From badd25b0e6197c0ac3aff03fb8febe8f046a37b8 Mon Sep 17 00:00:00 2001
From: Jean-Francois Roche <jfroche@affinitic.be>
Date: Wed, 20 Jan 2016 23:33:08 +0100
Subject: [PATCH] Add option to filter ipv6 address on ipv4

refs https://kb.isc.org/article/AA-00576/0/Filter-AAAA-option-in-BIND-9-.html
---
 manifests/init.pp        | 1 +
 templates/named.conf.erb | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/manifests/init.pp b/manifests/init.pp
index d38b3d7..334ec14 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,6 +3,7 @@
 class bind (
     $forwarders            = '',
     $dnssec                = true,
+    $filter_ipv6           = false,
     $version               = '',
     $rndc                  = undef,
     $statistics_port       = undef,
diff --git a/templates/named.conf.erb b/templates/named.conf.erb
index 4a20816..dfa595b 100644
--- a/templates/named.conf.erb
+++ b/templates/named.conf.erb
@@ -24,6 +24,9 @@ options {
 	auth-nxdomain <%= @auth_nxdomain ? 'yes' : 'no' %>;
 	listen-on-v6 { any; };
 	dnssec-enable <%= @dnssec ? 'yes' : 'no' %>;
+<%- if @filter_ipv6 -%>
+	filter-aaaa-on-v4 yes;
+<%- end -%>
 <%- if @dnssec -%>
 	dnssec-validation yes;
 	dnssec-lookaside auto;