Using views to restrict recursion: Difference between revisions

From Hackepedia
Jump to navigationJump to search
No edit summary
 
No edit summary
 
Line 1: Line 1:
This is an example of a name server that does not do recursion for
This is an example of a name server that does not do recursion for
hosts outside of its' network, but still servers zones to the world.
hosts outside of its network, but still servers zones to the world.


<pre>
<pre>

Latest revision as of 13:22, 16 March 2006

This is an example of a name server that does not do recursion for hosts outside of its network, but still servers zones to the world.

//
// named.conf for Red Hat caching-nameserver 
//

acl "cooperix" { 192.139.46.0/24; };

options {
	directory "/var/named";
	dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
	/*
	 * If there is a firewall between you and nameservers you want
	 * to talk to, you might need to uncomment the query-source
	 * directive below.  Previous versions of BIND always asked
	 * questions using port 53, but BIND 8.1 uses an unprivileged
	 * port by default.
	 */
	
	allow-recursion { "cooperix"; };
	transfer-source 192.139.46.131;

	// query-source address * port 53;
	//recursion no;                // Do not provide recursive service

};


logging {
	channel "eastasia_local0" {
		syslog local0;
		severity info;
	};

     category "unmatched" { "null"; };
     category "default" { "eastasia_local0"; "default_debug"; };
};


// 
// a caching only nameserver config
// 
controls {
	inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

view "normal" {

  zone "." IN {
	type hint;
	file "named.ca";
  };

  zone "localdomain" IN {
	type master;
	file "localdomain.zone";
	allow-update { none; };
  };

  zone "localhost" IN {
	type master;
	file "localhost.zone";
	allow-update { none; };
  };

  zone "0.0.127.in-addr.arpa" IN {
	type master;
	file "named.local";
	allow-update { none; };
  };

  zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
	file "named.ip6.local";
	allow-update { none; };
  };

  zone "255.in-addr.arpa" IN {
	type master;
	file "named.broadcast";
	allow-update { none; };
  };

  zone "0.in-addr.arpa" IN {
	type master;
	file "named.zero";
	allow-update { none; };
  };

  //
  //
  // Public Secondaries
  //
  include "/home/russell/DNS/public-secondary.conf";
  include "/home/russell/DNS/sns.flora.ca.conf";
  include "/home/mcr/DNS/public-secondary.conf";
  include "/home/russell/DNS/jungle.ca-secondary.conf";

  //
  //
  // FLORA Secondaries
  //
  include "/home/russell/DNS/pns.flora.ca-secondary.conf";
  include "/home/russell/DNS/team.openconcept.ca-secondary.conf";
};

include "/etc/rndc.key";

view "hesiod" HS {
  zone "." HS {
        type slave;
        file "hesiod.zone.bak";
        masters {
                192.139.46.244; // pns.flora.ca
        };
  };

  include "/home/russell/DNS/public-hs-secondary.conf";
  include "/home/russell/DNS/flora-hesiod-secondary.conf";

};