Sophie

Sophie

distrib > Mandriva > 2009.1 > x86_64 > media > main-testing > by-pkgid > d66025ce56624bec44a5336810550ff1 > files > 15

dhcp-doc-4.1.0-5.4mdv2009.1.x86_64.rpm

// (oe) loosely based on the document below and from production server configurations.
// http://www.cymru.com/Documents/secure-bind-template.html

// secret must be the same as in /etc/rndc.conf
key mykey {
    algorithm hmac-md5;
    secret "IriCelUSbPMypSjImBsiTHMauOumRPMkdBjoxVINAx0vxJZNRKGWzFCKibad";
};

controls {
    inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { mykey; };
};

// Access lists (ACL's) should be defined here
include "bogon_acl.conf";

options {
    version "";
    directory "/var/named";
    dump-file "/var/tmp/named_dump.db";
    pid-file "/var/run/named/named.pid";
    statistics-file "/var/tmp/named.stats";
    zone-statistics yes;
    coresize 100M; 
//    fetch-glue no;
//    recursion no;
    auth-nxdomain yes;
    query-source address * port *;
    listen-on port 53 { any; };
    cleaning-interval 120;
    transfers-in 20;
    transfers-per-ns 2;
    lame-ttl 0;
    max-ncache-ttl 10800;

//    allow-update { none; };
//    allow-transfer { any; };

// Prevent DoS attacks by generating bogus zone transfer 
// requests.  This will result in slower updates to the 
// slave servers (e.g. they will await the poll interval 
// before checking for updates). 
    notify no; 

// Generate more efficient zone transfers.  This will place 
// multiple DNS records in a DNS message, instead of one per 
// DNS message. 
    transfer-format many-answers; 

// Set the maximum zone transfer time to something more 
// reasonable.  In this case, we state that any zone transfer 
// that takes longer than 60 minutes is unlikely to ever 
// complete.  WARNING:  If you have very large zone files, 
// adjust this to fit your requirements. 
    max-transfer-time-in 60; 

// We have no dynamic interfaces, so BIND shouldn't need to 
// poll for interface state {UP|DOWN}. 
    interface-interval 0; 

// Uncoment these to enable IPv6 connections support
// IPv4 will still work
//      listen-on { none; };
//      listen-on-v6 { any; };


// Deny anything from the bogon networks as
// detailed in the "bogon" ACL.

    blackhole { bogon; };

//    root-delegation-only exclude { "de"; "lv"; "museum"; };

};

// define logging channels
include "logging.conf";

zone "." {
	type hint;
	file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
	type master;
	file "named.local";
};

// workaround stupid stuff... (OE: Wed 17 Sep 2003)
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "ph" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };

zone "2.168.192.in-addr.arpa" {
	type master;
	file "mandrakesoft.reversed";
	allow-update { key mykey; };
};

zone "mandrakesoft.com" {
	type master;
	file "mandrakesoft.zone";
	allow-update { key mykey; };
};

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional