Using views to restrict recursion: Difference between revisions
From Hackepedia
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
This is an example of a name server that does not do recursion for | This is an example of a name server that does not do recursion for | ||
hosts outside of its | hosts outside of its network, but still servers zones to the world. | ||
<pre> | <pre> | ||
Latest revision as of 12:22, 16 March 2006
This is an example of a name server that does not do recursion for hosts outside of its network, but still servers zones to the world.
//
// named.conf for Red Hat caching-nameserver
//
acl "cooperix" { 192.139.46.0/24; };
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
allow-recursion { "cooperix"; };
transfer-source 192.139.46.131;
// query-source address * port 53;
//recursion no; // Do not provide recursive service
};
logging {
channel "eastasia_local0" {
syslog local0;
severity info;
};
category "unmatched" { "null"; };
category "default" { "eastasia_local0"; "default_debug"; };
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
view "normal" {
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
//
//
// Public Secondaries
//
include "/home/russell/DNS/public-secondary.conf";
include "/home/russell/DNS/sns.flora.ca.conf";
include "/home/mcr/DNS/public-secondary.conf";
include "/home/russell/DNS/jungle.ca-secondary.conf";
//
//
// FLORA Secondaries
//
include "/home/russell/DNS/pns.flora.ca-secondary.conf";
include "/home/russell/DNS/team.openconcept.ca-secondary.conf";
};
include "/etc/rndc.key";
view "hesiod" HS {
zone "." HS {
type slave;
file "hesiod.zone.bak";
masters {
192.139.46.244; // pns.flora.ca
};
};
include "/home/russell/DNS/public-hs-secondary.conf";
include "/home/russell/DNS/flora-hesiod-secondary.conf";
};
