diff options
author | Emil Renner Berthing <esmil@labitat.dk> | 2017-11-19 01:19:10 +0100 |
---|---|---|
committer | Emil Renner Berthing <esmil@labitat.dk> | 2017-11-19 12:46:29 +0100 |
commit | 3b795796bd03488a385f3ad42b10b8c0d61282c1 (patch) | |
tree | 19381884de2c8320b20d3205f22b71c42c63dd1c /roles/space_server/files/named/named.conf | |
parent | 505f69ee1540581eef2465dc420525213d278473 (diff) | |
download | labitat-ansible-3b795796bd03488a385f3ad42b10b8c0d61282c1.tar.gz labitat-ansible-3b795796bd03488a385f3ad42b10b8c0d61282c1.tar.xz labitat-ansible-3b795796bd03488a385f3ad42b10b8c0d61282c1.zip |
space_server: unbound: use unbound instad of bind
Diffstat (limited to 'roles/space_server/files/named/named.conf')
-rw-r--r-- | roles/space_server/files/named/named.conf | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/roles/space_server/files/named/named.conf b/roles/space_server/files/named/named.conf deleted file mode 100644 index d9b60d3..0000000 --- a/roles/space_server/files/named/named.conf +++ /dev/null @@ -1,81 +0,0 @@ -// -// named.conf -// -// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS -// server as a caching only nameserver (as a localhost DNS resolver only). -// -// See /usr/share/doc/bind*/sample/ for example named configuration files. -// - -options { - listen-on port 53 { - 127.0.0.1; - 185.38.175.0; - }; - listen-on-v6 port 53 { - ::1; - 2a01:4260:1ab::; - }; - #dns64 fde2:52b4:4a19:ffff::/96 { - # clients { fde2:52b4:4a19:5::/64; }; - #}; - directory "/var/named"; - dump-file "/var/named/data/cache_dump.db"; - statistics-file "/var/named/data/named_stats.txt"; - memstatistics-file "/var/named/data/named_mem_stats.txt"; - //allow-query { localhost; }; - - /* - - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - - If you are building a RECURSIVE (caching) DNS server, you need to enable - recursion. - - If your recursive DNS server has a public IP address, you MUST enable access - control to limit queries to your legitimate users. Failing to do so will - cause your server to become part of large scale DNS amplification - attacks. Implementing BCP38 within your network would greatly - reduce such attack surface - */ - recursion yes; - - dnssec-enable yes; - dnssec-validation yes; - - managed-keys-directory "/var/named/dynamic"; - - pid-file "/run/named/named.pid"; - session-keyfile "/run/named/session.key"; - - /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ - include "/etc/crypto-policies/back-ends/bind.config"; -}; - -logging { - channel default_debug { - file "data/named.run"; - severity dynamic; - }; - channel syslog { - syslog; - severity warning; - print-severity yes; - print-category yes; - }; - category default{ - syslog; - }; -}; - -zone "." IN { - type hint; - file "named.ca"; -}; - -zone "s" IN { - type master; - file "/etc/named/s.zone"; - allow-transfer { none; }; -}; - -include "/etc/named.rfc1912.zones"; -include "/etc/named.root.key"; - |