//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

key "acme-update-key" {
	algorithm hmac-sha512;
	secret "T6R1TpLGegHwFWO/I1LwtdGePRD+w00Oe4mJECW7qfheKJ/7FxlINH+Yk2vMvJCVNojj8BWoFAyEFCwGBpGROQ==";
};

zone "czechultimate.cz" {
        type master;
        file "/etc/bind/zones/czechultimate.cz.dns";
        inline-signing yes;
        auto-dnssec maintain;
        key-directory "/etc/bind/keys";
        allow-transfer {87.236.197.83; 89.187.144.180; 87.236.196.85; };
        also-notify {87.236.197.83; 89.187.144.180; 87.236.196.85; };
};

zone "hrajfrisbee.cz" {
        type master;
        file "/etc/bind/zones/hrajfrisbee.cz.dns";
        allow-transfer {87.236.197.83; 89.187.144.180; 87.236.196.85; };
        also-notify {87.236.197.83; 89.187.144.180; 87.236.196.85; };

        update-policy {
            // Allow ACME challenges only for lab.home subdomain
            grant acme-update-key name _acme-challenge.lab.home.hrajfrisbee.cz. TXT;

            // If you need wildcards under lab.home (e.g. _acme-challenge.foo.lab.home.hrajfrisbee.cz):
            grant acme-update-key subdomain _acme-challenge.lab.home.hrajfrisbee.cz. TXT;
        };        
};

// points at zlutazimnice nameservers @nic.cz - cannot be working
zone "fraktalbar.cz" {
        type master;
        file "/etc/bind/zones/fraktalbar.cz.dns";
        allow-transfer {87.236.197.83; 89.187.144.180; 87.236.196.85; };
        also-notify {87.236.197.83; 89.187.144.180; 87.236.196.85; };
};

// points at zlutazimnice nameservers @nic.cz - cannot be working
zone "vegtral.cz" {
        type master;
        file "/etc/bind/zones/vegtral.cz.dns";
        allow-transfer {87.236.197.83; 89.187.144.180; 87.236.196.85; };
        also-notify {87.236.197.83; 89.187.144.180; 87.236.196.85; };
};