Mercurial > repos > other > Puppet
diff common/named.conf-ibbvps @ 260:5f63afb70415
Fix naming of files for new VPS overrides
$hostname is just the short host name, not the FQDN
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 29 Dec 2019 10:57:18 -0500 |
parents | common/named.conf-ibbvps.vs.mythic-beasts.com@308f69ca988c |
children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/named.conf-ibbvps Sun Dec 29 10:57:18 2019 -0500 @@ -0,0 +1,63 @@ +// +// named.conf +// +// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS +// server as a caching only nameserver (as a localhost DNS resolver only). +// +// See /usr/share/doc/bind*/sample/ for example named configuration files. +// + +options { + listen-on port 53 { 127.0.0.1; }; + listen-on-v6 port 53 { ::1; }; + directory "/var/named"; + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + memstatistics-file "/var/named/data/named_mem_stats.txt"; + allow-query { localhost; }; + + /* + - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. + - If you are building a RECURSIVE (caching) DNS server, you need to enable + recursion. + - If your recursive DNS server has a public IP address, you MUST enable access + control to limit queries to your legitimate users. Failing to do so will + cause your server to become part of large scale DNS amplification + attacks. Implementing BCP38 within your network would greatly + reduce such attack surface + */ + recursion yes; + max-cache-size 10m; + + forwarders { + 2a00:1098:0:80:1000:3b:0:1; + 2a00:1098:0:82:1000:3b:0:1; + }; + + dnssec-enable yes; + dnssec-validation yes; + + /* Path to ISC DLV key */ + bindkeys-file "/etc/named.iscdlv.key"; + + managed-keys-directory "/var/named/dynamic"; + + pid-file "/run/named/named.pid"; + session-keyfile "/run/named/session.key"; +}; + +logging { + channel default_debug { + file "data/named.run"; + severity dynamic; + }; +}; + +zone "." IN { + type hint; + file "named.ca"; +}; + +include "/etc/named.rfc1912.zones"; +include "/etc/named.root.key"; +