forked from evolix/ansible-roles
Big review of role Bind, sync with https://wiki.evolix.org/HowtoBind
This commit is contained in:
parent
bbb0e579a6
commit
3b78613b2e
|
@ -9,3 +9,5 @@ Minimal configuration is in `tasks/main.yml`
|
||||||
## Available variables
|
## Available variables
|
||||||
|
|
||||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
||||||
|
|
||||||
|
waening : sync chroot-bind.sh
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
---
|
---
|
||||||
|
bind_recursive_server: False
|
||||||
|
bind_authoritative_server: True
|
||||||
|
bind_chroot_set: True
|
||||||
|
bind_chroot_path: /var/chroot-bind
|
||||||
bind_systemd_service_path: /etc/systemd/system/bind9.service
|
bind_systemd_service_path: /etc/systemd/system/bind9.service
|
||||||
bind_chroot_root: /var/chroot-bind
|
|
||||||
bind_statistics_file: /var/run/named.stats
|
bind_statistics_file: /var/run/named.stats
|
||||||
bind_log_file: /var/log/bind.log
|
bind_log_file: /var/log/bind.log
|
||||||
bind_query_file: /var/log/query.log
|
bind_query_file: /var/log/bind_queries.log
|
||||||
|
|
76
bind/files/chroot-bind.sh
Normal file
76
bind/files/chroot-bind.sh
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Gregory Colpart <reg@debian.org>
|
||||||
|
# chroot (or re-chroot) script for bind9
|
||||||
|
|
||||||
|
# tested on Debian Wheezy/Jessie/Stretch
|
||||||
|
# Exec this script after `(apt-get|aptitude|apt) install bind9`
|
||||||
|
# and after *each* bind9 upgrade
|
||||||
|
|
||||||
|
# When the script is finished, ensure you have
|
||||||
|
# 'OPTIONS="-u bind -t /var/chroot-bind"' in /etc/default/bind9
|
||||||
|
# and /etc/init.d/bind9 (re)start
|
||||||
|
#
|
||||||
|
# for Jessie/systemd only:
|
||||||
|
# cp -a /lib/systemd/system/bind9.service /etc/systemd/system/
|
||||||
|
# and modify section [Service] to have :
|
||||||
|
# EnvironmentFile=-/etc/default/bind9
|
||||||
|
# ExecStart=/usr/sbin/named -f $OPTIONS
|
||||||
|
|
||||||
|
# essential dirs
|
||||||
|
mkdir -p /var/chroot-bind
|
||||||
|
mkdir -p /var/chroot-bind/bin /var/chroot-bind/dev /var/chroot-bind/etc \
|
||||||
|
/var/chroot-bind/lib /var/chroot-bind/usr/lib \
|
||||||
|
/var/chroot-bind/usr/sbin /var/chroot-bind/var/cache/bind \
|
||||||
|
/var/chroot-bind/var/log /var/chroot-bind/var/run/named/ \
|
||||||
|
/var/chroot-bind/run/named/
|
||||||
|
|
||||||
|
# for conf
|
||||||
|
if [ ! -h "/etc/bind" ]; then
|
||||||
|
mv /etc/bind/ /var/chroot-bind/etc/
|
||||||
|
ln -s /var/chroot-bind/etc/bind/ /etc/bind
|
||||||
|
fi
|
||||||
|
|
||||||
|
# for logs
|
||||||
|
touch /var/chroot-bind/var/log/bind.log
|
||||||
|
if [ ! -h "/var/log/bind.log" ]; then
|
||||||
|
ln -s /var/chroot-bind/var/log/bind.log /var/log/bind.log
|
||||||
|
fi
|
||||||
|
|
||||||
|
# for pid
|
||||||
|
if [ -f "/var/run/named/named.pid" ]; then
|
||||||
|
cat /var/run/named/named.pid > /var/chroot-bind/var/run/named/named.pid
|
||||||
|
rm -f /var/run/named/named.pid
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -e "/var/chroot-bind/dev/random" ]; then
|
||||||
|
mknod /var/chroot-bind/dev/random c 1 8
|
||||||
|
chmod 666 /var/chroot-bind/dev/random
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -e "/var/chroot-bind/dev/urandom" ]; then
|
||||||
|
mknod /var/chroot-bind/dev/urandom c 1 9
|
||||||
|
chmod 666 /var/chroot-bind/dev/urandom
|
||||||
|
fi
|
||||||
|
|
||||||
|
# essential dev (hum, null is required ??)
|
||||||
|
#mknod /var/chroot-bind/dev/null c 1 3
|
||||||
|
#chmod 666 /var/chroot-bind/dev/{null,random}
|
||||||
|
|
||||||
|
# essential libs
|
||||||
|
for i in `ldd $(which named) | grep -v linux-vdso.so.1 | cut -d">" -f2 | cut -d"(" -f1` \
|
||||||
|
/usr/lib/x86_64-linux-gnu/openssl-1.0.*/engines/libgost.so ; do
|
||||||
|
install -D $i /var/chroot-bind/${i##/}
|
||||||
|
done
|
||||||
|
|
||||||
|
# essential (hum, bash is required ??)
|
||||||
|
#cp /bin/bash /var/chroot-bind/bin/
|
||||||
|
cp /usr/sbin/named /var/chroot-bind/usr/sbin/
|
||||||
|
|
||||||
|
# minimal passwd & group file (hum, is required ??)
|
||||||
|
#grep "bind\|root" /etc/passwd > /var/chroot-bind/etc/passwd
|
||||||
|
#grep "bind\|root" /etc/group > /var/chroot-bind/etc/group
|
||||||
|
|
||||||
|
# just bind
|
||||||
|
chown -R bind.bind /var/chroot-bind/
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
---
|
---
|
||||||
|
- name: reload systemd
|
||||||
|
command: systemctl daemon-reload
|
||||||
|
|
||||||
- name: restart bind
|
- name: restart bind
|
||||||
service:
|
service:
|
||||||
name: bind9
|
name: bind9
|
||||||
|
@ -9,4 +12,3 @@
|
||||||
name: munin-node
|
name: munin-node
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,24 +1,40 @@
|
||||||
- name: Ensure bind9 installed
|
- name: package are installed
|
||||||
apt:
|
apt:
|
||||||
name: bind9
|
name: '{{ item }}'
|
||||||
state: present
|
state: present
|
||||||
|
with_items:
|
||||||
|
- bind9
|
||||||
|
- dnstop
|
||||||
|
|
||||||
- name: Set bind configuration
|
- name: Set bind configuration for recursive server
|
||||||
template:
|
template:
|
||||||
src: named.conf.options.j2
|
src: named.conf.options_recursive.j2
|
||||||
dest: /etc/bind/named.conf.options
|
dest: /etc/bind/named.conf.options
|
||||||
owner: bind
|
owner: bind
|
||||||
group: bind
|
group: bind
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
|
when: bind_recursive_server
|
||||||
|
|
||||||
- name: Modify OPTIONS in /etc/default/bind9
|
- name: enable zones.rfc1918 for recursive server
|
||||||
replace:
|
lineinfile:
|
||||||
dest: /etc/default/bind9
|
dest: /etc/bind/named.conf.local
|
||||||
regexp: '^OPTIONS=.*'
|
line: 'include "/etc/bind/zones.rfc1918";'
|
||||||
replace: 'OPTIONS="-u bind -t {{ bind_chroot_root }}"'
|
regexp: "zones.rfc1918"
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
|
when: bind_recursive_server
|
||||||
|
|
||||||
|
- name: Set bind configuration for authoritative server
|
||||||
|
template:
|
||||||
|
src: named.conf.options_authoritative.j2
|
||||||
|
dest: /etc/bind/named.conf.options
|
||||||
|
owner: bind
|
||||||
|
group: bind
|
||||||
|
mode: "0644"
|
||||||
|
force: yes
|
||||||
|
notify: restart bind
|
||||||
|
when: bind_authoritative_server
|
||||||
|
|
||||||
- name: Create systemd service
|
- name: Create systemd service
|
||||||
template:
|
template:
|
||||||
|
@ -28,174 +44,78 @@
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart bind
|
notify:
|
||||||
|
- reload systemd
|
||||||
|
- restart bind
|
||||||
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
- name: Create directories
|
- name: touch /var/log/bind.log if non chroot
|
||||||
file:
|
file:
|
||||||
path: "{{ bind_chroot_root }}/{{ item }}"
|
path: /var/log/bind.log
|
||||||
state: directory
|
|
||||||
owner: bind
|
owner: bind
|
||||||
group: bind
|
group: adm
|
||||||
mode: "0700"
|
|
||||||
recurse: no
|
|
||||||
with_items:
|
|
||||||
- bin
|
|
||||||
- dev
|
|
||||||
- etc
|
|
||||||
- lib
|
|
||||||
- usr/lib
|
|
||||||
- usr/sbin
|
|
||||||
- var/cache/bind
|
|
||||||
- var/log
|
|
||||||
- var/run/bind/run
|
|
||||||
register: create_bind_dir
|
|
||||||
notify: restart bind
|
|
||||||
|
|
||||||
- name: Stat /etc/bind
|
|
||||||
stat:
|
|
||||||
path: "/etc/bind"
|
|
||||||
check_mode: no
|
|
||||||
register: etc_bind
|
|
||||||
|
|
||||||
- name: Move /etc/bind in chroot
|
|
||||||
command: "mv /etc/bind/ {{ bind_chroot_root }}/etc/"
|
|
||||||
when: etc_bind.stat.exists and not etc_bind.stat.islnk
|
|
||||||
notify: restart bind
|
|
||||||
|
|
||||||
- name: Create symlink
|
|
||||||
file:
|
|
||||||
src: "{{ bind_chroot_root }}/etc/bind"
|
|
||||||
dest: "/etc/bind"
|
|
||||||
state: link
|
|
||||||
notify: restart bind
|
|
||||||
|
|
||||||
- name: is there a log file?
|
|
||||||
stat:
|
|
||||||
path: "{{ bind_chroot_root }}/var/log/bind.log"
|
|
||||||
register: bind_log
|
|
||||||
|
|
||||||
- name: create log file
|
|
||||||
file:
|
|
||||||
path: "{{ bind_chroot_root }}/var/log/bind.log"
|
|
||||||
state: touch
|
|
||||||
when: not bind_log.stat.exists
|
|
||||||
|
|
||||||
- name: verify log file permissions
|
|
||||||
file:
|
|
||||||
path: "{{ bind_chroot_root }}/var/log/bind.log"
|
|
||||||
owner: bind
|
|
||||||
group: bind
|
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
state: file
|
state: touch
|
||||||
|
when: bind_chroot_set == False
|
||||||
|
|
||||||
- name: Create log symlink
|
- name: touch /var/log/bind_queries.log if non chroot
|
||||||
file:
|
file:
|
||||||
src: "{{ bind_chroot_root }}/var/log/bind.log"
|
path: /var/log/bind_queries.log
|
||||||
dest: "/var/log/bind.log"
|
|
||||||
state: link
|
|
||||||
notify: restart bind
|
|
||||||
|
|
||||||
- name: Create run directory
|
|
||||||
file:
|
|
||||||
path: "/var/run/bind/run"
|
|
||||||
state: directory
|
|
||||||
owner: root
|
|
||||||
group: bind
|
|
||||||
mode: "0770"
|
|
||||||
recurse: yes
|
|
||||||
notify: restart bind
|
|
||||||
|
|
||||||
- name: "Stat var/run/bind/run/named in chroot"
|
|
||||||
stat:
|
|
||||||
path: "{{ bind_chroot_root }}/var/run/bind/run/named"
|
|
||||||
check_mode: no
|
|
||||||
register: named_run
|
|
||||||
|
|
||||||
- name: "Clean var/run/bind/run/named in chroot"
|
|
||||||
file:
|
|
||||||
path: "{{ bind_chroot_root }}/var/run/bind/run/named"
|
|
||||||
state: absent
|
|
||||||
when: named_run.stat.exists and named_run.stat.isdir
|
|
||||||
|
|
||||||
- name: Clean /var/run/bind/run/named.pid
|
|
||||||
file:
|
|
||||||
path: "/var/run/bind/run/named.pid"
|
|
||||||
state: absent
|
|
||||||
when: named_run.stat.exists and named_run.stat.isdir
|
|
||||||
|
|
||||||
- name: Stat /var/run/bind/run/named.pid
|
|
||||||
stat:
|
|
||||||
path: "/var/run/bind/run/named.pid"
|
|
||||||
check_mode: no
|
|
||||||
register: named_pid
|
|
||||||
|
|
||||||
- name: Cat pid content
|
|
||||||
command: "cat /var/run/bind/run/named.pid > {{ bind_chroot_root }}/var/run/bind/run/named.pid"
|
|
||||||
when: named_pid.stat.exists and named_pid.stat.isreg and not named_pid.stat.islnk
|
|
||||||
|
|
||||||
- name: Clean /var/run/bind/run/named.pid
|
|
||||||
file:
|
|
||||||
path: "/var/run/bind/run/named.pid"
|
|
||||||
state: absent
|
|
||||||
when: named_pid.stat.exists and named_pid.stat.isreg and not named_pid.stat.islnk
|
|
||||||
|
|
||||||
- name: Clean /var/run/bind/run/named.pid
|
|
||||||
file:
|
|
||||||
path: "/var/run/bind/run/named.pid"
|
|
||||||
state: absent
|
|
||||||
when: named_pid.stat.exists and not named_pid.stat.islnk
|
|
||||||
|
|
||||||
- name: Create pid symlink in chroot
|
|
||||||
file:
|
|
||||||
src: "{{ bind_chroot_root }}/var/run/bind/run/named.pid"
|
|
||||||
dest: "/var/run/bind/run/named.pid"
|
|
||||||
state: link
|
|
||||||
when: named_pid.stat.exists and not named_pid.stat.islnk
|
|
||||||
notify: restart bind
|
|
||||||
|
|
||||||
- name: "Stat dev/random in chroot"
|
|
||||||
stat:
|
|
||||||
path: "{{ bind_chroot_root }}/dev/random"
|
|
||||||
check_mode: no
|
|
||||||
register: named_random
|
|
||||||
|
|
||||||
- name: clean dev/random in chroot
|
|
||||||
shell: "mv {{ bind_chroot_root }}/dev/random {{ bind_chroot_root }}/dev/random.$(date +%s)"
|
|
||||||
when: named_random.stat.exists and not named_random.stat.ischr
|
|
||||||
|
|
||||||
- name: mknod dev/random in chroot
|
|
||||||
command: "mknod -m 666 {{ bind_chroot_root }}/dev/random c 1 3"
|
|
||||||
args:
|
|
||||||
creates: "{{ bind_chroot_root }}/dev/random"
|
|
||||||
notify: restart bind
|
|
||||||
|
|
||||||
- name: get essential libraries
|
|
||||||
shell: 'ldd $(which named) | grep -v linux-vdso.so.1 | cut -d">" -f2 | cut -d"(" -f1 | grep -oE "\S+"'
|
|
||||||
register: bind_ldd
|
|
||||||
check_mode: no
|
|
||||||
changed_when: False
|
|
||||||
|
|
||||||
- name: copy essential libs
|
|
||||||
command: "install -D {{ item }} {{ bind_chroot_root }}{{ item }}"
|
|
||||||
args:
|
|
||||||
creates: "{{ bind_chroot_root }}{{ item }}"
|
|
||||||
with_items:
|
|
||||||
- "{{ bind_ldd.stdout_lines }}"
|
|
||||||
- /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so
|
|
||||||
register: install_libraries
|
|
||||||
notify: restart bind
|
|
||||||
|
|
||||||
- name: Copy bind
|
|
||||||
copy:
|
|
||||||
src: /usr/sbin/named
|
|
||||||
dest: "{{ bind_chroot_root }}/usr/sbin/"
|
|
||||||
remote_src: True
|
|
||||||
notify: restart bind
|
|
||||||
|
|
||||||
- name: Set the good rights
|
|
||||||
file:
|
|
||||||
path: "{{ bind_chroot_root }}"
|
|
||||||
owner: bind
|
owner: bind
|
||||||
group: bind
|
group: adm
|
||||||
recurse: yes
|
mode: "0640"
|
||||||
|
state: touch
|
||||||
|
when: bind_authoritative_server and bind_chroot_set == False
|
||||||
|
|
||||||
|
- name: send chroot-bind.sh in /root
|
||||||
|
copy:
|
||||||
|
src: chroot-bind.sh
|
||||||
|
dest: /root/chroot-bind.sh
|
||||||
|
mode: "0700"
|
||||||
|
owner: root
|
||||||
|
force: yes
|
||||||
|
backup: yes
|
||||||
|
when: bind_chroot_set
|
||||||
|
|
||||||
|
- name: exec chroot-bind.sh
|
||||||
|
command: "/root/chroot-bind.sh"
|
||||||
|
register: chrootbind_run
|
||||||
|
changed_when: False
|
||||||
|
check_mode: no
|
||||||
|
when: bind_chroot_set
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: chrootbind_run.stdout_lines
|
||||||
|
when: bind_chroot_set and chrootbind_run.stdout != ""
|
||||||
|
|
||||||
|
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
||||||
|
replace:
|
||||||
|
dest: /etc/default/bind9
|
||||||
|
regexp: '^OPTIONS=.*'
|
||||||
|
replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
|
when: bind_chroot_set
|
||||||
|
|
||||||
|
- name: logrotate for non chroot bind
|
||||||
|
template:
|
||||||
|
src: logrotate_bind
|
||||||
|
dest: /etc/logrotate.d/bind
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
force: yes
|
||||||
|
notify: restart bind
|
||||||
|
when: bind_chroot_set == False
|
||||||
|
|
||||||
|
- name: logrotate for chroot bind
|
||||||
|
template:
|
||||||
|
src: logrotate_bind_chroot.j2
|
||||||
|
dest: /etc/logrotate.d/bind
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
force: yes
|
||||||
|
notify: restart bind
|
||||||
|
when: bind_chroot_set
