1 files changed, 8 insertions, 15 deletions

diff --git a/roles/network/bind/tasks/main.yml b/roles/network/bind/tasks/main.yml
index 49898162..34e417db 100644
--- a/roles/network/bind/tasks/main.yml
+++ b/roles/network/bind/tasks/main.yml
@@ -60,32 +60,25 @@
   notify: reload bind
 
 
-- name: add empty .onion zone
-  when: bind_empty_onion_zone
+- name: add zone blacklist config
   copy:
-    dest: /etc/bind/named.conf.onion
+    dest: "/etc/bind/named.conf.blacklist"
     content: |
-      // block .onion addresses
-      zone "onion" {
+      {% for zone in bind_zone_blacklist %}
+      zone "{{ zone }}" {
               type master;
               file "/etc/bind/db.empty";
               zone-statistics no;
               notify no;
       };
+      {% endfor %}
   notify: reload bind
 
-- name: remove empty .onion zone
-  when: not bind_empty_onion_zone
-  file:
-    path: /etc/bind/named.conf.onion
-    state: absent
-  notify: reload bind
-
-- name: enable/disable empty .onion zone
+- name: enable zone backlist
   lineinfile:
     path: /etc/bind/named.conf
-    line: 'include "/etc/bind/named.conf.onion";'
-    state: "{{ bind_empty_onion_zone is defined | ternary('present', 'absent') }}"
+    line: 'include "/etc/bind/named.conf.blacklist";'
+    state: present
   notify: reload bind