; {{ ansible_managed }}

$TTL    {{ item.value.ttl|default(3600) }}
@       IN      SOA    {{ item.value.ns_primary }}. {{ item.value.mail|replace('@', '.') }}. (
  {{ item.value.serial }} ; Serial
  {{ item.value.refresh|default(14400) }} ; Refresh
  {{ item.value.retry|default(86400) }} ; Retry
  {{ item.value.expire|default(2419200) }} ; Expire
  {{ item.value.negative_cache|default(86400) }} ; Negative Cache TTL
)

{% for record in item.value.records %}
{% if record.type|upper == 'MX' %}
{{ record.name }} {{ record.ttl|default(' ') }} IN MX {{ record.priority }} {{ record.value }}
{% elif record.type|upper == 'SRV' %}
{{ record.name }} {{ record.ttl|default(' ') }} IN SRV {{ record.priority }} {{ record.weight }} {{ record.port }} {{ record.value }}
{% elif record.type|upper == 'CAA' %}
{{ record.name }} {{ record.ttl|default(' ') }} CAA {{ record.flag }} {{ record.tag }} "{{ record.value }}"
{% elif record.type|upper == 'TXT' %}
{{ record.name }} {{ record.ttl|default(' ') }} IN TXT (
{% for charset in record.value|batch(64) %}
  "{{ charset|join('') }}"
{% endfor %}
)
{% else %}
{{ record.name }} {{ record.ttl|default(' ') }} IN {{ record.type|upper }} {{ record.value }}
{% endif %}
{% endfor %}
{% if item.key in bind_dnssec %}

{% for key_type, key_values in bind_dnssec[item.key].iteritems() %}
$INCLUDE K{{ item.key }}.+{{ "00{}".format(key_values.algorithm)[-3:] }}+{{ key_values.tag }}.key
{% endfor %}
{% endif %}