aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/files/named
diff options
context:
space:
mode:
authorEmil Renner Berthing <esmil@labitat.dk>2017-11-07 16:27:49 +0100
committerEmil Renner Berthing <esmil@labitat.dk>2017-11-12 14:56:32 +0100
commite8cdba85c48dcbbd42e6fcb5be3aa2912008cb84 (patch)
tree41ba5163cf6f110521f2ebc9035f77d2754796a0 /roles/space_server/files/named
downloadlabitat-ansible-e8cdba85c48dcbbd42e6fcb5be3aa2912008cb84.tar.gz
labitat-ansible-e8cdba85c48dcbbd42e6fcb5be3aa2912008cb84.tar.xz
labitat-ansible-e8cdba85c48dcbbd42e6fcb5be3aa2912008cb84.zip
initial commit
Diffstat (limited to 'roles/space_server/files/named')
-rw-r--r--roles/space_server/files/named/named.conf81
-rw-r--r--roles/space_server/files/named/s.zone21
2 files changed, 102 insertions, 0 deletions
diff --git a/roles/space_server/files/named/named.conf b/roles/space_server/files/named/named.conf
new file mode 100644
index 0000000..d9b60d3
--- /dev/null
+++ b/roles/space_server/files/named/named.conf
@@ -0,0 +1,81 @@
+//
+// named.conf
+//
+// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
+// server as a caching only nameserver (as a localhost DNS resolver only).
+//
+// See /usr/share/doc/bind*/sample/ for example named configuration files.
+//
+
+options {
+ listen-on port 53 {
+ 127.0.0.1;
+ 185.38.175.0;
+ };
+ listen-on-v6 port 53 {
+ ::1;
+ 2a01:4260:1ab::;
+ };
+ #dns64 fde2:52b4:4a19:ffff::/96 {
+ # clients { fde2:52b4:4a19:5::/64; };
+ #};
+ directory "/var/named";
+ dump-file "/var/named/data/cache_dump.db";
+ statistics-file "/var/named/data/named_stats.txt";
+ memstatistics-file "/var/named/data/named_mem_stats.txt";
+ //allow-query { localhost; };
+
+ /*
+ - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
+ - If you are building a RECURSIVE (caching) DNS server, you need to enable
+ recursion.
+ - If your recursive DNS server has a public IP address, you MUST enable access
+ control to limit queries to your legitimate users. Failing to do so will
+ cause your server to become part of large scale DNS amplification
+ attacks. Implementing BCP38 within your network would greatly
+ reduce such attack surface
+ */
+ recursion yes;
+
+ dnssec-enable yes;
+ dnssec-validation yes;
+
+ managed-keys-directory "/var/named/dynamic";
+
+ pid-file "/run/named/named.pid";
+ session-keyfile "/run/named/session.key";
+
+ /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
+ include "/etc/crypto-policies/back-ends/bind.config";
+};
+
+logging {
+ channel default_debug {
+ file "data/named.run";
+ severity dynamic;
+ };
+ channel syslog {
+ syslog;
+ severity warning;
+ print-severity yes;
+ print-category yes;
+ };
+ category default{
+ syslog;
+ };
+};
+
+zone "." IN {
+ type hint;
+ file "named.ca";
+};
+
+zone "s" IN {
+ type master;
+ file "/etc/named/s.zone";
+ allow-transfer { none; };
+};
+
+include "/etc/named.rfc1912.zones";
+include "/etc/named.root.key";
+
diff --git a/roles/space_server/files/named/s.zone b/roles/space_server/files/named/s.zone
new file mode 100644
index 0000000..3d96157
--- /dev/null
+++ b/roles/space_server/files/named/s.zone
@@ -0,0 +1,21 @@
+s. 600 IN SOA space.labitat.dk. xnybre.labitat.dk. 2015112001 7200 3600 604800 86400
+s. 600 IN NS space.labitat.dk.
+
+s. 600 IN A 10.42.1.1
+s. 600 IN AAAA fde2:52b4:4a19:1::1
+
+labitrack.s. 600 IN CNAME spacewand.labitat.dk.
+track.s. 600 IN CNAME spacewand.labitat.dk.
+
+doorputer.s. 600 IN A 10.42.0.3
+foodputer.s. 600 IN A 10.42.0.4
+
+lathe.s. 600 IN A 10.42.0.12
+
+anna.s. 600 IN A 10.42.1.9
+infotron.s. 600 IN A 10.42.1.34
+spacemon.s. 600 IN A 10.42.1.35
+jumbotron.s. 600 IN A 10.42.1.36
+sound.s. 600 IN A 10.42.1.80
+
+printbrother.s. 600 IN A 10.42.1.32