From cef4dce2e912fe55a93f91c69de4749a1ea80d1e Mon Sep 17 00:00:00 2001
From: ace <ace@0xace.cc>
Date: Fri, 22 Oct 2021 01:28:38 +0300
Subject: [PATCH] fix knot dns acl

---
 inventory/ghp/sample/group_vars/knot_dns.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/inventory/ghp/sample/group_vars/knot_dns.yaml b/inventory/ghp/sample/group_vars/knot_dns.yaml
index 426a0c5..9182231 100644
--- a/inventory/ghp/sample/group_vars/knot_dns.yaml
+++ b/inventory/ghp/sample/group_vars/knot_dns.yaml
@@ -6,7 +6,6 @@ knot_conf: |
       rundir: "/run/knot"
       user: knot:knot
       listen: [ 0.0.0.0@53, ::@53 ]
-      udp-max-payload: 1232
   
   log:
     - target: syslog
@@ -70,7 +69,7 @@ knot_conf: |
     - domain: "{{ domain }}"
       storage: "/var/lib/knot/zones/"
       file: "{{ domain }}.zone"
-      acl: [deny_all, key_rule]
+      acl: [key_rule]
       dnssec-signing: on
       dnssec-policy: rsa
       zonefile-load: difference