critisise me ;-)
Tom
klout at gmx.net
Sun Dec 1 15:46:57 UTC 2002
hello all,
after reading the dns and bind book, some rfcs and the bind admin
manual (which btw every newbie should do) i was ready to set up my first bind (9.2.1 on rh8.0).
i configured it as a slave for two other primaries and it runs in a chroot jail.
it works like a charm :-) here's the named.conf. i'd like to know from you pros what
could/should i've done differently or better. specially the logging is intersting to me.
TIA,
Thomas Kaschuba
options {
directory "/chroot/named/etc/namedb";
cleaning-interval 120;
allow-recursion { trusted; };
blackhole { devnulled; };
interface-interval 0;
allow-transfer { transhosts; };
allow-query { trusted; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
logging {
channel namedlog {
file "/chroot/named/etc/named-log" versions 4 size 10m;
print-time yes;
severity info;
};
category lame-servers { namedlog; };
category default { namedlog; };
category update { namedlog; };
category security { namedlog; };
};
acl "trusted" {
localhost;
x.x.x.x/24;
x.x.x.x/24;
x.x.x.x/24;
x.x.x.x;
};
acl "devnulled" {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
192.0.2.0/24;
224.0.0.0/3;
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
x.x.x.x/24;
x.x.x.x/24;
};
acl "transhosts" {
localhost;
x.x.x.x/24;
x.x.x.x/24;
x.x.x.x/24;
x.x.x.x;
};
zone "." IN {
type hint;
file "hints.db";
};
zone "localhost" IN {
type master;
file "/chroot/named/etc/namedb/localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "/chroot/named/etc/namedb/named.local";
allow-update { none; };
};
include "/etc/rndc.key";
include "/chroot/named/etc/namedb/dns-zones";
More information about the bind-users
mailing list