Mercurial > repos > other > Puppet

annotate common/named.conf @ 266:298211899626

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Remove some version specific code that can use virtual packages
author IBBoard <dev@ibboard.co.uk>
date Sun, 29 Dec 2019 16:58:25 +0000
parents 353652f49cd2
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
194
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
1 //
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
2 // named.conf
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
3 //
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
4 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
5 // server as a caching only nameserver (as a localhost DNS resolver only).
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
6 //
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
7 // See /usr/share/doc/bind*/sample/ for example named configuration files.
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
8 //
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
9
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
10 options {
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
11 listen-on port 53 { 127.0.0.1; };
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
12 // Disable IPv6 because we don't have a routable address
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
13 // listen-on-v6 port 53 { ::1; };
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
14 directory "/var/named";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
15 dump-file "/var/named/data/cache_dump.db";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
16 statistics-file "/var/named/data/named_stats.txt";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
17 memstatistics-file "/var/named/data/named_mem_stats.txt";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
18 allow-query { localhost; };
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
19
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
20 /*
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
21 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
22 - If you are building a RECURSIVE (caching) DNS server, you need to enable
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
23 recursion.
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
24 - If your recursive DNS server has a public IP address, you MUST enable access
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
25 control to limit queries to your legitimate users. Failing to do so will
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
26 cause your server to become part of large scale DNS amplification
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
27 attacks. Implementing BCP38 within your network would greatly
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
28 reduce such attack surface
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
29 */
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
30 recursion yes;
198
353652f49cd2 Reduce memory footprint of named even more
IBBoard <dev@ibboard.co.uk>
parents: 194
diff changeset
31 max-cache-size 10m;
194
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
32
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
33 dnssec-enable yes;
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
34 dnssec-validation yes;
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
35
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
36 /* Path to ISC DLV key */
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
37 bindkeys-file "/etc/named.iscdlv.key";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
38
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
39 managed-keys-directory "/var/named/dynamic";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
40
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
41 pid-file "/run/named/named.pid";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
42 session-keyfile "/run/named/session.key";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
43 };
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
44
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
45 logging {
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
46 channel default_debug {
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
47 file "data/named.run";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
48 severity dynamic;
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
49 };
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
50 };
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
51
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
52 zone "." IN {
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
53 type hint;
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
54 file "named.ca";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
55 };
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
56
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
57 include "/etc/named.rfc1912.zones";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
58 include "/etc/named.root.key";
a08de3153548 Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
59