2 files changed, 13 insertions, 16 deletions

diff --git a/roles/network/bind/defaults/main.yml b/roles/network/bind/defaults/main.yml
index 7ed9521b..89f7ff58 100644
--- a/roles/network/bind/defaults/main.yml
+++ b/roles/network/bind/defaults/main.yml
@@ -19,7 +19,11 @@
 
 ## zone configs
 
-bind_empty_onion_zone: no
+bind_zone_blacklist: []
+# bind_zone_blacklist:
+#   - onion
+#   - zip
+#   - mov
 
 # bind_master_zones:
 #   example.com:
diff --git a/roles/network/bind/tasks/main.yml b/roles/network/bind/tasks/main.yml
index 49898162..34e417db 100644
--- a/roles/network/bind/tasks/main.yml
+++ b/roles/network/bind/tasks/main.yml
@@ -60,32 +60,25 @@
   notify: reload bind
 
 
-- name: add empty .onion zone
-  when: bind_empty_onion_zone
+- name: add zone blacklist config
   copy:
-    dest: /etc/bind/named.conf.onion
+    dest: "/etc/bind/named.conf.blacklist"
     content: |
-      // block .onion addresses
-      zone "onion" {
+      {% for zone in bind_zone_blacklist %}
+      zone "{{ zone }}" {
               type master;
               file "/etc/bind/db.empty";
               zone-statistics no;
               notify no;
       };
+      {% endfor %}
   notify: reload bind
 
-- name: remove empty .onion zone
-  when: not bind_empty_onion_zone
-  file:
-    path: /etc/bind/named.conf.onion
-    state: absent
-  notify: reload bind
-
-- name: enable/disable empty .onion zone
+- name: enable zone backlist
   lineinfile:
     path: /etc/bind/named.conf
-    line: 'include "/etc/bind/named.conf.onion";'
-    state: "{{ bind_empty_onion_zone is defined | ternary('present', 'absent') }}"
+    line: 'include "/etc/bind/named.conf.blacklist";'
+    state: present
   notify: reload bind