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
tags:
|
tags:
|
||||||
- bind
|
- bind
|
||||||
- munin
|
- munin
|
||||||
|
when: bind_authoritative_server
|
||||||
|
|
||||||
- name: Enable munin plugins
|
- name: Enable munin plugins
|
||||||
file:
|
file:
|
||||||
|
@ -17,22 +18,22 @@
|
||||||
with_items:
|
with_items:
|
||||||
- bind9
|
- bind9
|
||||||
- bind9_rndc
|
- bind9_rndc
|
||||||
notify: restart munin
|
notify: restart munin-node
|
||||||
when: munin_node_plugins_config.stat.exists
|
when: bind_authoritative_server and munin_node_plugins_config.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- bind
|
- bind
|
||||||
- munin
|
- munin
|
||||||
|
|
||||||
- name: Add munin plugin configuration
|
- name: Add munin plugin configuration
|
||||||
template:
|
template:
|
||||||
src: bind9.j2
|
src: munin-env_bind9.j2
|
||||||
dest: /etc/munin/plugin-conf.d/bind9
|
dest: /etc/munin/plugin-conf.d/bind9
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart munin
|
notify: restart munin-node
|
||||||
when: munin_node_plugins_config.stat.exists
|
when: bind_authoritative_server and munin_node_plugins_config.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- bind
|
- bind
|
||||||
- munin
|
- munin
|
||||||
|
|
|
@ -1,5 +1,3 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=BIND Domain Name Server
|
Description=BIND Domain Name Server
|
||||||
Documentation=man:named(8)
|
Documentation=man:named(8)
|
||||||
|
|
10
bind/templates/logrotate_bind
Normal file
10
bind/templates/logrotate_bind
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
/var/log/bind.log {
|
||||||
|
weekly
|
||||||
|
missingok
|
||||||
|
rotate 8
|
||||||
|
create 640 bind bind
|
||||||
|
sharedscripts
|
||||||
|
postrotate
|
||||||
|
rndc reload > /dev/null
|
||||||
|
endscript
|
||||||
|
}
|
10
bind/templates/logrotate_bind_chroot.j2
Normal file
10
bind/templates/logrotate_bind_chroot.j2
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{{ bind_chroot_path }}/var/log/bind.log {
|
||||||
|
weekly
|
||||||
|
missingok
|
||||||
|
rotate 52
|
||||||
|
create 640 bind bind
|
||||||
|
sharedscripts
|
||||||
|
postrotate
|
||||||
|
rndc reload > /dev/null
|
||||||
|
endscript
|
||||||
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
[bind*]
|
[bind*]
|
||||||
user root
|
user root
|
||||||
env.logfile {{ bind_query_file }}
|
env.logfile {{ bind_query_file }}
|
||||||
env.querystats {{ bind_chroot_root }}{{ bind_statistics_file }}
|
env.querystats {{ bind_chroot_path }}{{ bind_statistics_file }}
|
||||||
env.MUNIN_PLUGSTATE /var/lib/munin
|
env.MUNIN_PLUGSTATE /var/lib/munin
|
||||||
timeout 120
|
timeout 120
|
|
@ -1,58 +0,0 @@
|
||||||
// {{ ansible_managed }}
|
|
||||||
|
|
||||||
options {
|
|
||||||
directory "/var/cache/bind";
|
|
||||||
|
|
||||||
// If there is a firewall between you and nameservers you want
|
|
||||||
// to talk to, you may need to fix the firewall to allow multiple
|
|
||||||
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
|
|
||||||
|
|
||||||
// If your ISP provided one or more IP addresses for stable
|
|
||||||
// nameservers, you probably want to use them as forwarders.
|
|
||||||
// Uncomment the following block, and insert the addresses replacing
|
|
||||||
// the all-0's placeholder.
|
|
||||||
|
|
||||||
// forwarders {
|
|
||||||
// 0.0.0.0;
|
|
||||||
// };
|
|
||||||
|
|
||||||
version "Bingo";
|
|
||||||
|
|
||||||
auth-nxdomain no; # conform to RFC1035
|
|
||||||
//listen-on-v6 { ::1; };
|
|
||||||
//listen-on { 127.0.0.1; };
|
|
||||||
|
|
||||||
allow-query { localhost;};
|
|
||||||
allow-transfer { localhost; };
|
|
||||||
allow-recursion { localhost; };
|
|
||||||
|
|
||||||
statistics-file "/var/run/named.stats";
|
|
||||||
};
|
|
||||||
|
|
||||||
logging {
|
|
||||||
//category default { default_syslog; default_debug; };
|
|
||||||
category default { default_debug; };
|
|
||||||
|
|
||||||
channel default_syslog {
|
|
||||||
syslog daemon;
|
|
||||||
severity info;
|
|
||||||
};
|
|
||||||
|
|
||||||
channel default_debug {
|
|
||||||
file "/var/log/bind.log";
|
|
||||||
severity debug;
|
|
||||||
};
|
|
||||||
channel query {
|
|
||||||
file "/var/log/query.log" versions 2 size 1m;
|
|
||||||
print-time yes;
|
|
||||||
severity info;
|
|
||||||
};
|
|
||||||
category queries { query; };
|
|
||||||
};
|
|
||||||
|
|
||||||
//key "external" {
|
|
||||||
// algorithm hmac-md5;
|
|
||||||
// secret "UOQfHEoBzBSC6sD4mwfxLw==";
|
|
||||||
//};
|
|
||||||
//
|
|
||||||
//server 85.118.59.1 { keys external; };
|
|
35
bind/templates/named.conf.options_authoritative.j2
Normal file
35
bind/templates/named.conf.options_authoritative.j2
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
acl "foo" {
|
||||||
|
::ffff:192.0.2.21; 192.0.2.21;
|
||||||
|
2001:db8::21;
|
||||||
|
};
|
||||||
|
|
||||||
|
options {
|
||||||
|
directory "/var/cache/bind";
|
||||||
|
version "Bingo";
|
||||||
|
auth-nxdomain no;
|
||||||
|
masterfile-format text;
|
||||||
|
statistics-file "/var/run/named.stats";
|
||||||
|
|
||||||
|
listen-on-v6 { any; };
|
||||||
|
listen-on { any; };
|
||||||
|
|
||||||
|
allow-query { localhost; };
|
||||||
|
allow-recursion { localhost; };
|
||||||
|
allow-transfer { localhost; };
|
||||||
|
};
|
||||||
|
|
||||||
|
logging {
|
||||||
|
category default { default_file; };
|
||||||
|
category queries { query_logging; };
|
||||||
|
|
||||||
|
channel default_file {
|
||||||
|
file "/var/log/bind.log";
|
||||||
|
severity info;
|
||||||
|
};
|
||||||
|
channel query_logging {
|
||||||
|
file "/var/log/bind_queries.log" versions 2 size 128M;
|
||||||
|
print-category yes;
|
||||||
|
print-severity yes;
|
||||||
|
print-time yes;
|
||||||
|
};
|
||||||
|
};
|
16
bind/templates/named.conf.options_recursive.j2
Normal file
16
bind/templates/named.conf.options_recursive.j2
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
options {
|
||||||
|
directory "/var/cache/bind";
|
||||||
|
version "Bingo";
|
||||||
|
auth-nxdomain no;
|
||||||
|
listen-on-v6 { ::1; };
|
||||||
|
listen-on { 127.0.0.1; };
|
||||||
|
allow-recursion { ::1; 127.0.0.1; };
|
||||||
|
};
|
||||||
|
|
||||||
|
logging {
|
||||||
|
category default { default_file; };
|
||||||
|
channel default_file {
|
||||||
|
file "/var/log/bind.log";
|
||||||
|
severity info;
|
||||||
|
};
|
||||||
|
};
|
Loading…
Reference in a new issue