bind primaire

1. [root@ks37777 ~]# cat /etc/named.conf
2. //
3. // named.conf
4. //
5. // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
6. // server as a caching only nameserver (as a localhost DNS resolver only).
7. //
8. // See /usr/share/doc/bind*/sample/ for example named configuration files.
9. //
10.  
11. options {
12. listen-on port 53 { 127.0.0.1; };
13. listen-on-v6 port 53 { ::1; };
14. directory "/var/named";
15. dump-file "/var/named/data/cache_dump.db";
16. statistics-file "/var/named/data/named_stats.txt";
17. memstatistics-file "/var/named/data/named_mem_stats.txt";
18. //allow-query { localhost; };
19. //recursion yes;
20.  
21. forward first;
22. forwarders {
23. 94.23.59.30;
24. 195.234.42.1;
25. 87.98.164.164;
26. 88.191.64.64;
27. 193.223.78.42;
28. 217.119.181.42;
29. 91.121.63.179;
30. 94.23.60.214;
31. 94.23.59.30;
32. };
33.  
34.  
35. auth-nxdomain no; # conform to RFC1035
36. listen-on-v6 { any; };
37. listen-on port 53 { any; };
38.  
39. // By default, name servers should only perform recursive domain
40. // lookups for their direct clients. If recursion is left open
41. // to the entire Internet, your name server could be used to
42. // perform distributed denial of service attacks against other
43. // innocent computers. For more information on DDoS recursion:
44. // http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
45.  
46. recursion yes;
47. allow-recursion { localhost; 127.0.0.1; 94.23.59.30;
48. 195.234.42.1;
49. 87.98.164.164;
50. 88.191.64.64;
51. 193.223.78.42;
52. 217.119.181.42;
53. 91.121.63.179;
54. 94.23.60.214;
55. 94.23.59.30;
56. };
57. allow-query-cache { localhost; 127.0.0.1; 94.23.59.30;
58. 195.234.42.1;
59. 87.98.164.164;
60. 88.191.64.64;
61. 193.223.78.42;
62. 217.119.181.42;
63. 91.121.63.179;
64. 94.23.60.214;
65. 94.23.59.30;
66. };
67. additional-from-cache yes;
68.  
69. ///si vous avez un ou plusieurs serveurs secondaire
70.  
71. allow-transfer {
72. 94.23.59.30;
73. 195.234.42.1;
74. 87.98.164.164;
75. 88.191.64.64;
76. 193.223.78.42;
77. 217.119.181.42;
78. 91.121.63.179;
79. 94.23.60.214;
80. 94.23.59.30;
81.  
82. };
83.  
84. // If you have DNS clients on other subnets outside of your
85. // server's "localnets", you can explicitly add their networks
86. // without opening up your server to the Internet at large:
87. // allow-recursion { localnets; 192.168.0.0/24; };
88.  
89. // If your name server is only listening on 127.0.0.1, consider:
90. // allow-recursion { 127.0.0.1; };
91. dnssec-enable yes;
92. dnssec-validation yes;
93. dnssec-lookaside auto;
94.  
95. /* Path to ISC DLV key */
96. bindkeys-file "/etc/named.iscdlv.key";
97.  
98. managed-keys-directory "/var/named/dynamic";
99. };
100.  
101. logging {
102. channel default_debug {
103. file "data/named.run";
104. severity dynamic;
105. };
106. };
107.  
108. zone "." IN {
109. type hint;
110. file "named.ca";
111. };
112.  
113. include "/etc/named.rfc1912.zones";
114. include "/etc/named.root.key";
115.  
116. key rndc-key {
117. algorithm hmac-md5;
118. secret "MyznClEiUrH9q2yXDPisrw==";
119. };
120. controls {
121. inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
122. };
123.  
124. server 213.251.128.131 {
125. keys {
126. rndc-key;
127. };
128. };
129. server 213.251.188.131 {
130. keys {
131. rndc-key;
132. };
133. };
134.  
135.  
136. server 213.251.188.140 {
137. keys {
138. rndc-key;
139. };
140. };
141. server 213.251.128.132 {
142. keys {
143. rndc-key;
144. };
145. };
146. server 213.251.188.132 {
147. keys {
148. rndc-key;
149. };
150. };
151. server 193.223.78.42 {
152. keys {
153. rndc-key;
154. };
155. };
156. trusted-keys {
157. dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEm*********************************HAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh";
158. };
159.  
160.  
161. zone "fakessh.eu" {
162. type master;
163. file "/var/named/fakessh.eu.hosts";
164. auto-dnssec maintain;
165. update-policy local;
166. key-directory "/var/named/keys/";
167. allow-transfer { 213.251.188.140;87.98.164.164; 195.234.42.1;94.23.59.30; 193.223.78.42;217.119.181.42;91.121.63.179;94.23.60.214;94.23.59.30; };
168.  
169.  
170. };
171. zone "renelacroute.fr" {
172. type master;
173. file "/var/named/renelacroute.fr.hosts";
174. auto-dnssec maintain;
175. update-policy local;
176. key-directory "/var/named/keys/";
177. allow-transfer { 213.251.188.140;87.98.164.164; 195.234.42.1;94.23.59.30; 193.223.78.42; 217.119.181.42;91.121.63.179;94.23.60.214; 94.23.59.30;};
178.  
179.  
180. };
181. zone "urlshort.eu" {
182. type master;
183. file "/var/named/urlshort.eu.hosts";
184. auto-dnssec maintain;
185. update-policy local;
186. key-directory "/var/named/keys/";
187. allow-transfer { 213.251.188.140;87.98.164.164; 195.234.42.1;94.23.59.30; 193.223.78.42;217.119.181.42;91.121.63.179;94.23.60.214;94.23.59.30;
188. };
189. };
190. server 92.243.14.172 {
191. keys {
192. rndc-key;
193. };
194. };
195. server 91.121.205.40 {
196. keys {
197. rndc-key;
198. };
199. };
200. server 87.98.164.164 {
201. keys {
202. rndc-key;
203. };
204. };
205. server 195.234.42.1 {
206. keys {
207. rndc-key;
208. };
209. };
210.  
211. server 94.23.59.30 {
212. keys {
213. rndc-key;
214. };
215. };
216. server 88.191.64.64 {
217. keys {
218. rndc-key;
219. };
220. };
221. server 217.119.181.42 {
222. keys {
223. rndc-key;
224. };
225. };
226.  
227. zone "nicolaspichot.fr" {
228. type master;
229. file "/var/named/nicolaspichot.fr.hosts";
230. update-policy local;
231. auto-dnssec maintain;
232. key-directory "/var/named/keys/";
233. allow-transfer { 213.251.188.140;87.98.164.164; 195.234.42.1;94.23.59.30; 193.223.78.42;217.119.181.42;91.121.63.179;94.23.60.214;94.23.59.30; };
234.  
235.  
236.  
237. };
238.  
239. zone "ks37777.kimsufi.com" {
240. type slave;
241. file "/var/named/slaves/ks37777.kimsufi.com.hosts";
242. masters {
243. 91.121.7.86;
244. 127.0.0.1;
245. };
246. allow-transfer {
247. 94.23.59.30;
248. 195.234.42.1;
249. 87.98.164.164;
250. 88.191.64.64;
251. 193.223.78.42;
252. 217.119.181.42;
253. 91.121.63.179;
254. 94.23.60.214;
255. };
256. };
257.  
258.  
259. // Provide a reverse mapping for the loopback address 127.0.0.1
260. zone "8.e.a.b.2.6.7.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.2.ip6.arpa"{
261. type master;
262. file "/var/named/6.5.7.0.9.7.B.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.2.IP6.ARPA.hosts";
263. allow-transfer {
264. 2a01:e0b:1:64:240:63ff:fee8:6155;
265. 94.23.59.30;
266. 195.234.42.1;
267. 87.98.164.164;
268. 88.191.64.64;
269. 193.223.78.42;
270. 87.98.186.232;
271. 217.119.181.42;
272. 91.121.63.179;
273. 94.23.60.214;
274. };
275. };