diff options
| -rw-r--r-- | bind/named.conf.local | 48 | ||||
| -rw-r--r-- | bind/pri/JONES-cloud-www | 2 | ||||
| -rw-r--r-- | bind/pri/omni-presence.dk | 2 |
3 files changed, 46 insertions, 6 deletions
diff --git a/bind/named.conf.local b/bind/named.conf.local index 4991dd6..06df084 100644 --- a/bind/named.conf.local +++ b/bind/named.conf.local @@ -1,22 +1,62 @@ include "/etc/local-JONES.DK/bind/named.conf.acl"; +acl jones_internals { + localhost; + 192.168.0.0/16; + 2a12:3d83:7021::/48; + fd00::/8; + fe80::/10; +}; +acl not_jones_internals { + 10.0.0.0/8; + 100.64.0.0/10; + 172.16.0.0/12; + fc00::/8; +}; view "internal" { - match-clients { 127.0.0.0/24; 192.168.222.0/24; }; + match-clients { jones_internals; }; + match-destinations { jones_internals; }; + match-recursive-only yes; + + allow-query { jones_internals; }; + allow-recursion { jones_internals; }; + allow-transfer { none; }; +// blackhole { not_jones_internals; }; include "/etc/local-JONES.DK/bind/named.conf.fake-222"; include "/etc/local-REDPILL.DK/bind/named.conf.FSUB.DE"; - include "/etc/bind/named.conf.default-zones"; + // prime the server with knowledge of the root servers + zone "." { + type hint; + file "/usr/share/dns/root.hints"; + }; + + plugin query "filter-aaaa.so" { + filter-aaaa-on-v4 yes; + filter-aaaa-on-v6 yes; + filter-aaaa { any; }; + }; }; view "external" { match-clients { any; }; recursion no; - include "/etc/bind/zones.rfc1918"; + // https://rhn.redhat.com/errata/RHSA-2013-0550.html + rate-limit { + responses-per-second 5; + window 5; + }; + +// include "/etc/bind/zones.rfc1918"; include "/etc/local-JONES.DK/bind/named.conf.pri"; include "/etc/local-REDPILL.DK/bind/named.conf.FSUB.DE.internal"; - include "/etc/bind/named.conf.default-zones"; + // prime the server with knowledge of the root servers + zone "." { + type hint; + file "/usr/share/dns/root.hints"; + }; }; diff --git a/bind/pri/JONES-cloud-www b/bind/pri/JONES-cloud-www index 6ee925c..78b540e 100644 --- a/bind/pri/JONES-cloud-www +++ b/bind/pri/JONES-cloud-www @@ -1,6 +1,6 @@ $TTL 1h @ SOA dns.jones.dk. dr.jones.dk. ( - 2023080301 + 2023091001 4h 1h 1w 1h ) $INCLUDE /etc/local-JONES.DK/bind/skel/NS diff --git a/bind/pri/omni-presence.dk b/bind/pri/omni-presence.dk index f73701d..d0eedf7 100644 --- a/bind/pri/omni-presence.dk +++ b/bind/pri/omni-presence.dk @@ -1,6 +1,6 @@ $TTL 1h @ SOA dns.jones.dk. dr.jones.dk. ( - 2023080301 + 2023091001 4h 1h 1w 1h ) $INCLUDE /etc/local-JONES.DK/bind/skel/NS |