Skip to content

Instantly share code, notes, and snippets.

@kaiiiz
Last active July 3, 2020 08:23
Show Gist options
  • Save kaiiiz/2ee8d093236db751b47667b6125b36a5 to your computer and use it in GitHub Desktop.
Save kaiiiz/2ee8d093236db751b47667b6125b36a5 to your computer and use it in GitHub Desktop.
2018 NA HW2 - named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.logging";
// prime the server with knowledge of the root servers
view "any" {
match-clients { any; };
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
};
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
acl "linux" {
140.113.235.151;
140.113.235.152;
140.113.235.153;
140.113.235.154;
};
acl "bsd" {
140.113.235.131;
140.113.235.132;
140.113.235.133;
140.113.235.134;
};
view "internal-linux" {
match-clients { "linux"; };
zone "kaiiiz.nctucs.net" IN {
type master;
file "zone/db.kaiiiz.nctucs.net";
};
zone "184.229.35.in-addr.arpa" {
type master;
file "zone/db.35.229.184";
};
zone "sub.muller.nctucs.net" IN {
type master;
file "zone/db.sub.muller.nctucs.net.internal-linux.dnssec.signed";
allow-transfer { 35.229.252.239; 140.113.235.151; 140.113.235.131; };
notify yes;
};
zone "sub.kaiiiz.nctucs.net" IN {
type slave;
file "slaves/db.sub.kaiiiz.nctucs.net.linux";
masters { 35.229.252.239; };
};
};
view "internal-bsd" {
match-clients { "bsd"; };
zone "kaiiiz.nctucs.net" IN {
type master;
file "zone/db.kaiiiz.nctucs.net";
};
zone "184.229.35.in-addr.arpa" {
type master;
file "zone/db.35.229.184";
};
zone "sub.muller.nctucs.net" IN {
type master;
file "zone/db.sub.muller.nctucs.net.internal-bsd.dnssec.signed";
allow-transfer { 35.229.252.239; 140.113.235.151; 140.113.235.131; };
notify yes;
};
zone "sub.kaiiiz.nctucs.net" IN {
type slave;
file "slaves/db.sub.kaiiiz.nctucs.net.bsd";
masters { 35.229.252.239; };
};
};
view "otherwise" {
match-clients { any; };
zone "kaiiiz.nctucs.net" IN {
type master;
file "zone/db.kaiiiz.nctucs.net";
};
zone "184.229.35.in-addr.arpa" {
type master;
file "zone/db.35.229.184";
};
zone "sub.kaiiiz.nctucs.net" IN {
type slave;
file "slaves/db.sub.kaiiiz.nctucs.net";
masters { 35.229.252.239; };
};
zone "sub.muller.nctucs.net" IN {
type master;
file "zone/db.sub.muller.nctucs.net.dnssec.signed";
allow-transfer { 35.229.252.239; 140.113.235.151; 140.113.235.131;};
notify yes;
};
};
logging
{
channel default-log {
file "/var/log/named/named.log" versions unlimited size 1m;
severity info;
print-time yes;
};
channel lamer-log {
file"/var/log/named/named.log" versions unlimited size 1m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
channel query-log {
file "/var/log/named/named.log" versions unlimited size 1m;
severity info;
print-time yes;
};
channel security-log {
file"/var/log/named/named.log" versions unlimited size 1m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category lame-servers { lamer-log; };
category security{ security-log;}; category queries { query-log;};
category default { default-log;};
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
/*
forwarders {
8.8.8.8;
8.8.4.4;
};
*/
recursion no;
allow-recursion { 127.0.0.1; };
auth-nxdomain no; # conform to RFC1035
allow-transfer { none; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment