From e8cdba85c48dcbbd42e6fcb5be3aa2912008cb84 Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Tue, 7 Nov 2017 16:27:49 +0100 Subject: initial commit --- roles/space_server/files/named/named.conf | 81 +++++++++++++++++++++++++++++++ roles/space_server/files/named/s.zone | 21 ++++++++ 2 files changed, 102 insertions(+) create mode 100644 roles/space_server/files/named/named.conf create mode 100644 roles/space_server/files/named/s.zone (limited to 'roles/space_server/files/named') diff --git a/roles/space_server/files/named/named.conf b/roles/space_server/files/named/named.conf new file mode 100644 index 0000000..d9b60d3 --- /dev/null +++ b/roles/space_server/files/named/named.conf @@ -0,0 +1,81 @@ +// +// named.conf +// +// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS +// server as a caching only nameserver (as a localhost DNS resolver only). +// +// See /usr/share/doc/bind*/sample/ for example named configuration files. +// + +options { + listen-on port 53 { + 127.0.0.1; + 185.38.175.0; + }; + listen-on-v6 port 53 { + ::1; + 2a01:4260:1ab::; + }; + #dns64 fde2:52b4:4a19:ffff::/96 { + # clients { fde2:52b4:4a19:5::/64; }; + #}; + directory "/var/named"; + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + memstatistics-file "/var/named/data/named_mem_stats.txt"; + //allow-query { localhost; }; + + /* + - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. + - If you are building a RECURSIVE (caching) DNS server, you need to enable + recursion. + - If your recursive DNS server has a public IP address, you MUST enable access + control to limit queries to your legitimate users. Failing to do so will + cause your server to become part of large scale DNS amplification + attacks. Implementing BCP38 within your network would greatly + reduce such attack surface + */ + recursion yes; + + dnssec-enable yes; + dnssec-validation yes; + + managed-keys-directory "/var/named/dynamic"; + + pid-file "/run/named/named.pid"; + session-keyfile "/run/named/session.key"; + + /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ + include "/etc/crypto-policies/back-ends/bind.config"; +}; + +logging { + channel default_debug { + file "data/named.run"; + severity dynamic; + }; + channel syslog { + syslog; + severity warning; + print-severity yes; + print-category yes; + }; + category default{ + syslog; + }; +}; + +zone "." IN { + type hint; + file "named.ca"; +}; + +zone "s" IN { + type master; + file "/etc/named/s.zone"; + allow-transfer { none; }; +}; + +include "/etc/named.rfc1912.zones"; +include "/etc/named.root.key"; + diff --git a/roles/space_server/files/named/s.zone b/roles/space_server/files/named/s.zone new file mode 100644 index 0000000..3d96157 --- /dev/null +++ b/roles/space_server/files/named/s.zone @@ -0,0 +1,21 @@ +s. 600 IN SOA space.labitat.dk. xnybre.labitat.dk. 2015112001 7200 3600 604800 86400 +s. 600 IN NS space.labitat.dk. + +s. 600 IN A 10.42.1.1 +s. 600 IN AAAA fde2:52b4:4a19:1::1 + +labitrack.s. 600 IN CNAME spacewand.labitat.dk. +track.s. 600 IN CNAME spacewand.labitat.dk. + +doorputer.s. 600 IN A 10.42.0.3 +foodputer.s. 600 IN A 10.42.0.4 + +lathe.s. 600 IN A 10.42.0.12 + +anna.s. 600 IN A 10.42.1.9 +infotron.s. 600 IN A 10.42.1.34 +spacemon.s. 600 IN A 10.42.1.35 +jumbotron.s. 600 IN A 10.42.1.36 +sound.s. 600 IN A 10.42.1.80 + +printbrother.s. 600 IN A 10.42.1.32 -- cgit v1.2.1