本文发布于Cylon的收藏册,转载请著名原文链接~


//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { any; };
//	listen-on-v6 port 53 { ::1; };
	directory 	"/data/named";
	dump-file 	"/data/named/data/cache_dump.db";
	statistics-file "/data/named/data/named_stats.txt";
	memstatistics-file "/data/named/data/named_mem_stats.txt";
	recursing-file  "/data/named/data/named.recursing";
	secroots-file   "/data/named/data/named.secroots";
	allow-query     { any; };
	allow-query-cache { any; };
	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;

	dnssec-enable no;
	dnssec-validation no;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.root.key";

	managed-keys-directory "/data/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};
statistics-channels {

       inet 127.0.0.1 port 53 allow { 127.0.0.1; };

};

logging {
        channel default_debug {
                file "/data/logs/named/named.run";
                severity dynamic;
        };
	channel warning {
          file "/data/logs/named/named.log" versions 100 size10m;
          severity warning;
          print-category yes;
          print-severity yes;
          print-time yes;
         };
         channel query {
           file "/data/logs/named/query.log" versions 100 size 10m;
           severity info;
           print-category yes;
           print-severity yes;
           print-time yes;
         };
         category default { warning; };
         category queries { query; };
};

zone "." IN {
	type hint;
	file "named.ca";
};

key "rndc-key" {
    algorithm hmac-md5;
    secret "R+pzomztOItyduEqVF2gjA==";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "tvbshare.com" IN {
	type master;
	file "tvbshare.com.zone";
	allow-transfer { 10.11.17.90; 10.11.17.89; };
        allow-update { 10.11.17.89; };
};

zone "r_tvbshare_prod.service.tvbshare" IN {
	type forward;
        forwarders { 10.11.11.5;  10.11.11.6; };
         forward only;
};

zone "w_tvbshare_prod.service.tvbshare" IN {
        type forward;
        forwarders { 10.11.11.4; };
        forward only;
};

slave

zone "tvbshare.com" IN {
	type slave;
	masters { 10.11.17.89; };
	masterfile-format text;
	file "slaves/tvbshare.com.zone";
};

zone "r_tvbshare_prod.service.tvbshare" IN {
        type forward;
        forwarders { 10.11.11.5;  10.11.11.6; };
         forward only;
};

zone "w_tvbshare_prod.service.tvbshare" IN {
        type forward;
        forwarders { 10.11.11.4; };
        forward only;
};

http://www.361way.com/bind-master-slave/4811.html

https://www.cnblogs.com/fuhai0815/p/8459670.html

本文发布于Cylon的收藏册,转载请著名原文链接~

链接:https://www.oomkill.com/2020/02/dns/

版权:本作品采用「署名-非商业性使用-相同方式共享 4.0 国际」 许可协议进行许可。