summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorKen Raffenetti <raffenet@mcs.anl.gov>2007-06-27 15:24:50 +0000
committerKen Raffenetti <raffenet@mcs.anl.gov>2007-06-27 15:24:50 +0000
commit07075b4e4d59905380e274f233e903c179e24bf8 (patch)
tree4fb26db06567b0bba683b196b01b47e08595b5c3 /src
parent64101c5f8b38250df239058b6af6374df92f7e3b (diff)
downloadbcfg2-07075b4e4d59905380e274f233e903c179e24bf8.tar.gz
bcfg2-07075b4e4d59905380e274f233e903c179e24bf8.tar.bz2
bcfg2-07075b4e4d59905380e274f233e903c179e24bf8.zip
template for split DNS views
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@3376 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src')
-rw-r--r--src/lib/Server/Hostbase/templates/namedviews.tmpl92
1 files changed, 92 insertions, 0 deletions
diff --git a/src/lib/Server/Hostbase/templates/namedviews.tmpl b/src/lib/Server/Hostbase/templates/namedviews.tmpl
new file mode 100644
index 000000000..eea2df150
--- /dev/null
+++ b/src/lib/Server/Hostbase/templates/namedviews.tmpl
@@ -0,0 +1,92 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+
+include "/etc/bind/named.conf.options";
+
+include "/etc/bind/rndc.key";
+
+view "internal" {
+ match-clients { 140.221.9.6;140.221.8.10;140.221.8.88;140.221.8.15; };
+ recursion yes;
+ // prime the server with knowledge of the root servers
+ zone "." {
+ type hint;
+ file "/etc/bind/db.root";
+ };
+ {% for zone in zones %}
+ zone "{{ zone.1 }}" {
+ type master;
+ file "/etc/bind/hostbase/{{ zone.1 }}";
+ notify no;
+ also-notify { 140.221.9.6;140.221.8.10;140.221.8.88;140.221.8.15; };
+ };{% endfor %}
+ // be authoritative for the localhost forward and reverse zones, and for
+ // broadcast zones as per RFC 1912
+
+ zone "localhost" {
+ type master;
+ file "/etc/bind/db.local";
+ };
+
+ zone "127.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.127";
+ };
+
+ zone "0.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.0";
+ };
+
+ zone "255.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.255";
+ };
+ {% for reverse in reverses %}
+ zone "{{ reverse.0 }}.in-addr.arpa" {
+ type master;
+ file "/etc/bind/hostbase/{{ reverse.0 }}.rev";
+ notify no;
+ also-notify { 140.221.9.6;140.221.8.10;140.221.8.88; };
+ };{% endfor %}
+ include "/etc/bind/named.conf.static";
+};
+
+view "external" {
+ match-clients { any; };
+ recursion no;
+ {% for zone in zones %}
+ zone "{{ zone.1 }}" {
+ type master;
+ file "/etc/bind/hostbase/{{ zone.1 }}.external";
+ notify no;
+ };{% endfor %}
+
+ {% for reverse in reverses %}
+ zone "{{ reverse.0 }}.in-addr.arpa" {
+ type master;
+ file "/etc/bind/hostbase/{{ reverse.0 }}.rev.external";
+ notify no;
+ };{% endfor %}
+ include "/etc/bind/named.conf.static";
+};
+
+
+// zone "com" { type delegation-only; };
+// zone "net" { type delegation-only; };
+
+// From the release notes:
+// Because many of our users are uncomfortable receiving undelegated answers
+// from root or top level domains, other than a few for whom that behaviour
+// has been trusted and expected for quite some length of time, we have now
+// introduced the "root-delegations-only" feature which applies delegation-only
+// logic to all top level domains, and to the root domain. An exception list
+// should be specified, including "MUSEUM" and "DE", and any other top level
+// domains from whom undelegated responses are expected and trusted.
+// root-delegation-only exclude { "DE"; "MUSEUM"; };
+
+include "/etc/bind/named.conf.local";