- add bind module

1 files changed, 134 insertions, 0 deletions

diff --git a/modules/bind/templates/named_base.conf b/modules/bind/templates/named_base.conf
new file mode 100644
index 00000000..b14a9bc9
--- /dev/null
+++ b/modules/bind/templates/named_base.conf
@@ -0,0 +1,134 @@
+include "/etc/rndc.key";
+
+controls {
+    inet 127.0.0.1 port 953
+    allow { 127.0.0.1; } keys { key; };
+};
+
+
+
+logging {
+    channel "default" {
+        syslog local1;
+        severity info;
+    };
+    category "default" { "default"; };
+};
+
+acl "trusted_networks" {
+    127.0.0.1;
+    212.85.158.144/28;
+};
+// Enable statistics at http://127.0.0.1:5380/
+statistics-channels {
+    inet 127.0.0.1 port 5380 allow { 127.0.0.1; };
+};
+
+options {
+    version "";
+    directory "/var/named";
+    dump-file "/var/tmp/named_dump.db";
+    pid-file "/var/run/named.pid";
+    statistics-file "/var/tmp/named.stats";
+    zone-statistics yes;
+//    datasize 256M;
+    coresize 100M; 
+//    fetch-glue no;
+//    recursion no;
+//    recursive-clients 10000;
+    auth-nxdomain yes;
+    query-source address * port *;
+    listen-on port 53 { any; };
+    cleaning-interval 120;
+    transfers-in 20;
+    transfers-per-ns 2;
+    lame-ttl 0;
+    max-ncache-ttl 10800;
+
+//    forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };
+    
+//    allow-update { none; };
+//    allow-transfer { any; };
+
+// Prevent DoS attacks by generating bogus zone transfer 
+// requests.  This will result in slower updates to the 
+// slave servers (e.g. they will await the poll interval 
+// before checking for updates). 
+    notify no; 
+//    notify explicit; 
+//    also-notify { secondary_name_server };
+
+// Generate more efficient zone transfers.  This will place 
+// multiple DNS records in a DNS message, instead of one per 
+// DNS message. 
+    transfer-format many-answers; 
+
+// Set the maximum zone transfer time to something more 
+// reasonable.  In this case, we state that any zone transfer 
+// that takes longer than 60 minutes is unlikely to ever 
+// complete.  WARNING:  If you have very large zone files, 
+// adjust this to fit your requirements. 
+    max-transfer-time-in 60; 
+
+// We have no dynamic interfaces, so BIND shouldn't need to 
+// poll for interface state {UP|DOWN}. 
+    interface-interval 0; 
+
+// Uncoment these to enable IPv6 connections support
+// IPv4 will still work
+//      listen-on { none; };
+//      listen-on-v6 { any; };
+
+    auth-nxdomain yes;
+//    allow-query { trusted_networks; };
+
+    allow-transfer {"none";};
+
+    allow-recursion { trusted_networks; };
+
+// Deny anything from the bogon networks as
+// detailed in the "bogon" ACL.
+//    blackhole { bogon; };
+};
+
+zone "." IN {
+	type hint;
+	file "named.ca";
+};
+
+zone "localdomain" IN {
+	type master;
+	file "master/localdomain.zone";
+	allow-update { none; };
+};
+
+zone "localhost" IN {
+	type master;
+	file "master/localhost.zone";
+	allow-update { none; };
+};
+
+zone "0.0.127.in-addr.arpa" IN {
+	type master;
+	file "reverse/named.local";
+	allow-update { none; };
+};
+
+zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
+        type master;
+	file "reverse/named.ip6.local";
+	allow-update { none; };
+};
+
+zone "255.in-addr.arpa" IN {
+	type master;
+	file "reverse/named.broadcast";
+	allow-update { none; };
+};
+
+zone "0.in-addr.arpa" IN {
+	type master;
+	file "reverse/named.zero";
+	allow-update { none; };
+};
+