}
 {% for option,  opt_value in value.options.iteritems() %}
   {{ option }} {% if opt_value == True %}yes{% elif opt_value == False %}no{% else %}{{ opt_value }}{% endif %};