/[adm]/puppet/modules/bind/templates/named_base.conf
ViewVC logotype

Contents of /puppet/modules/bind/templates/named_base.conf

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1064 - (show annotations) (download)
Sun Feb 13 23:33:35 2011 UTC (13 years, 2 months ago) by misc
File size: 3180 byte(s) 
- fix dns problem on friteuse ( as bind compete with dnsmasq for port 53 )
1 include "/etc/rndc.key";
2
3 controls {
4 inet 127.0.0.1 port 953
5 allow { 127.0.0.1; } keys { mykey; };
6 };
7
8
9
10 logging {
11 channel "default" {
12 syslog local1;
13 severity info;
14 };
15 category "default" { "default"; };
16 };
17
18 acl "trusted_networks" {
19 127.0.0.1;
20 212.85.158.144/28;
21 # used for various virtual machines
22 192.168.0.0/16;
23 10.0.0.0/8;
24 172.16.0.0/12;
25 };
26 // Enable statistics at http://127.0.0.1:5380/
27 statistics-channels {
28 inet 127.0.0.1 port 5380 allow { 127.0.0.1; };
29 };
30
31 options {
32 version "";
33 directory "/var/named";
34 dump-file "/var/tmp/named_dump.db";
35 pid-file "/var/run/named.pid";
36 statistics-file "/var/tmp/named.stats";
37 zone-statistics yes;
38 // datasize 256M;
39 coresize 100M;
40 // fetch-glue no;
41 // recursion no;
42 // recursive-clients 10000;
43 auth-nxdomain yes;
44 query-source address * port *;
45 listen-on port 53 { any; };
46 cleaning-interval 120;
47 transfers-in 20;
48 transfers-per-ns 2;
49 lame-ttl 0;
50 max-ncache-ttl 10800;
51
52 // forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };
53
54 // allow-update { none; };
55 // allow-transfer { any; };
56
57 // Prevent DoS attacks by generating bogus zone transfer
58 // requests. This will result in slower updates to the
59 // slave servers (e.g. they will await the poll interval
60 // before checking for updates).
61 notify no;
62 // notify explicit;
63 // also-notify { secondary_name_server };
64
65 // Generate more efficient zone transfers. This will place
66 // multiple DNS records in a DNS message, instead of one per
67 // DNS message.
68 transfer-format many-answers;
69
70 // Set the maximum zone transfer time to something more
71 // reasonable. In this case, we state that any zone transfer
72 // that takes longer than 60 minutes is unlikely to ever
73 // complete. WARNING: If you have very large zone files,
74 // adjust this to fit your requirements.
75 max-transfer-time-in 60;
76
77 // We have no dynamic interfaces, so BIND shouldn't need to
78 // poll for interface state {UP|DOWN}.
79 interface-interval 0;
80
81 // Uncoment these to enable IPv6 connections support
82 // IPv4 will still work
83 // listen-on { none; };
84 // listen-on-v6 { any; };
85
86 // allow-query { trusted_networks; };
87
88 allow-transfer {"none";};
89
90 allow-recursion { trusted_networks; };
91
92 // Deny anything from the bogon networks as
93 // detailed in the "bogon" ACL.
94 // blackhole { bogon; };
95 };
96
97 zone "." IN {
98 type hint;
99 file "named.ca";
100 };
101
102 zone "localdomain" IN {
103 type master;
104 file "master/localdomain.zone";
105 allow-update { none; };
106 };
107
108 zone "localhost" IN {
109 type master;
110 file "master/localhost.zone";
111 allow-update { none; };
112 };
113
114 zone "0.0.127.in-addr.arpa" IN {
115 type master;
116 file "reverse/named.local";
117 allow-update { none; };
118 };
119
120 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
121 type master;
122 file "reverse/named.ip6.local";
123 allow-update { none; };
124 };
125
126 zone "255.in-addr.arpa" IN {
127 type master;
128 file "reverse/named.broadcast";
129 allow-update { none; };
130 };
131
132 zone "0.in-addr.arpa" IN {
133 type master;
134 file "reverse/named.zero";
135 allow-update { none; };
136 };
137
  ViewVC Help
Powered by ViewVC 1.1.30