# ExternalDNS BIND slave server class
class externaldns::slave inherits externaldns {

  include bind

  # Query PuppetDB for master server IP address
  $query = "inventory[facts.networking.ip] { certname = '${externaldns::bind_master_hostname}' }"
  $master_ip = puppetdb_query($query)[0]['facts.networking.ip']

  # Create TSIG key for zone transfers (same as master)
  bind::key { 'externaldns-key':
    algorithm => $externaldns::externaldns_key_algorithm,
    secret    => $externaldns::externaldns_key_secret,
  }

  # Create ACL for master server
  bind::acl { 'dns-master':
    addresses => [$master_ip],
  }

  # Create slave zones for each Kubernetes domain
  $externaldns::k8s_zones.each |$zone| {
    bind::zone { $zone:
      zone_type    => 'slave',
      masters      => [$master_ip],
      allow_notify => ['dns-master'],
      ns_notify    => false,
    }
  }

  # Create default view to include the zones
  bind::view { 'externaldns':
    recursion => false,
    zones     => $externaldns::k8s_zones,
  }
}