API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 31st, 2020
194
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.19 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. Sample named.conf BIND DNS server 'named' configuration file
  3. for the Red Hat BIND distribution.
  4.  
  5. See the BIND Administrator's Reference Manual (ARM) for details about the
  6. configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
  7. */
  8.  
  9. options
  10. {
  11. // Put files that named is allowed to write in the data/ directory:
  12. directory "/var/named"; // "Working" directory
  13. dump-file "data/cache_dump.db";
  14. statistics-file "data/named_stats.txt";
  15. memstatistics-file "data/named_mem_stats.txt";
  16. recursing-file "data/named.recursing";
  17. secroots-file "data/named.secroots";
  18.  
  19.  
  20. /*
  21. Specify listenning interfaces. You can use list of addresses (';' is
  22. delimiter) or keywords "any"/"none"
  23. */
  24. //listen-on port 53 { any; };
  25. listen-on port 53 { any; };
  26.  
  27. //listen-on-v6 port 53 { any; };
  28. listen-on-v6 port 53 { ::1; };
  29.  
  30. /*
  31. Access restrictions
  32.  
  33. There are two important options:
  34. allow-query { argument; };
  35. - allow queries for authoritative data
  36.  
  37. allow-query-cache { argument; };
  38. - allow queries for non-authoritative data (mostly cached data)
  39.  
  40. You can use address, network address or keywords "any"/"localhost"/"none" as argument
  41. Examples:
  42. allow-query { any; };
  43. allow-query-cache { ::1; fe80::5c63:a8ff:fe2f:4526; 10.0.0.1; 172.29.253.0/24; };
  44. */
  45.  
  46. allow-query { any; };
  47. allow-query-cache { any; };
  48.  
  49. /* Enable/disable recursion - recursion yes/no;
  50.  
  51. - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
  52. - If you are building a RECURSIVE (caching) DNS server, you need to enable
  53. recursion.
  54. - If your recursive DNS server has a public IP address, you MUST enable access
  55. control to limit queries to your legitimate users. Failing to do so will
  56. cause your server to become part of large scale DNS amplification
  57. attacks. Implementing BCP38 within your network would greatly
  58. reduce such attack surface
  59. */
  60. recursion yes;
  61.  
  62. /* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
  63.  
  64. /* Enable serving of DNSSEC related data - enable on both authoritative
  65. and recursive servers DNSSEC aware servers */
  66. dnssec-enable yes;
  67.  
  68. /* Enable DNSSEC validation on recursive servers */
  69. dnssec-validation yes;
  70.  
  71. /* In RHEL-7 we use /run/named instead of default /var/run/named
  72. so we have to configure paths properly. */
  73. pid-file "/run/named/named.pid";
  74. session-keyfile "/run/named/session.key";
  75.  
  76. managed-keys-directory "/var/named/dynamic";
  77. };
  78.  
  79. logging
  80. {
  81. /* If you want to enable debugging, eg. using the 'rndc trace' command,
  82. * named will try to write the 'named.run' file in the $directory (/var/named).
  83. * By default, SELinux policy does not allow named to modify the /var/named directory,
  84. * so put the default debug log file in data/ :
  85. */
  86. channel default_debug {
  87. file "data/named.run";
  88. severity dynamic;
  89. };
  90. };
  91.  
  92. /*
  93. Views let a name server answer a DNS query differently depending on who is asking.
  94.  
  95. By default, if named.conf contains no "view" clauses, all zones are in the
  96. "default" view, which matches all clients.
  97.  
  98. Views are processed sequentially. The first match is used so the last view should
  99. match "any" - it's fallback and the most restricted view.
  100.  
  101. If named.conf contains any "view" clause, then all zones MUST be in a view.
  102. */
  103.  
  104. view "localhost_resolver"
  105. {
  106. /* This view sets up named to be a localhost resolver ( caching only nameserver ).
  107. * If all you want is a caching-only nameserver, then you need only define this view:
  108. */
  109. match-clients { localhost; };
  110. recursion yes;
  111.  
  112. # all views must contain the root hints zone:
  113. zone "." IN {
  114. type hint;
  115. file "/var/named/named.ca";
  116. };
  117.  
  118. /* these are zones that contain definitions for all the localhost
  119. * names and addresses, as recommended in RFC1912 - these names should
  120. * not leak to the other nameservers:
  121. */
  122. include "/etc/named.rfc1912.zones";
  123. };
  124. view "internal"
  125. {
  126. /* This view will contain zones you want to serve only to "internal" clients
  127. that connect via your directly attached LAN interfaces - "localnets" .
  128. */
  129. match-clients { localnets; };
  130. recursion yes;
  131.  
  132. zone "." IN {
  133. type hint;
  134. file "/var/named/named.ca";
  135. };
  136.  
  137. /* these are zones that contain definitions for all the localhost
  138. * names and addresses, as recommended in RFC1912 - these names should
  139. * not leak to the other nameservers:
  140. */
  141. include "/etc/named.rfc1912.zones";
  142.  
  143. // These are your "authoritative" internal zones, and would probably
  144. // also be included in the "localhost_resolver" view above :
  145.  
  146. /*
  147. NOTE for dynamic DNS zones and secondary zones:
  148.  
  149. DO NOT USE SAME FILES IN MULTIPLE VIEWS!
  150.  
  151. If you are using views and DDNS/secondary zones it is strongly
  152. recommended to read FAQ on ISC site (www.isc.org), section
  153. "Configuration and Setup Questions", questions
  154. "How do I share a dynamic zone between multiple views?" and
  155. "How can I make a server a slave for both an internal and an external
  156. view at the same time?"
  157. */
  158.  
  159. zone "local.skiloisir4.test" {
  160. type master;
  161. file "local.skiloisir4.test";
  162. };
  163. };
  164. key ddns_key
  165. {
  166. algorithm hmac-md5;
  167. secret "H1Pl33tksEAXbEHq9rEfsVqxS7cCm8ie2W2Aa6UYTIGEGtXuhVFRGaIkjd6B";
  168. };
  169.  
  170. view "external"
  171. {
  172. /* This view will contain zones you want to serve only to "external" clients
  173. * that have addresses that are not match any above view:
  174. */
  175. match-clients { any; };
  176.  
  177. zone "." IN {
  178. type hint;
  179. file "/var/named/named.ca";
  180. };
  181.  
  182. recursion no;
  183. // you'd probably want to deny recursion to external clients, so you don't
  184. // end up providing free DNS service to all takers
  185.  
  186. // These are your "authoritative" external zones, and would probably
  187. // contain entries for just your web and mail servers:
  188.  
  189. zone "skiloisir4.test" {
  190. type master;
  191. file "skiloisir4.test";
  192. };
  193. };
  194.  
  195. /* Trusted keys
  196.  
  197. This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
  198. have to configure at least one trusted key.
  199.  
  200. Note that no key written below is valid. Especially root key because root zone
  201. is not signed yet.
  202. */
  203. /*
  204. trusted-keys {
  205. // Root Key
  206. "." 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwSJxrGkxJWoZu6I7PzJu/
  207. E9gx4UC1zGAHlXKdE4zYIpRhaBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3
  208. zy2Xy4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYghf+6fElrmLkdaz
  209. MQ2OCnACR817DF4BBa7UR/beDHyp5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M
  210. /lUUVRbkeg1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq66gKodQj+M
  211. iA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ97S+LKUTpQcq27R7AT3/V5hRQxScI
  212. Nqwcz4jYqZD2fQdgxbcDTClU0CRBdiieyLMNzXG3";
  213.  
  214. // Key for forward zone
  215. example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe
  216. 3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb4JKUbb
  217. OTcM8pwXlj0EiX3oDFVmjHO444gLkBO UKUf/mC7HvfwYH/Be22GnC
  218. lrinKJp1Og4ywzO9WglMk7jbfW33gUKvirTHr25GL7STQUzBb5Usxt
  219. 8lgnyTUHs1t3JwCY5hKZ6CqFxmAVZP20igTixin/1LcrgX/KMEGd/b
  220. iuvF4qJCyduieHukuY3H4XMAcR+xia2 nIUPvm/oyWR8BW/hWdzOvn
  221. SCThlHf3xiYleDbt/o1OTQ09A0=";
  222.  
  223. // Key for reverse zone.
  224. 2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwcxOdNax071L18QqZnQQQA
  225. VVr+iLhGTnNGp3HoWQLUIzKrJVZ3zggy3WwNT6kZo6c0
  226. tszYqbtvchmgQC8CzKojM/W16i6MG/ea fGU3siaOdS0
  227. yOI6BgPsw+YZdzlYMaIJGf4M4dyoKIhzdZyQ2bYQrjyQ
  228. 4LB0lC7aOnsMyYKHHYeRv PxjIQXmdqgOJGq+vsevG06
  229. zW+1xgYJh9rCIfnm1GX/KMgxLPG2vXTD/RnLX+D3T3UL
  230. 7HJYHJhAZD5L59VvjSPsZJHeDCUyWYrvPZesZDIRvhDD
  231. 52SKvbheeTJUm6EhkzytNN2SN96QRk8j/iI8ib";
  232. };
  233. */
  234. RAW Paste Data
  235. /*
  236. Sample named.conf BIND DNS server 'named' configuration file
  237. for the Red Hat BIND distribution.
  238.  
  239. See the BIND Administrator's Reference Manual (ARM) for details about the
  240. configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
  241. */
  242.  
  243. options
  244. {
  245. // Put files that named is allowed to write in the data/ directory:
  246. directory "/var/named"; // "Working" directory
  247. dump-file "data/cache_dump.db";
  248. statistics-file "data/named_stats.txt";
  249. memstatistics-file "data/named_mem_stats.txt";
  250. recursing-file "data/named.recursing";
  251. secroots-file "data/named.secroots";
  252.  
  253.  
  254. /*
  255. Specify listenning interfaces. You can use list of addresses (';' is
  256. delimiter) or keywords "any"/"none"
  257. */
  258. //listen-on port 53 { any; };
  259. listen-on port 53 { any; };
  260.  
  261. //listen-on-v6 port 53 { any; };
  262. listen-on-v6 port 53 { ::1; };
  263.  
  264. /*
  265. Access restrictions
  266.  
  267. There are two important options:
  268. allow-query { argument; };
  269. - allow queries for authoritative data
  270.  
  271. allow-query-cache { argument; };
  272. - allow queries for non-authoritative data (mostly cached data)
  273.  
  274. You can use address, network address or keywords "any"/"localhost"/"none" as argument
  275. Examples:
  276. allow-query { any; };
  277. allow-query-cache { ::1; fe80::5c63:a8ff:fe2f:4526; 10.0.0.1; 172.29.253.0/24; };
  278. */
  279.  
  280. allow-query { localhost; };
  281. allow-query-cache { localhost; };
  282.  
  283. /* Enable/disable recursion - recursion yes/no;
  284.  
  285. - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
  286. - If you are building a RECURSIVE (caching) DNS server, you need to enable
  287. recursion.
  288. - If your recursive DNS server has a public IP address, you MUST enable access
  289. control to limit queries to your legitimate users. Failing to do so will
  290. cause your server to become part of large scale DNS amplification
  291. attacks. Implementing BCP38 within your network would greatly
  292. reduce such attack surface
  293. */
  294. recursion yes;
  295.  
  296. /* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
  297.  
  298. /* Enable serving of DNSSEC related data - enable on both authoritative
  299. and recursive servers DNSSEC aware servers */
  300. dnssec-enable yes;
  301.  
  302. /* Enable DNSSEC validation on recursive servers */
  303. dnssec-validation yes;
  304.  
  305. /* In RHEL-7 we use /run/named instead of default /var/run/named
  306. so we have to configure paths properly. */
  307. pid-file "/run/named/named.pid";
  308. session-keyfile "/run/named/session.key";
  309.  
  310. managed-keys-directory "/var/named/dynamic";
  311. };
  312.  
  313. logging
  314. {
  315. /* If you want to enable debugging, eg. using the 'rndc trace' command,
  316. * named will try to write the 'named.run' file in the $directory (/var/named).
  317. * By default, SELinux policy does not allow named to modify the /var/named directory,
  318. * so put the default debug log file in data/ :
  319. */
  320. channel default_debug {
  321. file "data/named.run";
  322. severity dynamic;
  323. };
  324. };
  325.  
  326. /*
  327. Views let a name server answer a DNS query differently depending on who is asking.
  328.  
  329. By default, if named.conf contains no "view" clauses, all zones are in the
  330. "default" view, which matches all clients.
  331.  
  332. Views are processed sequentially. The first match is used so the last view should
  333. match "any" - it's fallback and the most restricted view.
  334.  
  335. If named.conf contains any "view" clause, then all zones MUST be in a view.
  336. */
  337.  
  338. view "localhost_resolver"
  339. {
  340. /* This view sets up named to be a localhost resolver ( caching only nameserver ).
  341. * If all you want is a caching-only nameserver, then you need only define this view:
  342. */
  343. match-clients { localhost; };
  344. recursion yes;
  345.  
  346. # all views must contain the root hints zone:
  347. zone "." IN {
  348. type hint;
  349. file "/var/named/named.ca";
  350. };
  351.  
  352. /* these are zones that contain definitions for all the localhost
  353. * names and addresses, as recommended in RFC1912 - these names should
  354. * not leak to the other nameservers:
  355. */
  356. include "/etc/named.rfc1912.zones";
  357. };
  358. view "internal"
  359. {
  360. /* This view will contain zones you want to serve only to "internal" clients
  361. that connect via your directly attached LAN interfaces - "localnets" .
  362. */
  363. match-clients { localnets; };
  364. recursion yes;
  365.  
  366. zone "." IN {
  367. type hint;
  368. file "/var/named/named.ca";
  369. };
  370.  
  371. /* these are zones that contain definitions for all the localhost
  372. * names and addresses, as recommended in RFC1912 - these names should
  373. * not leak to the other nameservers:
  374. */
  375. include "/etc/named.rfc1912.zones";
  376.  
  377. // These are your "authoritative" internal zones, and would probably
  378. // also be included in the "localhost_resolver" view above :
  379.  
  380. /*
  381. NOTE for dynamic DNS zones and secondary zones:
  382.  
  383. DO NOT USE SAME FILES IN MULTIPLE VIEWS!
  384.  
  385. If you are using views and DDNS/secondary zones it is strongly
  386. recommended to read FAQ on ISC site (www.isc.org), section
  387. "Configuration and Setup Questions", questions
  388. "How do I share a dynamic zone between multiple views?" and
  389. "How can I make a server a slave for both an internal and an external
  390. view at the same time?"
  391. */
  392.  
  393. zone "local.skiloisir22.test" {
  394. type master;
  395. file "local.skiloisir22.test";
  396. };
  397. };
  398. key ddns_key
  399. {
  400. algorithm hmac-md5;
  401. secret "H1Pl33tksEAXbEHq9rEfsVqxS7cCm8ie2W2Aa6UYTIGEGtXuhVFRGaIkjd6B";
  402. };
  403.  
  404. view "external"
  405. {
  406. /* This view will contain zones you want to serve only to "external" clients
  407. * that have addresses that are not match any above view:
  408. */
  409. match-clients { any; };
  410.  
  411. zone "." IN {
  412. type hint;
  413. file "/var/named/named.ca";
  414. };
  415.  
  416. recursion no;
  417. // you'd probably want to deny recursion to external clients, so you don't
  418. // end up providing free DNS service to all takers
  419.  
  420. // These are your "authoritative" external zones, and would probably
  421. // contain entries for just your web and mail servers:
  422.  
  423. zone "skiloisir22.test" {
  424. type master;
  425. file "skiloisir22.test";
  426. };
  427. };
  428.  
  429. /* Trusted keys
  430.  
  431. This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
  432. have to configure at least one trusted key.
  433.  
  434. Note that no key written below is valid. Especially root key because root zone
  435. is not signed yet.
  436. */
  437. /*
  438. trusted-keys {
  439. // Root Key
  440. "." 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwSJxrGkxJWoZu6I7PzJu/
  441. E9gx4UC1zGAHlXKdE4zYIpRhaBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3
  442. zy2Xy4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYghf+6fElrmLkdaz
  443. MQ2OCnACR817DF4BBa7UR/beDHyp5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M
  444. /lUUVRbkeg1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq66gKodQj+M
  445. iA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ97S+LKUTpQcq27R7AT3/V5hRQxScI
  446. Nqwcz4jYqZD2fQdgxbcDTClU0CRBdiieyLMNzXG3";
  447.  
  448. // Key for forward zone
  449. example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe
  450. 3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb4JKUbb
  451. OTcM8pwXlj0EiX3oDFVmjHO444gLkBO UKUf/mC7HvfwYH/Be22GnC
  452. lrinKJp1Og4ywzO9WglMk7jbfW33gUKvirTHr25GL7STQUzBb5Usxt
  453. 8lgnyTUHs1t3JwCY5hKZ6CqFxmAVZP20igTixin/1LcrgX/KMEGd/b
  454. iuvF4qJCyduieHukuY3H4XMAcR+xia2 nIUPvm/oyWR8BW/hWdzOvn
  455. SCThlHf3xiYleDbt/o1OTQ09A0=";
  456.  
  457. // Key for reverse zone.
  458. 2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwcxOdNax071L18QqZnQQQA
  459. VVr+iLhGTnNGp3HoWQLUIzKrJVZ3zggy3WwNT6kZo6c0
  460. tszYqbtvchmgQC8CzKojM/W16i6MG/ea fGU3siaOdS0
  461. yOI6BgPsw+YZdzlYMaIJGf4M4dyoKIhzdZyQ2bYQrjyQ
  462. 4LB0lC7aOnsMyYKHHYeRv PxjIQXmdqgOJGq+vsevG06
  463. zW+1xgYJh9rCIfnm1GX/KMgxLPG2vXTD/RnLX+D3T3UL
  464. 7HJYHJhAZD5L59VvjSPsZJHeDCUyWYrvPZesZDIRvhDD
  465. 52SKvbheeTJUm6EhkzytNN2SN96QRk8j/iI8ib";
  466. };
  467. */
  468.  
  469. We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
  470. Not a member of Pastebin yet?
  471. Sign Up, it unlocks many cool features!
  472.  
  473. create new paste / dealsnew! / syntax languages / archive / faq / tools / night mode / api / scraping api
  474. privacy statement / cookies policy / terms of service / security disclosure / dmca / contact
  475.  
  476. By using Pastebin.com you agree to our cookies policy to enhance your experience.
  477. Site design & logo © 2020 Pastebin; user contributions (pastes) licensed under cc by-sa 3.0 Dedicated Server Hosting by Steadfast
  478. Top
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!