Using views to restrict recursion: Difference between revisions
From Hackepedia
Jump to navigationJump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
This is an example of a name server that does not do recursion for | This is an example of a name server that does not do recursion for | ||
hosts outside of its | hosts outside of its network, but still servers zones to the world. | ||
<pre> | <pre> |
Latest revision as of 13:22, 16 March 2006
This is an example of a name server that does not do recursion for hosts outside of its network, but still servers zones to the world.
// // named.conf for Red Hat caching-nameserver // acl "cooperix" { 192.139.46.0/24; }; options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ allow-recursion { "cooperix"; }; transfer-source 192.139.46.131; // query-source address * port 53; //recursion no; // Do not provide recursive service }; logging { channel "eastasia_local0" { syslog local0; severity info; }; category "unmatched" { "null"; }; category "default" { "eastasia_local0"; "default_debug"; }; }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; view "normal" { zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; // // // Public Secondaries // include "/home/russell/DNS/public-secondary.conf"; include "/home/russell/DNS/sns.flora.ca.conf"; include "/home/mcr/DNS/public-secondary.conf"; include "/home/russell/DNS/jungle.ca-secondary.conf"; // // // FLORA Secondaries // include "/home/russell/DNS/pns.flora.ca-secondary.conf"; include "/home/russell/DNS/team.openconcept.ca-secondary.conf"; }; include "/etc/rndc.key"; view "hesiod" HS { zone "." HS { type slave; file "hesiod.zone.bak"; masters { 192.139.46.244; // pns.flora.ca }; }; include "/home/russell/DNS/public-hs-secondary.conf"; include "/home/russell/DNS/flora-hesiod-secondary.conf"; };