other/Puppet: common/named.conf-ibbvps annotate

annotate common/named.conf-ibbvps @ 276:165ad12ea8ca

Remove Perl LZMA module because it's in beta We don't get LZMA files by email anyway, so not scanning them shouldn't be a problem

author	IBBoard <dev@ibboard.co.uk>
date	Sun, 26 Jan 2020 12:06:43 +0000
parents	5f63afb70415
children

rev	line source
247 308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 //
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	2 // named.conf
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	3 //
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	4 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	5 // server as a caching only nameserver (as a localhost DNS resolver only).
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	6 //
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	7 // See /usr/share/doc/bind*/sample/ for example named configuration files.
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	8 //
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	9
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	10 options {
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	11 listen-on port 53 { 127.0.0.1; };
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	12 listen-on-v6 port 53 { ::1; };
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	13 directory "/var/named";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	14 dump-file "/var/named/data/cache_dump.db";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	15 statistics-file "/var/named/data/named_stats.txt";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	16 memstatistics-file "/var/named/data/named_mem_stats.txt";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	17 allow-query { localhost; };
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	18
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	19 /*
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	20 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	21 - If you are building a RECURSIVE (caching) DNS server, you need to enable
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	22 recursion.
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 - If your recursive DNS server has a public IP address, you MUST enable access
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	24 control to limit queries to your legitimate users. Failing to do so will
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	25 cause your server to become part of large scale DNS amplification
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	26 attacks. Implementing BCP38 within your network would greatly
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	27 reduce such attack surface
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	28 */
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	29 recursion yes;
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	30 max-cache-size 10m;
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	31
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	32 forwarders {
260 5f63afb70415 Fix naming of files for new VPS overrides IBBoard <dev@ibboard.co.uk> parents: 247 diff changeset	33 2a00:1098:0:80:1000:3b:0:1;
5f63afb70415 Fix naming of files for new VPS overrides IBBoard <dev@ibboard.co.uk> parents: 247 diff changeset	34 2a00:1098:0:82:1000:3b:0:1;
247 308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	35 };
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	36
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	37 dnssec-enable yes;
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	38 dnssec-validation yes;
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	39
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	40 /* Path to ISC DLV key */
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	41 bindkeys-file "/etc/named.iscdlv.key";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	42
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	43 managed-keys-directory "/var/named/dynamic";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	44
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	45 pid-file "/run/named/named.pid";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	46 session-keyfile "/run/named/session.key";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	47 };
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	48
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	49 logging {
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	50 channel default_debug {
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	51 file "data/named.run";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	52 severity dynamic;
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	53 };
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	54 };
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	55
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	56 zone "." IN {
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	57 type hint;
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	58 file "named.ca";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	59 };
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	60
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	61 include "/etc/named.rfc1912.zones";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	62 include "/etc/named.root.key";
308f69ca988c Add config for new server IBBoard <dev@ibboard.co.uk> parents: diff changeset	63

Mercurial > repos > other > Puppet

annotate common/named.conf-ibbvps @ 276:165ad12ea8ca