From 806bfb26907e9bb3d41f0c9225800a7f8c77683a Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <esmil@labitat.dk>
Date: Tue, 2 Apr 2019 20:23:52 +0200
Subject: space_server: named: support dynamic updates

..of the dhcp zone and reverse dns for 10.42.0.0/16
This way the dhcp daemon can add entries when it
handles out leases.
---
 roles/space_server/files/named.conf | 110 ------------------------------------
 1 file changed, 110 deletions(-)
 delete mode 100644 roles/space_server/files/named.conf

(limited to 'roles/space_server/files')

diff --git a/roles/space_server/files/named.conf b/roles/space_server/files/named.conf
deleted file mode 100644
index 0659a3b..0000000
--- a/roles/space_server/files/named.conf
+++ /dev/null
@@ -1,110 +0,0 @@
-//
-// named.conf
-//
-// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
-// server as a caching only nameserver (as a localhost DNS resolver only).
-//
-// See /usr/share/doc/bind*/sample/ for example named configuration files.
-//
-
-options {
-	listen-on port 53 {
-		127.0.0.1;
-		185.38.175.0;
-	};
-	listen-on-v6 port 53 {
-		::1;
-		2a01:4262:1ab::;
-	};
-	allow-query {
-		127.0.0.1;
-		185.38.175.0/24;
-		10.42.0.0/16;
-		::1;
-		2a01:4262:1ab::/48;
-	};
-	dns64 2a01:4262:1ab:0:0:f::/96 {
-		clients { 2a01:4262:1ab:f::/64; };
-		exclude {
-			2a01:4262:1ab:0:0:f::/96;
-			::ffff:0:0/96;
-		};
-	};
-	directory 	"/var/named";
-	dump-file 	"/var/named/data/cache_dump.db";
-	statistics-file "/var/named/data/named_stats.txt";
-	memstatistics-file "/var/named/data/named_mem_stats.txt";
-	secroots-file	"/var/named/data/named.secroots";
-	recursing-file	"/var/named/data/named.recursing";
-
-	/* 
-	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
-	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
-	   recursion. 
-	 - If your recursive DNS server has a public IP address, you MUST enable access 
-	   control to limit queries to your legitimate users. Failing to do so will
-	   cause your server to become part of large scale DNS amplification 
-	   attacks. Implementing BCP38 within your network would greatly
-	   reduce such attack surface 
-	*/
-	recursion yes;
-
-	dnssec-enable yes;
-	dnssec-validation yes;
-
-	managed-keys-directory "/var/named/dynamic";
-
-	pid-file "/run/named/named.pid";
-	session-keyfile "/run/named/session.key";
-
-	/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
-	include "/etc/crypto-policies/back-ends/bind.config";
-};
-
-logging {
-	channel default_debug {
-		syslog daemon;
-		severity dynamic;
-	};
-	channel default {
-		syslog daemon;
-		severity info;
-	};
-	category default {
-		default;
-	};
-};
-
-acl local {
-	127.0.0.1;
-	10.42.0.0/24; // infrastructure
-	10.42.1.0/24; // member wired
-	10.42.2.0/24; // member wireless
-	::1;
-	2a01:4262:1ab:a::/64; // infrastructure
-	2a01:4262:1ab:b::/64; // member wired
-	2a01:4262:1ab:c::/64; // member wireless
-	2a01:4262:1ab:f::/64; // member nat64
-};
-
-zone "." IN {
-	type hint;
-	file "named.ca";
-};
-
-zone "s" IN {
-	type master;
-	file "/etc/named/s.zone";
-	allow-query { local; };
-	allow-transfer { none; };
-};
-
-zone "42.10.in-addr.arpa" IN {
-	type master;
-	file "/etc/named/ipv4.rev.zone";
-	allow-query { local; };
-	allow-transfer { none; };
-};
-
-include "/etc/named.rfc1912.zones";
-include "/etc/named.root.key";
-- 
cgit v1.2.1