diff options
author | Michael Scherer <misc@mageia.org> | 2010-10-26 23:54:17 +0000 |
---|---|---|
committer | Michael Scherer <misc@mageia.org> | 2010-10-26 23:54:17 +0000 |
commit | 534bd4a17766186f23f577668da7639f3dad4ffd (patch) | |
tree | 4a6220f044d01e6145bfef19e3cc61b6bac3a2cf /modules/bind/templates/named_base.conf | |
parent | 7c39256faf11eb5a8a57915a0409b0c759ca70d2 (diff) | |
download | puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar.gz puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar.bz2 puppet-534bd4a17766186f23f577668da7639f3dad4ffd.tar.xz puppet-534bd4a17766186f23f577668da7639f3dad4ffd.zip |
- add bind module
Diffstat (limited to 'modules/bind/templates/named_base.conf')
-rw-r--r-- | modules/bind/templates/named_base.conf | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/modules/bind/templates/named_base.conf b/modules/bind/templates/named_base.conf new file mode 100644 index 00000000..b14a9bc9 --- /dev/null +++ b/modules/bind/templates/named_base.conf @@ -0,0 +1,134 @@ +include "/etc/rndc.key"; + +controls { + inet 127.0.0.1 port 953 + allow { 127.0.0.1; } keys { key; }; +}; + + + +logging { + channel "default" { + syslog local1; + severity info; + }; + category "default" { "default"; }; +}; + +acl "trusted_networks" { + 127.0.0.1; + 212.85.158.144/28; +}; +// Enable statistics at http://127.0.0.1:5380/ +statistics-channels { + inet 127.0.0.1 port 5380 allow { 127.0.0.1; }; +}; + +options { + version ""; + directory "/var/named"; + dump-file "/var/tmp/named_dump.db"; + pid-file "/var/run/named.pid"; + statistics-file "/var/tmp/named.stats"; + zone-statistics yes; +// datasize 256M; + coresize 100M; +// fetch-glue no; +// recursion no; +// recursive-clients 10000; + auth-nxdomain yes; + query-source address * port *; + listen-on port 53 { any; }; + cleaning-interval 120; + transfers-in 20; + transfers-per-ns 2; + lame-ttl 0; + max-ncache-ttl 10800; + +// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; }; + +// allow-update { none; }; +// allow-transfer { any; }; + +// Prevent DoS attacks by generating bogus zone transfer +// requests. This will result in slower updates to the +// slave servers (e.g. they will await the poll interval +// before checking for updates). + notify no; +// notify explicit; +// also-notify { secondary_name_server }; + +// Generate more efficient zone transfers. This will place +// multiple DNS records in a DNS message, instead of one per +// DNS message. + transfer-format many-answers; + +// Set the maximum zone transfer time to something more +// reasonable. In this case, we state that any zone transfer +// that takes longer than 60 minutes is unlikely to ever +// complete. WARNING: If you have very large zone files, +// adjust this to fit your requirements. + max-transfer-time-in 60; + +// We have no dynamic interfaces, so BIND shouldn't need to +// poll for interface state {UP|DOWN}. + interface-interval 0; + +// Uncoment these to enable IPv6 connections support +// IPv4 will still work +// listen-on { none; }; +// listen-on-v6 { any; }; + + auth-nxdomain yes; +// allow-query { trusted_networks; }; + + allow-transfer {"none";}; + + allow-recursion { trusted_networks; }; + +// Deny anything from the bogon networks as +// detailed in the "bogon" ACL. +// blackhole { bogon; }; +}; + +zone "." IN { + type hint; + file "named.ca"; +}; + +zone "localdomain" IN { + type master; + file "master/localdomain.zone"; + allow-update { none; }; +}; + +zone "localhost" IN { + type master; + file "master/localhost.zone"; + allow-update { none; }; +}; + +zone "0.0.127.in-addr.arpa" IN { + type master; + file "reverse/named.local"; + allow-update { none; }; +}; + +zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { + type master; + file "reverse/named.ip6.local"; + allow-update { none; }; +}; + +zone "255.in-addr.arpa" IN { + type master; + file "reverse/named.broadcast"; + allow-update { none; }; +}; + +zone "0.in-addr.arpa" IN { + type master; + file "reverse/named.zero"; + allow-update { none; }; +}; + |