Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@ks37777 ~]# cat /etc/named.conf
- //
- // named.conf
- //
- // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
- // server as a caching only nameserver (as a localhost DNS resolver only).
- //
- // See /usr/share/doc/bind*/sample/ for example named configuration files.
- //
- options {
- listen-on port 53 { 127.0.0.1; };
- listen-on-v6 port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- //allow-query { localhost; };
- //recursion yes;
- forward first;
- forwarders {
- 94.23.59.30;
- 195.234.42.1;
- 87.98.164.164;
- 88.191.64.64;
- 193.223.78.42;
- 217.119.181.42;
- 91.121.63.179;
- 94.23.60.214;
- 94.23.59.30;
- };
- auth-nxdomain no; # conform to RFC1035
- listen-on-v6 { any; };
- listen-on port 53 { any; };
- // By default, name servers should only perform recursive domain
- // lookups for their direct clients. If recursion is left open
- // to the entire Internet, your name server could be used to
- // perform distributed denial of service attacks against other
- // innocent computers. For more information on DDoS recursion:
- // http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
- recursion yes;
- allow-recursion { localhost; 127.0.0.1; 94.23.59.30;
- 195.234.42.1;
- 87.98.164.164;
- 88.191.64.64;
- 193.223.78.42;
- 217.119.181.42;
- 91.121.63.179;
- 94.23.60.214;
- 94.23.59.30;
- };
- allow-query-cache { localhost; 127.0.0.1; 94.23.59.30;
- 195.234.42.1;
- 87.98.164.164;
- 88.191.64.64;
- 193.223.78.42;
- 217.119.181.42;
- 91.121.63.179;
- 94.23.60.214;
- 94.23.59.30;
- };
- additional-from-cache yes;
- ///si vous avez un ou plusieurs serveurs secondaire
- allow-transfer {
- 94.23.59.30;
- 195.234.42.1;
- 87.98.164.164;
- 88.191.64.64;
- 193.223.78.42;
- 217.119.181.42;
- 91.121.63.179;
- 94.23.60.214;
- 94.23.59.30;
- };
- // If you have DNS clients on other subnets outside of your
- // server's "localnets", you can explicitly add their networks
- // without opening up your server to the Internet at large:
- // allow-recursion { localnets; 192.168.0.0/24; };
- // If your name server is only listening on 127.0.0.1, consider:
- // allow-recursion { 127.0.0.1; };
- dnssec-enable yes;
- dnssec-validation yes;
- dnssec-lookaside auto;
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
- managed-keys-directory "/var/named/dynamic";
- };
- logging {
- channel default_debug {
- file "data/named.run";
- severity dynamic;
- };
- };
- zone "." IN {
- type hint;
- file "named.ca";
- };
- include "/etc/named.rfc1912.zones";
- include "/etc/named.root.key";
- key rndc-key {
- algorithm hmac-md5;
- secret "MyznClEiUrH9q2yXDPisrw==";
- };
- controls {
- inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
- };
- server 213.251.128.131 {
- keys {
- rndc-key;
- };
- };
- server 213.251.188.131 {
- keys {
- rndc-key;
- };
- };
- server 213.251.188.140 {
- keys {
- rndc-key;
- };
- };
- server 213.251.128.132 {
- keys {
- rndc-key;
- };
- };
- server 213.251.188.132 {
- keys {
- rndc-key;
- };
- };
- server 193.223.78.42 {
- keys {
- rndc-key;
- };
- };
- trusted-keys {
- dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEm*********************************HAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh";
- };
- zone "fakessh.eu" {
- type master;
- file "/var/named/fakessh.eu.hosts";
- auto-dnssec maintain;
- update-policy local;
- key-directory "/var/named/keys/";
- allow-transfer { 213.251.188.140;87.98.164.164; 195.234.42.1;94.23.59.30; 193.223.78.42;217.119.181.42;91.121.63.179;94.23.60.214;94.23.59.30; };
- };
- zone "renelacroute.fr" {
- type master;
- file "/var/named/renelacroute.fr.hosts";
- auto-dnssec maintain;
- update-policy local;
- key-directory "/var/named/keys/";
- allow-transfer { 213.251.188.140;87.98.164.164; 195.234.42.1;94.23.59.30; 193.223.78.42; 217.119.181.42;91.121.63.179;94.23.60.214; 94.23.59.30;};
- };
- zone "urlshort.eu" {
- type master;
- file "/var/named/urlshort.eu.hosts";
- auto-dnssec maintain;
- update-policy local;
- key-directory "/var/named/keys/";
- allow-transfer { 213.251.188.140;87.98.164.164; 195.234.42.1;94.23.59.30; 193.223.78.42;217.119.181.42;91.121.63.179;94.23.60.214;94.23.59.30;
- };
- };
- server 92.243.14.172 {
- keys {
- rndc-key;
- };
- };
- server 91.121.205.40 {
- keys {
- rndc-key;
- };
- };
- server 87.98.164.164 {
- keys {
- rndc-key;
- };
- };
- server 195.234.42.1 {
- keys {
- rndc-key;
- };
- };
- server 94.23.59.30 {
- keys {
- rndc-key;
- };
- };
- server 88.191.64.64 {
- keys {
- rndc-key;
- };
- };
- server 217.119.181.42 {
- keys {
- rndc-key;
- };
- };
- zone "nicolaspichot.fr" {
- type master;
- file "/var/named/nicolaspichot.fr.hosts";
- update-policy local;
- auto-dnssec maintain;
- key-directory "/var/named/keys/";
- allow-transfer { 213.251.188.140;87.98.164.164; 195.234.42.1;94.23.59.30; 193.223.78.42;217.119.181.42;91.121.63.179;94.23.60.214;94.23.59.30; };
- };
- zone "ks37777.kimsufi.com" {
- type slave;
- file "/var/named/slaves/ks37777.kimsufi.com.hosts";
- masters {
- 91.121.7.86;
- 127.0.0.1;
- };
- allow-transfer {
- 94.23.59.30;
- 195.234.42.1;
- 87.98.164.164;
- 88.191.64.64;
- 193.223.78.42;
- 217.119.181.42;
- 91.121.63.179;
- 94.23.60.214;
- };
- };
- // Provide a reverse mapping for the loopback address 127.0.0.1
- zone "8.e.a.b.2.6.7.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.2.ip6.arpa"{
- type master;
- file "/var/named/6.5.7.0.9.7.B.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.2.IP6.ARPA.hosts";
- allow-transfer {
- 2a01:e0b:1:64:240:63ff:fee8:6155;
- 94.23.59.30;
- 195.234.42.1;
- 87.98.164.164;
- 88.191.64.64;
- 193.223.78.42;
- 87.98.186.232;
- 217.119.181.42;
- 91.121.63.179;
- 94.23.60.214;
- };
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement