bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
561a4bb2358a30735deb94ea3dad9a396a774c19
zira-etc/named.conf

189 lines
4.5 KiB
Plaintext
Raw Blame History

key "rndc-key" {
algorithm hmac-md5;
secret "oQVIkpAszmNM8l9gY9YRw9HqMK10dF5UyTPb8KZU53fjiJtqpPOPe1B30LHk";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
inet 192.168.1.2 port 953 allow { 192.168.1.2; } keys { rndc-key; };
};
acl "xfer" {
// Allow no transfers. If we have other name servers, place them here.
127.0.0.1;
192.168.1.2;
192.168.1.3;
10.208.1.10;
10.208.1.11;
188.215.64.126;
216.218.133.2;
89.121.131.74;
86.104.210.218;
69.65.50.192;
};
acl "trusted" {
127.0.0.1;
192.168.1.0/24;
172.17.0.0/16;
10.208.1.0/24;
89.121.131.74;
86.104.210.218;
};
acl "world" {
any;
!127.0.0.1;
!192.168.1.0/24;
!10.208.1.0/24;
!172.17.0.0/16;
};
options {
listen-on { 127.0.0.1; 192.168.1.2; };
directory "/var/named"; // the default
pid-file "/var/run/named/named.pid";
dump-file "data/cache_dump.db";
statistics-file "/var/named/named.stats";
// dnssec
dnssec-enable yes;
dnssec-validation yes;
//dnssec-lookaside auto;
// hide bind version
//version "0bx0f0";
version "none";
// configure max cache size
max-cache-size 512M;
// configure max clients per query
max-clients-per-query 128;
// Prevent DoS attacks by generating bogus zone transfer requests
notify no;
// Generate more efficient zone transfers. This will place multiple DNS records in a DNS message, instead of one per DNS message
transfer-format many-answers;
// Set the maximum zone transfer time to something more reasonable. In this case, we state that any zone transfer that takes longer
// than 30 minutes is unlikely to ever complete
max-transfer-time-in 30;
// We have no dynamic interfaces, so BIND shouldn't need to poll for interface state {UP|DOWN}.
interface-interval 0;
allow-query { any; };
allow-query-cache { trusted; };
allow-transfer { xfer; };
allow-recursion { trusted; };
auth-nxdomain no;
rate-limit {
slip 2;
window 30;
ipv4-prefix-length 32;
responses-per-second 50;
errors-per-second 10;
nxdomains-per-second 25;
exempt-clients { 127.0.0.1; 192.168.1.0/24; 10.208.1.0/24; 86.104.210.218/32; };
};
};
logging {
channel default_syslog {
// Send most of the named messages to syslog.
syslog local2;
severity error;
};
channel audit_log {
// Send the security related messages to a separate file.
file "data/named.log";
severity notice;
print-time yes;
};
channel query_log {
file "data/queries.log";
print-category yes;
print-severity yes;
print-time yes;
};
channel security_file {
file "/var/named/data/security.log" versions 0 size 1m;
severity info;
print-time yes;
};
category default { default_syslog; };
category general { audit_log; default_syslog; };
category security { security_file; };
category config { audit_log; default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { query_log; };
category lame-servers { audit_log; };
};
view "localhost_resolver" {
match-clients { 127.0.0.0/24; };
match-destinations { localhost; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
include "/var/named/named.rfc1912.zones";
};
view "internal" {
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;
allow-transfer { 192.168.1.2; 192.168.1.3; localhost; 188.215.64.126; };
zone "." IN {
type hint;
file "/var/named/named.ca";
};
zone "acasa" {
type master;
file "/var/named/acasa.zone";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/named/1.168.192.in-addr.arpa";
allow-query { any; };
allow-transfer { xfer; };
};
//zone "govoip.ro" {
// type slave;
// masters { 86.104.210.229; };
// file "/var/named/slaves/govoip.ro.zone";
//};
};
view "external" {
zone "." IN {
type hint;
file "/var/named/named.ca";
};
};
Reference in New Issue View Git Blame Copy Permalink