blob: 52021620e3a5bb5c7e0b5d15908a62f1dbd2054f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
include "/etc/bind/named.conf.options";
include "/etc/bind/rndc.key";
view "internal" {
match-clients { 140.221.9.6;140.221.8.10;140.221.8.88;140.221.8.15; };
recursion yes;
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
{% for zone in zones %}
zone "{{ zone.1 }}" {
type master;
file "/etc/bind/hostbase/{{ zone.1 }}";
notify no;
also-notify { 140.221.9.6;140.221.8.10;140.221.8.88;140.221.8.15; };
};{% endfor %}
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
{% for reverse in reverses %}
zone "{{ reverse.0 }}.in-addr.arpa" {
type master;
file "/etc/bind/hostbase/{{ reverse.0 }}.rev";
notify no;
also-notify { 140.221.9.6;140.221.8.10;140.221.8.88; };
};{% endfor %}
include "/etc/bind/named.conf.static";
};
view "external" {
match-clients { any; };
recursion no;
{% for zone in zones %}
zone "{{ zone.1 }}" {
type master;
file "/etc/bind/hostbase/{{ zone.1 }}.external";
notify no;
};{% endfor %}
{% for reverse in reverses %}
zone "{{ reverse.0 }}.in-addr.arpa" {
type master;
file "/etc/bind/hostbase/{{ reverse.0 }}.rev.external";
notify no;
};{% endfor %}
include "/etc/bind/named.conf.static";
};
// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };
// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };
include "/etc/bind/named.conf.local";
|
