Mercurial > repos > other > Puppet
comparison common/named.conf-ibbvps @ 260:5f63afb70415
Fix naming of files for new VPS overrides
$hostname is just the short host name, not the FQDN
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 29 Dec 2019 10:57:18 -0500 |
| parents | common/named.conf-ibbvps.vs.mythic-beasts.com@308f69ca988c |
| children |
comparison
equal
deleted
inserted
replaced
| 259:0810ee3c7014 | 260:5f63afb70415 |
|---|---|
| 1 // | |
| 2 // named.conf | |
| 3 // | |
| 4 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS | |
| 5 // server as a caching only nameserver (as a localhost DNS resolver only). | |
| 6 // | |
| 7 // See /usr/share/doc/bind*/sample/ for example named configuration files. | |
| 8 // | |
| 9 | |
| 10 options { | |
| 11 listen-on port 53 { 127.0.0.1; }; | |
| 12 listen-on-v6 port 53 { ::1; }; | |
| 13 directory "/var/named"; | |
| 14 dump-file "/var/named/data/cache_dump.db"; | |
| 15 statistics-file "/var/named/data/named_stats.txt"; | |
| 16 memstatistics-file "/var/named/data/named_mem_stats.txt"; | |
| 17 allow-query { localhost; }; | |
| 18 | |
| 19 /* | |
| 20 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. | |
| 21 - If you are building a RECURSIVE (caching) DNS server, you need to enable | |
| 22 recursion. | |
| 23 - If your recursive DNS server has a public IP address, you MUST enable access | |
| 24 control to limit queries to your legitimate users. Failing to do so will | |
| 25 cause your server to become part of large scale DNS amplification | |
| 26 attacks. Implementing BCP38 within your network would greatly | |
| 27 reduce such attack surface | |
| 28 */ | |
| 29 recursion yes; | |
| 30 max-cache-size 10m; | |
| 31 | |
| 32 forwarders { | |
| 33 2a00:1098:0:80:1000:3b:0:1; | |
| 34 2a00:1098:0:82:1000:3b:0:1; | |
| 35 }; | |
| 36 | |
| 37 dnssec-enable yes; | |
| 38 dnssec-validation yes; | |
| 39 | |
| 40 /* Path to ISC DLV key */ | |
| 41 bindkeys-file "/etc/named.iscdlv.key"; | |
| 42 | |
| 43 managed-keys-directory "/var/named/dynamic"; | |
| 44 | |
| 45 pid-file "/run/named/named.pid"; | |
| 46 session-keyfile "/run/named/session.key"; | |
| 47 }; | |
| 48 | |
| 49 logging { | |
| 50 channel default_debug { | |
| 51 file "data/named.run"; | |
| 52 severity dynamic; | |
| 53 }; | |
| 54 }; | |
| 55 | |
| 56 zone "." IN { | |
| 57 type hint; | |
| 58 file "named.ca"; | |
| 59 }; | |
| 60 | |
| 61 include "/etc/named.rfc1912.zones"; | |
| 62 include "/etc/named.root.key"; | |
| 63 |