Mercurial > repos > other > Puppet
annotate common/named.conf @ 246:c3fa3d65aa83
Update configs for Puppet 6
This *should* all be backward compatible
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sat, 21 Dec 2019 14:19:47 -0500 |
parents | 353652f49cd2 |
children |
rev | line source |
---|---|
194
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 // |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 // named.conf |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 // |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
4 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 // server as a caching only nameserver (as a localhost DNS resolver only). |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
6 // |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
7 // See /usr/share/doc/bind*/sample/ for example named configuration files. |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
8 // |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
9 |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 options { |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
11 listen-on port 53 { 127.0.0.1; }; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 // Disable IPv6 because we don't have a routable address |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 // listen-on-v6 port 53 { ::1; }; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 directory "/var/named"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
15 dump-file "/var/named/data/cache_dump.db"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
16 statistics-file "/var/named/data/named_stats.txt"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
17 memstatistics-file "/var/named/data/named_mem_stats.txt"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
18 allow-query { localhost; }; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
19 |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
20 /* |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 - If you are building a RECURSIVE (caching) DNS server, you need to enable |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 recursion. |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 - If your recursive DNS server has a public IP address, you MUST enable access |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 control to limit queries to your legitimate users. Failing to do so will |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 cause your server to become part of large scale DNS amplification |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 attacks. Implementing BCP38 within your network would greatly |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 reduce such attack surface |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
29 */ |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 recursion yes; |
198
353652f49cd2
Reduce memory footprint of named even more
IBBoard <dev@ibboard.co.uk>
parents:
194
diff
changeset
|
31 max-cache-size 10m; |
194
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
32 |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 dnssec-enable yes; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
34 dnssec-validation yes; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
35 |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
36 /* Path to ISC DLV key */ |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 bindkeys-file "/etc/named.iscdlv.key"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 managed-keys-directory "/var/named/dynamic"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
41 pid-file "/run/named/named.pid"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
42 session-keyfile "/run/named/session.key"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 }; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 logging { |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 channel default_debug { |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
47 file "data/named.run"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 severity dynamic; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
49 }; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 }; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 zone "." IN { |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
53 type hint; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 file "named.ca"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 }; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 include "/etc/named.rfc1912.zones"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
58 include "/etc/named.root.key"; |
a08de3153548
Add a named.conf file to control cache/memory size
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
59 |