Arquivo DNSSEC
De Slacam_Wiki
Arquivo com Exemplo do DNSSEC - named.conf
/* * UNESP - AI - Grupo de Redes * (CJC) rev 1.1 - 20080728 * * BIND 9.4-P1 * named.conf exemplo para ativacao dos seguintes recursos: * - views para separar recursivo e autoritativo * - consultas com validacao de DNSSEC * - logs * */ options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; // Coloque aqui os servidores secundarios de suas zonas allow-transfer { 200.145.1.1; 200.145.9.9; }; // Coloque aqui quais IP's locais responderao na porta 53 listen-on port 53 { any; }; }; /* * Control listeners, for "ndc". Every nameserver needs at least one. */ controls { inet 127.0.0.1 allow { none; }; }; // Coloque aqui quem pode fazer consultas recursivas acl clientes { localhost; 200.145.111.0/24; 200.145.222.0/24; etc... 200.145.999.0/24; }; // DNSSEC Keys (download em http://grc.unesp.br/dnssec) include "/etc/namedb/chaves.dnssec"; view "recursivo" { allow-recursion { clientes; }; // Validacao de DNSSEC dnssec-validation yes; dnssec-lookaside . trust-anchor dlv.isc.org.; // Coloque aqui as zonas de resolução local zone "." { type hint; file "named.root"; }; zone "0.0.127.in-addr.arpa" { type master; file "named.local"; allow-update { none;}; }; // RFC 3152 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { type master; file "localhost-v6.rev"; }; // RFC 1886 -- deprecated zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { type master; file "localhost-v6.rev"; }; }; view "autoritativo" { match-clients { any; }; recursion no; additional-from-auth no; additional-from-cache no; // Coloque aqui as zonas autoritativas Master e Slave zone "xxx.unesp.br" { type master; file "xxx.zone"; allow-update { none; }; }; zone "999.145.200.in-addr.arpa" { type master; file "xxx.999.rev"; allow-update { none; }; }; etc... }; logging { /* * All log output goes to one or more "channels"; you can make as * many of them as you want. */ channel syslog_errors { // this channel will send errors or syslog user; // or worse to syslog (user facility) severity error; }; channel stderr_errors { stderr; }; category parser { syslog_errors; // you can log to as many channels default_syslog; // as you want }; category lame-servers { null; }; // don't log these at all };