2022-02-21 20:41:31 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
bind9_acls:
|
|
|
|
- name: internalnets
|
|
|
|
permissions: []
|
|
|
|
# - "111.222.111.222"
|
|
|
|
|
2023-06-09 07:46:02 +00:00
|
|
|
bind9_controls: []
|
|
|
|
# - acls:
|
|
|
|
# - localhost
|
|
|
|
# inet: "127.0.0.1"
|
|
|
|
# port: "953"
|
|
|
|
# tsig_keys:
|
|
|
|
# - rndc
|
|
|
|
|
2022-02-21 20:41:31 +00:00
|
|
|
bind9_logging:
|
|
|
|
categories:
|
|
|
|
- name: "security"
|
|
|
|
channels:
|
|
|
|
- "security_file"
|
|
|
|
channels:
|
|
|
|
- name: "security_file"
|
2023-02-11 15:00:33 +00:00
|
|
|
file:
|
2022-02-21 20:41:31 +00:00
|
|
|
path: "/var/log/named/security.log"
|
|
|
|
options: "versions 3 size 30m"
|
|
|
|
severity: "dynamic"
|
|
|
|
print_times: "yes"
|
|
|
|
|
|
|
|
bind9_options:
|
|
|
|
allow_query: []
|
|
|
|
allow_query_on: []
|
|
|
|
allow_query_cache: []
|
|
|
|
allow_query_cache_on: []
|
|
|
|
allow_recursion:
|
|
|
|
- "localhost"
|
|
|
|
- "localnets"
|
|
|
|
- "internalnets"
|
|
|
|
allow_recursion_on: []
|
|
|
|
allow_transfer: []
|
|
|
|
allow_update: []
|
|
|
|
allow_update_forwarding: []
|
|
|
|
auth_nxdomain: false
|
|
|
|
blackhole: []
|
2024-05-22 18:22:17 +00:00
|
|
|
dnssec_accept_expired: false
|
|
|
|
dnssec_validation: "auto"
|
2022-02-21 20:41:31 +00:00
|
|
|
forwarders:
|
2023-01-09 16:54:49 +00:00
|
|
|
- ip: "8.8.8.8" # Google IPv4
|
|
|
|
port: "53"
|
|
|
|
- ip: "8.8.4.4" # Google IPv4
|
|
|
|
port: "53"
|
|
|
|
- ip: "2001:4860:4860::8888" # Google IPv6
|
|
|
|
port: "53"
|
|
|
|
- ip: "2001:4860:4860::8844" # Google IPv6
|
|
|
|
port: "53"
|
|
|
|
- ip: "208.67.222.222" # OpenDNS IPv4
|
|
|
|
port: "53"
|
|
|
|
- ip: "208.67.220.220" # OpenDNS IPv4
|
|
|
|
port: "53"
|
|
|
|
- ip: "2620:0:ccc::2" # OpenDNS IPv6
|
|
|
|
port: "53"
|
|
|
|
- ip: "2620:0:ccd::2" # OpenDNS IPv6
|
|
|
|
port: "53"
|
2022-02-21 20:41:31 +00:00
|
|
|
interface_interval: 0
|
2024-05-22 18:22:17 +00:00
|
|
|
key_directory: "/var/named/dnssec-keys"
|
2022-02-21 20:41:31 +00:00
|
|
|
listen_on_ipv4:
|
|
|
|
- "127.0.0.1"
|
|
|
|
listen_on_ipv6:
|
|
|
|
- "::1"
|
|
|
|
max_transfer_time: "60"
|
|
|
|
minimal_responses: "no"
|
|
|
|
notify: "yes"
|
|
|
|
recursion: "yes"
|
2023-01-18 22:35:36 +00:00
|
|
|
update_policies: []
|
|
|
|
# - action: grant
|
|
|
|
# identity: keyname
|
|
|
|
# ruletype: name
|
|
|
|
# name: _acme-challenge.example.com.
|
|
|
|
# types:
|
|
|
|
# - TXT
|
|
|
|
|
2022-02-21 20:41:31 +00:00
|
|
|
transfer_format: "many-answers"
|
|
|
|
|
2023-06-09 07:46:02 +00:00
|
|
|
bind9_rndc_key:
|
|
|
|
name: ""
|
|
|
|
algorithm: ""
|
|
|
|
secret: ""
|
|
|
|
|
2024-05-22 18:22:17 +00:00
|
|
|
bind9_dnssec_keys: []
|
|
|
|
# - origin: "hellenthal.cryptic.systems"
|
|
|
|
# key_signing_key:
|
|
|
|
# private:
|
|
|
|
# filename: "{{ bind9_options.key_directory }}/example.com.private"
|
|
|
|
# content: "private key"
|
|
|
|
# public:
|
|
|
|
# filename: "{{ bind9_options.key_directory }}/example.com.private"
|
|
|
|
# content: "public key"
|
|
|
|
# zone_signing_key:
|
|
|
|
# private:
|
|
|
|
# filename: "{{ bind9_options.key_directory }}/example.com.private"
|
|
|
|
# content: "private key"
|
|
|
|
# public:
|
|
|
|
# filename: "{{ bind9_options.key_directory }}/example.com.private"
|
|
|
|
# content: "public key"
|
|
|
|
|
2023-02-19 11:19:41 +00:00
|
|
|
bind9_statics:
|
|
|
|
enabled: true
|
|
|
|
channels:
|
|
|
|
- inet: "127.0.0.1"
|
|
|
|
port: "8053"
|
|
|
|
acls:
|
|
|
|
- "localhost"
|
|
|
|
|
|
|
|
|
2022-02-21 20:41:31 +00:00
|
|
|
bind9_tsigkeys: []
|
|
|
|
# - name: "name"
|
|
|
|
# algorithm: "algorithm"
|
|
|
|
# secret: "secret"
|
|
|
|
|
|
|
|
bind9_views: []
|
|
|
|
# - name: external
|
|
|
|
# match_clients:
|
|
|
|
# - "!internalnets"
|
|
|
|
# - "any"
|
|
|
|
# zones:
|
2024-05-22 18:22:17 +00:00
|
|
|
# - config:
|
|
|
|
# allow_notify: []
|
|
|
|
# allow_query:
|
|
|
|
# - "any"
|
|
|
|
# allow_query_on: []
|
|
|
|
# allow_update: []
|
|
|
|
# allow_update_forwarding: []
|
|
|
|
# allow_transfer: []
|
|
|
|
# file: zones/external/db.local.example
|
|
|
|
# origin: "example.local."
|
|
|
|
# type: master
|
|
|
|
# notify: true
|
2022-02-21 20:41:31 +00:00
|
|
|
# file: zones/external/db.local.example
|
|
|
|
# - name: internal
|
|
|
|
# match_clients:
|
|
|
|
# - "!192.168.178.1"
|
|
|
|
# - "internalnets"
|
|
|
|
# - "127.0.0.0/8"
|
|
|
|
# zones:
|
2024-05-22 18:22:17 +00:00
|
|
|
# - config:
|
|
|
|
# allow_notify: []
|
|
|
|
# allow_query:
|
|
|
|
# - "any"
|
|
|
|
# allow_query_on: []
|
|
|
|
# allow_update: []
|
|
|
|
# allow_update_forwarding: []
|
|
|
|
# allow_transfer: []
|
|
|
|
# file: zones/internal/db.local.example
|
|
|
|
# origin: "example.local."
|
|
|
|
# type: master
|
2022-02-21 20:41:31 +00:00
|
|
|
# file: zones/internal/db.local.example
|
2024-05-22 18:22:17 +00:00
|
|
|
# - config:
|
|
|
|
# allow_notify: []
|
|
|
|
# allow_query: []
|
|
|
|
# allow_query_on: []
|
|
|
|
# allow_update: []
|
|
|
|
# allow_update_forwarding: []
|
|
|
|
# allow_transfer: []
|
|
|
|
# forward: only
|
|
|
|
# forwarders:
|
|
|
|
# - 192.168.175.1
|
|
|
|
# origin: "gitlab-runner.external.local"
|
|
|
|
# type: forward
|
|
|
|
# file: "gitlab-runner.external.local"
|