Last active
July 3, 2020 08:23
-
-
Save kaiiiz/2ee8d093236db751b47667b6125b36a5 to your computer and use it in GitHub Desktop.
2018 NA HW2 - named.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// This is the primary configuration file for the BIND DNS server named. | |
// | |
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the | |
// structure of BIND configuration files in Debian, *BEFORE* you customize | |
// this configuration file. | |
// | |
// If you are just adding zones, please do that in /etc/bind/named.conf.local | |
include "/etc/bind/named.conf.options"; | |
include "/etc/bind/named.conf.local"; | |
include "/etc/bind/named.conf.default-zones"; | |
include "/etc/bind/named.conf.logging"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// prime the server with knowledge of the root servers | |
view "any" { | |
match-clients { any; }; | |
zone "." { | |
type hint; | |
file "/etc/bind/db.root"; | |
}; | |
// be authoritative for the localhost forward and reverse zones, and for | |
// broadcast zones as per RFC 1912 | |
zone "localhost" { | |
type master; | |
file "/etc/bind/db.local"; | |
}; | |
zone "127.in-addr.arpa" { | |
type master; | |
file "/etc/bind/db.127"; | |
}; | |
zone "0.in-addr.arpa" { | |
type master; | |
file "/etc/bind/db.0"; | |
}; | |
zone "255.in-addr.arpa" { | |
type master; | |
file "/etc/bind/db.255"; | |
}; | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// Do any local configuration here | |
// | |
// Consider adding the 1918 zones here, if they are not used in your | |
// organization | |
//include "/etc/bind/zones.rfc1918"; | |
acl "linux" { | |
140.113.235.151; | |
140.113.235.152; | |
140.113.235.153; | |
140.113.235.154; | |
}; | |
acl "bsd" { | |
140.113.235.131; | |
140.113.235.132; | |
140.113.235.133; | |
140.113.235.134; | |
}; | |
view "internal-linux" { | |
match-clients { "linux"; }; | |
zone "kaiiiz.nctucs.net" IN { | |
type master; | |
file "zone/db.kaiiiz.nctucs.net"; | |
}; | |
zone "184.229.35.in-addr.arpa" { | |
type master; | |
file "zone/db.35.229.184"; | |
}; | |
zone "sub.muller.nctucs.net" IN { | |
type master; | |
file "zone/db.sub.muller.nctucs.net.internal-linux.dnssec.signed"; | |
allow-transfer { 35.229.252.239; 140.113.235.151; 140.113.235.131; }; | |
notify yes; | |
}; | |
zone "sub.kaiiiz.nctucs.net" IN { | |
type slave; | |
file "slaves/db.sub.kaiiiz.nctucs.net.linux"; | |
masters { 35.229.252.239; }; | |
}; | |
}; | |
view "internal-bsd" { | |
match-clients { "bsd"; }; | |
zone "kaiiiz.nctucs.net" IN { | |
type master; | |
file "zone/db.kaiiiz.nctucs.net"; | |
}; | |
zone "184.229.35.in-addr.arpa" { | |
type master; | |
file "zone/db.35.229.184"; | |
}; | |
zone "sub.muller.nctucs.net" IN { | |
type master; | |
file "zone/db.sub.muller.nctucs.net.internal-bsd.dnssec.signed"; | |
allow-transfer { 35.229.252.239; 140.113.235.151; 140.113.235.131; }; | |
notify yes; | |
}; | |
zone "sub.kaiiiz.nctucs.net" IN { | |
type slave; | |
file "slaves/db.sub.kaiiiz.nctucs.net.bsd"; | |
masters { 35.229.252.239; }; | |
}; | |
}; | |
view "otherwise" { | |
match-clients { any; }; | |
zone "kaiiiz.nctucs.net" IN { | |
type master; | |
file "zone/db.kaiiiz.nctucs.net"; | |
}; | |
zone "184.229.35.in-addr.arpa" { | |
type master; | |
file "zone/db.35.229.184"; | |
}; | |
zone "sub.kaiiiz.nctucs.net" IN { | |
type slave; | |
file "slaves/db.sub.kaiiiz.nctucs.net"; | |
masters { 35.229.252.239; }; | |
}; | |
zone "sub.muller.nctucs.net" IN { | |
type master; | |
file "zone/db.sub.muller.nctucs.net.dnssec.signed"; | |
allow-transfer { 35.229.252.239; 140.113.235.151; 140.113.235.131;}; | |
notify yes; | |
}; | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
logging | |
{ | |
channel default-log { | |
file "/var/log/named/named.log" versions unlimited size 1m; | |
severity info; | |
print-time yes; | |
}; | |
channel lamer-log { | |
file"/var/log/named/named.log" versions unlimited size 1m; | |
severity info; | |
print-severity yes; | |
print-time yes; | |
print-category yes; | |
}; | |
channel query-log { | |
file "/var/log/named/named.log" versions unlimited size 1m; | |
severity info; | |
print-time yes; | |
}; | |
channel security-log { | |
file"/var/log/named/named.log" versions unlimited size 1m; | |
severity info; | |
print-severity yes; | |
print-time yes; | |
print-category yes; | |
}; | |
category lame-servers { lamer-log; }; | |
category security{ security-log;}; category queries { query-log;}; | |
category default { default-log;}; | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
options { | |
directory "/var/cache/bind"; | |
// If there is a firewall between you and nameservers you want | |
// to talk to, you may need to fix the firewall to allow multiple | |
// ports to talk. See http://www.kb.cert.org/vuls/id/800113 | |
// If your ISP provided one or more IP addresses for stable | |
// nameservers, you probably want to use them as forwarders. | |
// Uncomment the following block, and insert the addresses replacing | |
// the all-0's placeholder. | |
// forwarders { | |
// 0.0.0.0; | |
// }; | |
//======================================================================== | |
// If BIND logs error messages about the root key being expired, | |
// you will need to update your keys. See https://www.isc.org/bind-keys | |
//======================================================================== | |
/* | |
forwarders { | |
8.8.8.8; | |
8.8.4.4; | |
}; | |
*/ | |
recursion no; | |
allow-recursion { 127.0.0.1; }; | |
auth-nxdomain no; # conform to RFC1035 | |
allow-transfer { none; }; | |
dnssec-enable yes; | |
dnssec-validation yes; | |
dnssec-lookaside auto; | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment