DNS (Bind 9).
Персонально для себя выписываю правильное расположение переменных секции option для bind9 (согласно оф. руководству).
options {
[ attach-cache cache_name; ]
[ version version_string; ]
[ hostname hostname_string; ]
[ server-id server_id_string; ]
[ directory path_name; ]
[ key-directory path_name; ]
[ managed-keys-directory path_name; ]
[ named-xfer path_name; ]
[ tkey-gssapi-credential principal; ]
[ tkey-domain domainname; ]
[ tkey-dhkey key_name key_tag; ]
[ cache-file path_name; ]
[ dump-file path_name; ]
[ bindkeys-file path_name; ]
[ memstatistics yes_or_no; ]
[ memstatistics-file path_name; ]
[ pid-file path_name; ]
[ recursing-file path_name; ]
[ statistics-file path_name; ]
[ zone-statistics yes_or_no; ]
[ auth-nxdomain yes_or_no; ]
[ deallocate-on-exit yes_or_no; ]
[ dialup dialup_option; ]
[ fake-iquery yes_or_no; ]
[ fetch-glue yes_or_no; ]
[ flush-zones-on-shutdown yes_or_no; ]
[ has-old-clients yes_or_no; ]
[ host-statistics yes_or_no; ]
[ host-statistics-max number; ]
[ minimal-responses yes_or_no; ]
[ multiple-cnames yes_or_no; ]
[ notify yes_or_no | explicit | master-only; ]
[ recursion yes_or_no; ]
[ rfc2308-type1 yes_or_no; ]
[ use-id-pool yes_or_no; ]
[ maintain-ixfr-base yes_or_no; ]
[ ixfr-from-differences (yes_or_no | master | slave); ]
[ dnssec-enable yes_or_no; ]
[ dnssec-validation yes_or_no; ]
[ dnssec-lookaside ( auto | domain trust-anchor domain ); ]
[ dnssec-must-be-secure domain yes_or_no; ]
[ dnssec-accept-expired yes_or_no; ]
[ forward ( only | first ); ]
[ forwarders { [ ip_addr [port ip_port] ; ... ] }; ]
[ dual-stack-servers [port ip_port] {
( domain_name [port ip_port] | ip_addr [port ip_port] ) ;
... }; ]
[ check-names ( master | slave | response )
( warn | fail | ignore ); ]
[ check-dup-records ( warn | fail | ignore ); ]
[ check-mx ( warn | fail | ignore ); ]
[ check-wildcard yes_or_no; ]
[ check-integrity yes_or_no; ]
[ check-mx-cname ( warn | fail | ignore ); ]
[ check-srv-cname ( warn | fail | ignore ); ]
[ check-sibling yes_or_no; ]
[ allow-notify { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-query-on { address_match_list }; ]
[ allow-query-cache { address_match_list }; ]
[ allow-query-cache-on { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-recursion { address_match_list }; ]
[ allow-recursion-on { address_match_list }; ]
[ allow-update { address_match_list }; ]
[ allow-update-forwarding { address_match_list }; ]
[ update-check-ksk yes_or_no; ]
[ dnssec-dnskey-kskonly yes_or_no; ]
[ dnssec-secure-to-insecure yes_or_no ;]
[ try-tcp-refresh yes_or_no; ]
[ allow-v6-synthesis { address_match_list }; ]
[ blackhole { address_match_list }; ]
[ use-v4-udp-ports { port_list }; ]
[ avoid-v4-udp-ports { port_list }; ]
[ use-v6-udp-ports { port_list }; ]
[ avoid-v6-udp-ports { port_list }; ]
[ listen-on [ port ip_port ] { address_match_list }; ]
[ listen-on-v6 [ port ip_port ] { address_match_list }; ]
[ query-source ( ( ip4_addr | * )
[ port ( ip_port | * ) ] |
[ address ( ip4_addr | * ) ]
[ port ( ip_port | * ) ] ) ; ]
[ query-source-v6 ( ( ip6_addr | * )
[ port ( ip_port | * ) ] |
[ address ( ip6_addr | * ) ]
[ port ( ip_port | * ) ] ) ; ]
[ use-queryport-pool yes_or_no; ]
[ queryport-pool-ports number; ]
[ queryport-pool-updateinterval number; ]
[ max-transfer-time-in number; ]
[ max-transfer-time-out number; ]
[ max-transfer-idle-in number; ]
[ max-transfer-idle-out number; ]
[ tcp-clients number; ]
[ reserved-sockets number; ]
[ recursive-clients number; ]
[ serial-query-rate number; ]
[ serial-queries number; ]
[ tcp-listen-queue number; ]
[ transfer-format ( one-answer | many-answers ); ]
[ transfers-in number; ]
[ transfers-out number; ]
[ transfers-per-ns number; ]
[ transfer-source (ip4_addr | *) [port ip_port] ; ]
[ transfer-source-v6 (ip6_addr | *) [port ip_port] ; ]
[ alt-transfer-source (ip4_addr | *) [port ip_port] ; ]
[ alt-transfer-source-v6 (ip6_addr | *)
[port ip_port] ; ]
[ use-alt-transfer-source yes_or_no; ]
[ notify-delay seconds ; ]
[ notify-source (ip4_addr | *) [port ip_port] ; ]
[ notify-source-v6 (ip6_addr | *) [port ip_port] ; ]
[ notify-to-soa yes_or_no ; ]
[ also-notify { ip_addr [port ip_port] ;
[ ip_addr [port ip_port] ; ... ] }; ]
[ max-ixfr-log-size number; ]
[ max-journal-size size_spec; ]
[ coresize size_spec ; ]
[ datasize size_spec ; ]
[ files size_spec ; ]
[ stacksize size_spec ; ]
[ cleaning-interval number; ]
[ heartbeat-interval number; ]
[ interface-interval number; ]
[ statistics-interval number; ]
[ topology { address_match_list }];
[ sortlist { address_match_list }];
[ rrset-order { order_spec ; [ order_spec ; ... ] ] };
[ lame-ttl number; ]
[ max-ncache-ttl number; ]
[ max-cache-ttl number; ]
[ sig-validity-interval number [number] ; ]
[ sig-signing-nodes number ; ]
[ sig-signing-signatures number ; ]
[ sig-signing-type number ; ]
[ min-roots number; ]
[ use-ixfr yes_or_no ; ]
[ provide-ixfr yes_or_no; ]
[ request-ixfr yes_or_no; ]
[ treat-cr-as-space yes_or_no ; ]
[ min-refresh-time number ; ]
[ max-refresh-time number ; ]
[ min-retry-time number ; ]
[ max-retry-time number ; ]
[ port ip_port; ]
[ additional-from-auth yes_or_no ; ]
[ additional-from-cache yes_or_no ; ]
[ random-device path_name ; ]
[ max-cache-size size_spec ; ]
[ match-mapped-addresses yes_or_no; ]
[ filter-aaaa-on-v4 ( yes_or_no | break-dnssec ); ]
[ preferred-glue ( A | AAAA | NONE ); ]
[ edns-udp-size number; ]
[ max-udp-size number; ]
[ root-delegation-only [ exclude { namelist } ] ; ]
[ querylog yes_or_no ; ]
[ disable-algorithms domain { algorithm;
[ algorithm; ] }; ]
[ acache-enable yes_or_no ; ]
[ acache-cleaning-interval number; ]
[ max-acache-size size_spec ; ]
[ clients-per-query number ; ]
[ max-clients-per-query number ; ]
[ masterfile-format (text|raw) ; ]
[ empty-server name ; ]
[ empty-contact name ; ]
[ empty-zones-enable yes_or_no ; ]
[ disable-empty-zone zone_name ; ]
[ zero-no-soa-ttl yes_or_no ; ]
[ zero-no-soa-ttl-cache yes_or_no ; ]
[ deny-answer-addresses { address_match_list } [ except-from { namelist } ];]
[ deny-answer-aliases { namelist } [ except-from { namelist } ];]
};
Следовательно секция options должна будет выглядеть как-то так:
options {
version "DNS Server";
directory "/etc/namedb";
dump-file "/var/named/etc/namedb/named_dump.db";
pid-file "/var/run/named/pid";
statistics-file "/var/named/etc/namedb/named.stats";
forwarders { 62.165.32.250;
62.165.33.250;
8.8.8.8;
};
listen-on { 10.10.254.253;
192.168.1.252;
127.0.0.1;
};
querylog yes;
};
Персонально для себя выписываю правильное расположение переменных секции option для bind9 (согласно оф. руководству).
options {
[ attach-cache cache_name; ]
[ version version_string; ]
[ hostname hostname_string; ]
[ server-id server_id_string; ]
[ directory path_name; ]
[ key-directory path_name; ]
[ managed-keys-directory path_name; ]
[ named-xfer path_name; ]
[ tkey-gssapi-credential principal; ]
[ tkey-domain domainname; ]
[ tkey-dhkey key_name key_tag; ]
[ cache-file path_name; ]
[ dump-file path_name; ]
[ bindkeys-file path_name; ]
[ memstatistics yes_or_no; ]
[ memstatistics-file path_name; ]
[ pid-file path_name; ]
[ recursing-file path_name; ]
[ statistics-file path_name; ]
[ zone-statistics yes_or_no; ]
[ auth-nxdomain yes_or_no; ]
[ deallocate-on-exit yes_or_no; ]
[ dialup dialup_option; ]
[ fake-iquery yes_or_no; ]
[ fetch-glue yes_or_no; ]
[ flush-zones-on-shutdown yes_or_no; ]
[ has-old-clients yes_or_no; ]
[ host-statistics yes_or_no; ]
[ host-statistics-max number; ]
[ minimal-responses yes_or_no; ]
[ multiple-cnames yes_or_no; ]
[ notify yes_or_no | explicit | master-only; ]
[ recursion yes_or_no; ]
[ rfc2308-type1 yes_or_no; ]
[ use-id-pool yes_or_no; ]
[ maintain-ixfr-base yes_or_no; ]
[ ixfr-from-differences (yes_or_no | master | slave); ]
[ dnssec-enable yes_or_no; ]
[ dnssec-validation yes_or_no; ]
[ dnssec-lookaside ( auto | domain trust-anchor domain ); ]
[ dnssec-must-be-secure domain yes_or_no; ]
[ dnssec-accept-expired yes_or_no; ]
[ forward ( only | first ); ]
[ forwarders { [ ip_addr [port ip_port] ; ... ] }; ]
[ dual-stack-servers [port ip_port] {
( domain_name [port ip_port] | ip_addr [port ip_port] ) ;
... }; ]
[ check-names ( master | slave | response )
( warn | fail | ignore ); ]
[ check-dup-records ( warn | fail | ignore ); ]
[ check-mx ( warn | fail | ignore ); ]
[ check-wildcard yes_or_no; ]
[ check-integrity yes_or_no; ]
[ check-mx-cname ( warn | fail | ignore ); ]
[ check-srv-cname ( warn | fail | ignore ); ]
[ check-sibling yes_or_no; ]
[ allow-notify { address_match_list }; ]
[ allow-query { address_match_list }; ]
[ allow-query-on { address_match_list }; ]
[ allow-query-cache { address_match_list }; ]
[ allow-query-cache-on { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-recursion { address_match_list }; ]
[ allow-recursion-on { address_match_list }; ]
[ allow-update { address_match_list }; ]
[ allow-update-forwarding { address_match_list }; ]
[ update-check-ksk yes_or_no; ]
[ dnssec-dnskey-kskonly yes_or_no; ]
[ dnssec-secure-to-insecure yes_or_no ;]
[ try-tcp-refresh yes_or_no; ]
[ allow-v6-synthesis { address_match_list }; ]
[ blackhole { address_match_list }; ]
[ use-v4-udp-ports { port_list }; ]
[ avoid-v4-udp-ports { port_list }; ]
[ use-v6-udp-ports { port_list }; ]
[ avoid-v6-udp-ports { port_list }; ]
[ listen-on [ port ip_port ] { address_match_list }; ]
[ listen-on-v6 [ port ip_port ] { address_match_list }; ]
[ query-source ( ( ip4_addr | * )
[ port ( ip_port | * ) ] |
[ address ( ip4_addr | * ) ]
[ port ( ip_port | * ) ] ) ; ]
[ query-source-v6 ( ( ip6_addr | * )
[ port ( ip_port | * ) ] |
[ address ( ip6_addr | * ) ]
[ port ( ip_port | * ) ] ) ; ]
[ use-queryport-pool yes_or_no; ]
[ queryport-pool-ports number; ]
[ queryport-pool-updateinterval number; ]
[ max-transfer-time-in number; ]
[ max-transfer-time-out number; ]
[ max-transfer-idle-in number; ]
[ max-transfer-idle-out number; ]
[ tcp-clients number; ]
[ reserved-sockets number; ]
[ recursive-clients number; ]
[ serial-query-rate number; ]
[ serial-queries number; ]
[ tcp-listen-queue number; ]
[ transfer-format ( one-answer | many-answers ); ]
[ transfers-in number; ]
[ transfers-out number; ]
[ transfers-per-ns number; ]
[ transfer-source (ip4_addr | *) [port ip_port] ; ]
[ transfer-source-v6 (ip6_addr | *) [port ip_port] ; ]
[ alt-transfer-source (ip4_addr | *) [port ip_port] ; ]
[ alt-transfer-source-v6 (ip6_addr | *)
[port ip_port] ; ]
[ use-alt-transfer-source yes_or_no; ]
[ notify-delay seconds ; ]
[ notify-source (ip4_addr | *) [port ip_port] ; ]
[ notify-source-v6 (ip6_addr | *) [port ip_port] ; ]
[ notify-to-soa yes_or_no ; ]
[ also-notify { ip_addr [port ip_port] ;
[ ip_addr [port ip_port] ; ... ] }; ]
[ max-ixfr-log-size number; ]
[ max-journal-size size_spec; ]
[ coresize size_spec ; ]
[ datasize size_spec ; ]
[ files size_spec ; ]
[ stacksize size_spec ; ]
[ cleaning-interval number; ]
[ heartbeat-interval number; ]
[ interface-interval number; ]
[ statistics-interval number; ]
[ topology { address_match_list }];
[ sortlist { address_match_list }];
[ rrset-order { order_spec ; [ order_spec ; ... ] ] };
[ lame-ttl number; ]
[ max-ncache-ttl number; ]
[ max-cache-ttl number; ]
[ sig-validity-interval number [number] ; ]
[ sig-signing-nodes number ; ]
[ sig-signing-signatures number ; ]
[ sig-signing-type number ; ]
[ min-roots number; ]
[ use-ixfr yes_or_no ; ]
[ provide-ixfr yes_or_no; ]
[ request-ixfr yes_or_no; ]
[ treat-cr-as-space yes_or_no ; ]
[ min-refresh-time number ; ]
[ max-refresh-time number ; ]
[ min-retry-time number ; ]
[ max-retry-time number ; ]
[ port ip_port; ]
[ additional-from-auth yes_or_no ; ]
[ additional-from-cache yes_or_no ; ]
[ random-device path_name ; ]
[ max-cache-size size_spec ; ]
[ match-mapped-addresses yes_or_no; ]
[ filter-aaaa-on-v4 ( yes_or_no | break-dnssec ); ]
[ preferred-glue ( A | AAAA | NONE ); ]
[ edns-udp-size number; ]
[ max-udp-size number; ]
[ root-delegation-only [ exclude { namelist } ] ; ]
[ querylog yes_or_no ; ]
[ disable-algorithms domain { algorithm;
[ algorithm; ] }; ]
[ acache-enable yes_or_no ; ]
[ acache-cleaning-interval number; ]
[ max-acache-size size_spec ; ]
[ clients-per-query number ; ]
[ max-clients-per-query number ; ]
[ masterfile-format (text|raw) ; ]
[ empty-server name ; ]
[ empty-contact name ; ]
[ empty-zones-enable yes_or_no ; ]
[ disable-empty-zone zone_name ; ]
[ zero-no-soa-ttl yes_or_no ; ]
[ zero-no-soa-ttl-cache yes_or_no ; ]
[ deny-answer-addresses { address_match_list } [ except-from { namelist } ];]
[ deny-answer-aliases { namelist } [ except-from { namelist } ];]
};
Следовательно секция options должна будет выглядеть как-то так:
options {
version "DNS Server";
directory "/etc/namedb";
dump-file "/var/named/etc/namedb/named_dump.db";
pid-file "/var/run/named/pid";
statistics-file "/var/named/etc/namedb/named.stats";
forwarders { 62.165.32.250;
62.165.33.250;
8.8.8.8;
};
listen-on { 10.10.254.253;
192.168.1.252;
127.0.0.1;
};
querylog yes;
};
Комментариев нет:
Отправить комментарий
Примечание. Отправлять комментарии могут только участники этого блога.