diff options
Diffstat (limited to 'src/lib/Bcfg2/Server/Hostbase/templates/named.tmpl')
-rw-r--r-- | src/lib/Bcfg2/Server/Hostbase/templates/named.tmpl | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/src/lib/Bcfg2/Server/Hostbase/templates/named.tmpl b/src/lib/Bcfg2/Server/Hostbase/templates/named.tmpl new file mode 100644 index 000000000..03e054198 --- /dev/null +++ b/src/lib/Bcfg2/Server/Hostbase/templates/named.tmpl @@ -0,0 +1,69 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// + +include "/etc/bind/named.conf.options"; + +include "/etc/bind/rndc.key"; + +// prime the server with knowledge of the root servers +zone "." { + type hint; + file "/etc/bind/db.root"; +}; + +// be authoritative for the localhost forward and reverse zones, and for +// broadcast zones as per RFC 1912 +{% for zone in zones %} +zone "{{ zone.1 }}" { + type master; + file "/etc/bind/hostbase/{{ zone.1 }}"; + notify no; + also-notify { 140.221.9.6;140.221.8.10; }; +};{% endfor %} + +zone "localhost" { + type master; + file "/etc/bind/db.local"; +}; + +zone "127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; +}; + +zone "0.in-addr.arpa" { + type master; + file "/etc/bind/db.0"; +}; + +zone "255.in-addr.arpa" { + type master; + file "/etc/bind/db.255"; +}; +{% for reverse in reverses %} +zone "{{ reverse.0 }}.in-addr.arpa" { + type master; + file "/etc/bind/hostbase/{{ reverse.0 }}.rev"; + notify no; + also-notify { 140.221.9.6;140.221.8.10; }; +};{% endfor %} + +// zone "com" { type delegation-only; }; +// zone "net" { type delegation-only; }; + +// From the release notes: +// Because many of our users are uncomfortable receiving undelegated answers +// from root or top level domains, other than a few for whom that behaviour +// has been trusted and expected for quite some length of time, we have now +// introduced the "root-delegations-only" feature which applies delegation-only +// logic to all top level domains, and to the root domain. An exception list +// should be specified, including "MUSEUM" and "DE", and any other top level +// domains from whom undelegated responses are expected and trusted. +// root-delegation-only exclude { "DE"; "MUSEUM"; }; + +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.static"; |