-
Notifications
You must be signed in to change notification settings - Fork 116
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
b7b0d65
commit 7415a9b
Showing
3 changed files
with
132 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
/* | ||
* Refer to the named.conf(5) and named(8) man pages, and the documentation | ||
* in /usr/share/doc/bind-* for more details. | ||
* Online versions of the documentation can be found here: | ||
* https://kb.isc.org/article/AA-01031 | ||
* | ||
* If you are going to set up an authoritative server, make sure you | ||
* understand the hairy details of how DNS works. Even with simple mistakes, | ||
* you can break connectivity for affected parties, or cause huge amounts of | ||
* useless Internet traffic. | ||
*/ | ||
|
||
options { | ||
directory "{{ map.get('named_directory') }}"; | ||
pid-file "/run/named/named.pid"; | ||
|
||
bindkeys-file "/etc/bind/bind.keys"; | ||
|
||
{%- if salt['pillar.get']('bind:config:ipv6', False) %} | ||
listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; }; | ||
{%- endif %} | ||
|
||
listen-on { 127.0.0.1; }; | ||
|
||
{%- for statement, value in salt['pillar.get']('bind:config:options', {})|dictsort -%} | ||
{%- if value is iterable and value is not string %} | ||
{{ statement }} { | ||
{%- for item in value %} | ||
{{ item }}; | ||
{%- endfor %} | ||
}; | ||
{%- else %} | ||
{{ statement }} {{ value }}; | ||
{%- endif %} | ||
{%- endfor %} | ||
}; | ||
|
||
{% for incl in salt['pillar.get']('bind:config:includes', []) %} | ||
include "{{ incl }}"; | ||
{% endfor %} | ||
|
||
|
||
{%- if salt['pillar.get']('bind:controls', False) %} | ||
controls { | ||
{%- for name, control in salt['pillar.get']('bind:controls')|dictsort if control.get('enabled', True) %} | ||
inet {{ control.get('bind', {}).get('address', '127.0.0.1') }} port {{ control.get('bind', {}).get('port', 953) }} | ||
{%- if control.get('allow') %} | ||
allow { | ||
{%- for allow in control.allow %} | ||
{{ allow }}; | ||
{%- endfor %} | ||
} | ||
{%- endif %} | ||
{%- if control.get('keys') %} | ||
keys { | ||
{%- for key in control.get('keys') %} | ||
{{ key }}; | ||
{%- endfor %} | ||
} | ||
{%- endif %}; | ||
{%- endfor %} | ||
|
||
}; | ||
{%- endif %} | ||
|
||
zone "." in { | ||
type hint; | ||
file "/var/bind/named.cache"; | ||
}; | ||
|
||
zone "localhost" IN { | ||
type master; | ||
file "pri/localhost.zone"; | ||
notify no; | ||
}; | ||
|
||
/* | ||
* Briefly, a zone which has been declared delegation-only will be effectively | ||
* limited to containing NS RRs for subdomains, but no actual data beyond its | ||
* own apex (for example, its SOA RR and apex NS RRset). This can be used to | ||
* filter out "wildcard" or "synthesized" data from NAT boxes or from | ||
* authoritative name servers whose undelegated (in-zone) data is of no | ||
* interest. | ||
* See http://www.isc.org/software/bind/delegation-only for more info | ||
*/ | ||
|
||
//zone "COM" { type delegation-only; }; | ||
//zone "NET" { type delegation-only; }; | ||
|
||
//zone "YOUR-DOMAIN.TLD" { | ||
// type master; | ||
// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone"; | ||
// allow-query { any; }; | ||
// allow-transfer { xfer; }; | ||
//}; | ||
|
||
//zone "YOUR-SLAVE.TLD" { | ||
// type slave; | ||
// file "/var/bind/sec/YOUR-SLAVE.TLD.zone"; | ||
// masters { <MASTER>; }; | ||
|
||
/* Anybody is allowed to query but transfer should be controlled by the master. */ | ||
// allow-query { any; }; | ||
// allow-transfer { none; }; | ||
|
||
/* The master should be the only one who notifies the slaves, shouldn't it? */ | ||
// allow-notify { <MASTER>; }; | ||
// notify no; | ||
//}; | ||
|
||
include "{{ map.local_config }}"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters