From 07075b4e4d59905380e274f233e903c179e24bf8 Mon Sep 17 00:00:00 2001 From: Ken Raffenetti Date: Wed, 27 Jun 2007 15:24:50 +0000 Subject: template for split DNS views git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@3376 ce84e21b-d406-0410-9b95-82705330c041 --- src/lib/Server/Hostbase/templates/namedviews.tmpl | 92 +++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 src/lib/Server/Hostbase/templates/namedviews.tmpl (limited to 'src') diff --git a/src/lib/Server/Hostbase/templates/namedviews.tmpl b/src/lib/Server/Hostbase/templates/namedviews.tmpl new file mode 100644 index 000000000..eea2df150 --- /dev/null +++ b/src/lib/Server/Hostbase/templates/namedviews.tmpl @@ -0,0 +1,92 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// + +include "/etc/bind/named.conf.options"; + +include "/etc/bind/rndc.key"; + +view "internal" { + match-clients { 140.221.9.6;140.221.8.10;140.221.8.88;140.221.8.15; }; + recursion yes; + // prime the server with knowledge of the root servers + zone "." { + type hint; + file "/etc/bind/db.root"; + }; + {% for zone in zones %} + zone "{{ zone.1 }}" { + type master; + file "/etc/bind/hostbase/{{ zone.1 }}"; + notify no; + also-notify { 140.221.9.6;140.221.8.10;140.221.8.88;140.221.8.15; }; + };{% endfor %} + // be authoritative for the localhost forward and reverse zones, and for + // broadcast zones as per RFC 1912 + + zone "localhost" { + type master; + file "/etc/bind/db.local"; + }; + + zone "127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; + }; + + zone "0.in-addr.arpa" { + type master; + file "/etc/bind/db.0"; + }; + + zone "255.in-addr.arpa" { + type master; + file "/etc/bind/db.255"; + }; + {% for reverse in reverses %} + zone "{{ reverse.0 }}.in-addr.arpa" { + type master; + file "/etc/bind/hostbase/{{ reverse.0 }}.rev"; + notify no; + also-notify { 140.221.9.6;140.221.8.10;140.221.8.88; }; + };{% endfor %} + include "/etc/bind/named.conf.static"; +}; + +view "external" { + match-clients { any; }; + recursion no; + {% for zone in zones %} + zone "{{ zone.1 }}" { + type master; + file "/etc/bind/hostbase/{{ zone.1 }}.external"; + notify no; + };{% endfor %} + + {% for reverse in reverses %} + zone "{{ reverse.0 }}.in-addr.arpa" { + type master; + file "/etc/bind/hostbase/{{ reverse.0 }}.rev.external"; + notify no; + };{% endfor %} + include "/etc/bind/named.conf.static"; +}; + + +// zone "com" { type delegation-only; }; +// zone "net" { type delegation-only; }; + +// From the release notes: +// Because many of our users are uncomfortable receiving undelegated answers +// from root or top level domains, other than a few for whom that behaviour +// has been trusted and expected for quite some length of time, we have now +// introduced the "root-delegations-only" feature which applies delegation-only +// logic to all top level domains, and to the root domain. An exception list +// should be specified, including "MUSEUM" and "DE", and any other top level +// domains from whom undelegated responses are expected and trusted. +// root-delegation-only exclude { "DE"; "MUSEUM"; }; + +include "/etc/bind/named.conf.local"; -- cgit v1.2.3-1-g7c22