Arquivo DNSSEC
Arquivo com Exemplo do DNSSEC
/*
* UNESP - AI - Grupo de Redes * (CJC) rev 1.1 - 20080728 * * BIND 9.4-P1 * named.conf exemplo para ativacao dos seguintes recursos: * - views para separar recursivo e autoritativo * - consultas com validacao de DNSSEC * - logs * */
options { directory "/etc/namedb";
pid-file "/var/run/named/pid";
// Coloque aqui os servidores secundarios de suas zonas allow-transfer { 200.145.1.1; 200.145.9.9; };
// Coloque aqui quais IP's locais responderao na porta 53 listen-on port 53 { any; };
};
/*
* Control listeners, for "ndc". Every nameserver needs at least one. */
controls { inet 127.0.0.1 allow { none; }; };
// Coloque aqui quem pode fazer consultas recursivas acl clientes { localhost; 200.145.111.0/24; 200.145.222.0/24; etc... 200.145.999.0/24; };
// DNSSEC Keys (download em http://grc.unesp.br/dnssec) include "/etc/namedb/chaves.dnssec";
view "recursivo" { allow-recursion { clientes; };
// Validacao de DNSSEC
dnssec-validation yes; dnssec-lookaside . trust-anchor dlv.isc.org.;
// Coloque aqui as zonas de resolução local
zone "." { type hint; file "named.root"; };
zone "0.0.127.in-addr.arpa" { type master; file "named.local"; allow-update { none;}; };
// RFC 3152 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { type master; file "localhost-v6.rev"; };
// RFC 1886 -- deprecated zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { type master; file "localhost-v6.rev"; };
};
view "autoritativo" {
match-clients { any; };
recursion no;
additional-from-auth no; additional-from-cache no;
// Coloque aqui as zonas autoritativas Master e Slave
zone "xxx.unesp.br" { type master; file "xxx.zone"; allow-update { none; }; };
zone "999.145.200.in-addr.arpa" {
type master;
file "xxx.999.rev";
allow-update { none; };
};
etc...
};
logging { /* * All log output goes to one or more "channels"; you can make as * many of them as you want. */
channel syslog_errors { // this channel will send errors or syslog user; // or worse to syslog (user facility) severity error; };
channel stderr_errors { stderr; };
category parser { syslog_errors; // you can log to as many channels default_syslog; // as you want };
category lame-servers { null; }; // don't log these at all
};