[gentoo-commits] gentoo-x86 commit in net-dns/bind/files: named.conf-r8 named.conf named.init-r12 named.confd-r6 named.service named.conf-r6

Fri, 15 Aug 2014 05:05:23 -0700 

idl0r       14/08/15 12:05:03

  Added:                named.conf-r8
  Removed:              named.conf named.init-r12 named.confd-r6
                        named.service named.conf-r6
  Log:
  Version bumps. Cleanup. Migrate to python-r1. Fixes #516472, #501290, #499892 
and #506346.
  
  (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 
B427ABC8)

Revision  Changes    Path
1.1                  net-dns/bind/files/named.conf-r8

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/files/named.conf-r8?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/files/named.conf-r8?rev=1.1&content-type=text/plain

Index: named.conf-r8
===================================================================
/*
 * Refer to the named.conf(5) and named(8) man pages, and the documentation
 * in /usr/share/doc/bind-*/ for more details.
 * Online versions of the documentation can be found here:
 * https://kb.isc.org/article/AA-01031
 *
 * If you are going to set up an authoritative server, make sure you
 * understand the hairy details of how DNS works. Even with simple mistakes,
 * you can break connectivity for affected parties, or cause huge amounts of
 * useless Internet traffic.
 */

acl "xfer" {
        /* Deny transfers by default except for the listed hosts.
         * If we have other name servers, place them here.
         */
        none;
};

/*
 * You might put in here some ips which are allowed to use the cache or
 * recursive queries
 */
acl "trusted" {
        127.0.0.0/8;
        ::1/128;
};

options {
        directory "/var/bind";
        pid-file "/run/named/named.pid";

        /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
        //bindkeys-file "/etc/bind/bind.keys";

        listen-on-v6 { ::1; };
        listen-on { 127.0.0.1; };

        allow-query {
                /*
                 * Accept queries from our "trusted" ACL.  We will
                 * allow anyone to query our master zones below.
                 * This prevents us from becoming a free DNS server
                 * to the masses.
                 */
                trusted;
        };

        allow-query-cache {
                /* Use the cache for the "trusted" ACL. */
                trusted;
        };

        allow-recursion {
                /* Only trusted addresses are allowed to use recursion. */
                trusted;
        };

        allow-transfer {
                /* Zone tranfers are denied by default. */
                none;
        };

        allow-update {
                /* Don't allow updates, e.g. via nsupdate. */
                none;
        };

        /*
        * If you've got a DNS server around at your upstream provider, enter its
        * IP address here, and enable the line below. This will make you benefit
        * from its cache, thus reduce overall DNS traffic in the Internet.
        *
        * Uncomment the following lines to turn on DNS forwarding, and change
        *  and/or update the forwarding ip address(es):
        */
/*
        forward first;
        forwarders {
        //      123.123.123.123;        // Your ISP NS
        //      124.124.124.124;        // Your ISP NS
        //      4.2.2.1;                // Level3 Public DNS
        //      4.2.2.2;                // Level3 Public DNS
                8.8.8.8;                // Google Open DNS
                8.8.4.4;                // Google Open DNS
        };

*/

        dnssec-enable yes;
        //dnssec-validation yes;

        /*
         * As of bind 9.8.0:
         * "If the root key provided has expired,
         * named will log the expiration and validation will not work."
         */
        dnssec-validation auto;

        /* if you have problems and are behind a firewall: */
        //query-source address * port 53;
};

/*
logging {
        channel default_log {
                file "/var/log/named/named.log" versions 5 size 50M;
                print-time yes;
                print-severity yes;
                print-category yes;
        };

        category default { default_log; };
        category general { default_log; };
};
*/

include "/etc/bind/rndc.key";
controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { 
"rndc-key"; };
};

zone "." in {
        type hint;
        file "/var/bind/named.cache";
};

zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        notify no;
};

/*
 * Briefly, a zone which has been declared delegation-only will be effectively
 * limited to containing NS RRs for subdomains, but no actual data beyond its
 * own apex (for example, its SOA RR and apex NS RRset). This can be used to
 * filter out "wildcard" or "synthesized" data from NAT boxes or from
 * authoritative name servers whose undelegated (in-zone) data is of no
 * interest.
 * See http://www.isc.org/software/bind/delegation-only for more info
 */

//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };

//zone "YOUR-DOMAIN.TLD" {
//      type master;
//      file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
//      allow-query { any; };
//      allow-transfer { xfer; };
//};

//zone "YOUR-SLAVE.TLD" {
//      type slave;
//      file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
//      masters { <MASTER>; };

        /* Anybody is allowed to query but transfer should be controlled by the 
master. */
//      allow-query { any; };
//      allow-transfer { none; };

        /* The master should be the only one who notifies the slaves, shouldn't 
it? */
//      allow-notify { <MASTER>; };
//      notify no;
//};

Reply via email to