network/nix/pkgs/dns-slaves.nix

{ self, nixpkgs, system }:

with nixpkgs.legacyPackages.${system};

writeText "named.slave.conf" (
  lib.concatMapStringsSep "\n" ({ name, ns, ... }: ''
    zone "${name}" IN {
      type slave;
      masters {
        2a02:8106:208:5282:2::2;
        fd23:42:c3d2:582:2::2;
        172.20.73.2;
      };
      file "/var/lib/bind/slave/${name}.zone";
      allow-notify {
        2a02:8106:208:5282:2::2;
        fd23:42:c3d2:582:2::2;
        172.20.73.2;
      };
    };
  '') (
    # public zones only
    builtins.filter ({ ns, ... }:
      ns == self.lib.dns.publicNS
    ) self.lib.dns.localZones
  )
)