pdns-auth-proxy/pdns-proxy.conf.example

config
{
    profiles:
    {
        infra:
        {
            subjectRegexp:      ".*@example.org"
            type:               ldap
            servers:            [ "ldap.example.org" ]
            bindCn:             "cn=readonly,dc=example,dc=org"
            bindPw:             "**********"
            baseDN:             "ou=users,dc=example,dc=org"
            searchFilter:       "(&(mail=%s))"
            attribute:          "description"
            pgpAttribute:       "pgpKey"
            validValues:        [ "infra", "vwf" ]
        }
        devServer:
        {
            subjectRegexp:      "[a-z0-9-]*\\.dev\\.[a-z0-9]*\\.example.org"
            type:               regexp
        }
        letsencrypt:
        {
            subjectRegexp:      "probe-[0-9]*\\.adm\\.dc3\\.example.org"
            type:               regexp
        }
        icscale:
        {
            subjectRegexp:      "icscale-[0-9]*\\.adm\\.[a-z0-9]*\\.example.org"
            type:               regexp
        }
    }
    pdnsAcls:
    {
        "dev":
        {
            regexp:            "zones/dev\\.[a-z0-9]*\\.example.org"
            perms:             ["r"]
            profiles:          [ "devServer", "devUsers" ]
        },
        "letsencrypt":
        {
            regexp:            "zones/.*"
            perms:             ["r", "w"]
            profiles:          [ "letsencrypt" ]
        },
        "infra":
        {
            regexp:            ".*"
            perms:             ["r", "w"]
            profiles:          [ "infra" ]
        },
        "scale":
        {
            regexp:            "zones/kube.dm.gg"
            perms:             ["r", "w"]
            profiles:          [ "icscale" ]
        },
    }
    jrpcAcls:
    {
    }
    http:
    {
        port:       ":443"
        ca:         "/usr/local/share/ca-certificates/ca.crt"
        key:        "/etc/ssl/private/server-key.pem"
        cert:       "/etc/ssl/certs/server-bundle.pem"
    }
    pdns:
    {
        api-key:    "<pdns_api_key>"
        api-url:    "http://127.0.0.1:8081/api/v1/servers/localhost"
    }
    zoneProfile:
    {
        private:
        {
            nameservers: [ "a.example.org", "b.example.org" ]
            zoneType:    "MASTER"
        }
        public:
        {
            nameservers: [ "a.iana-servers.net", "b.iana-servers.net" ]
            zoneType:    "NATIVE"
        }
    }
}