Update named.ca, move named.conf out of config archive

This commit is contained in:
Petr Menšík 2017-08-16 22:47:09 +02:00
parent e9f0f4543b
commit 5d8eb8cf1d
4 changed files with 63 additions and 3 deletions

1
.gitignore vendored
View File

@ -77,3 +77,4 @@ bind-9.7.2b1.tar.gz
/bind-9.11.1-P3.tar.gz
/bind-9.11.2b1.tar.gz
/bind-9.11.2.tar.gz
/config-17.tar.bz2

View File

@ -40,7 +40,8 @@ Source7: bind-9.3.1rc1-sdb_tools-Makefile.in
Source8: dnszone.schema
Source12: README.sdb_pgsql
Source25: named.conf.sample
Source28: config-16.tar.bz2
Source26: named.conf
Source28: config-17.tar.bz2
Source30: ldap2zone.c
Source31: ldap2zone.1
Source32: named-sdb.8
@ -671,6 +672,7 @@ touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log
# configuration files:
tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28}
install -m 640 %{SOURCE26} ${RPM_BUILD_ROOT}/etc/named.conf
touch ${RPM_BUILD_ROOT}/etc/rndc.key
touch ${RPM_BUILD_ROOT}/etc/rndc.conf
mkdir ${RPM_BUILD_ROOT}/etc/named
@ -681,7 +683,7 @@ install -m 644 %{SOURCE36} ${RPM_BUILD_ROOT}/etc/trusted-key.key
mkdir -p sample/etc sample/var/named/{data,slaves}
install -m 644 %{SOURCE25} sample/etc/named.conf
# Copy default configuration to %%doc to make it usable from system-config-bind
install -m 644 ${RPM_BUILD_ROOT}/etc/named.conf named.conf.default
install -m 644 %{SOURCE26} named.conf.default
install -m 644 ${RPM_BUILD_ROOT}/etc/named.rfc1912.zones sample/etc/named.rfc1912.zones
install -m 644 ${RPM_BUILD_ROOT}/var/named/{named.ca,named.localhost,named.loopback,named.empty} sample/var/named
for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.internal.zone.db my.external.zone.db; do

57
named.conf Normal file
View File

@ -0,0 +1,57 @@
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

View File

@ -1,2 +1,2 @@
SHA512 (bind-9.11.2.tar.gz) = c837c0a360049b0077b155eede9b6a71f63d1caca2ddf20a8ab7860a1033a3750e49cd2804dcf8c43b0aef04bcea99422d1302b4eae1646eb69a5ae6d64625b9
SHA512 (config-16.tar.bz2) = 983e0a8de3bb0c16fb21331894cc97ea516233796158eb5d1c932608227b31889496d0467c3e43953bf504dbf8b5f19210d2c9f8e0e3742aea2c7609245bf3f7
SHA512 (config-17.tar.bz2) = 93d864be83a2aeaec3f4e150909bee21b0fc4761562928ee075f09e8fce28bc82735ed7d7a93e8dfff4fcf8e06f2aa9a04046fc3e538a6bf5cb380f2a3528729