diff options
author | Mike Crute <mike@crute.us> | 2019-12-10 22:03:28 +0000 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2019-12-10 22:07:18 +0000 |
commit | 34306c78d76fe0cc0885f528f37e100352e426d6 (patch) | |
tree | 5252cf3d39de2ea5818aeff45cb0933ea4c94660 /bind/conf/named.conf | |
parent | 6dbd14383a3a3c784cabf4efa2dd423dfc042926 (diff) | |
download | dockerfiles-34306c78d76fe0cc0885f528f37e100352e426d6.tar.bz2 dockerfiles-34306c78d76fe0cc0885f528f37e100352e426d6.tar.xz dockerfiles-34306c78d76fe0cc0885f528f37e100352e426d6.zip |
bind: Consolidate configuration files
Add DNS master/slave support to container so that slaves don't require
any additional configuration outside of their environment.
Pull common master/slave configuration into the base container.
Diffstat (limited to 'bind/conf/named.conf')
-rw-r--r-- | bind/conf/named.conf | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/bind/conf/named.conf b/bind/conf/named.conf new file mode 100644 index 0000000..071cea7 --- /dev/null +++ b/bind/conf/named.conf | |||
@@ -0,0 +1,60 @@ | |||
1 | // vi:ft=named | ||
2 | |||
3 | include "/etc/bind/rndc.key"; | ||
4 | |||
5 | options { | ||
6 | directory "/etc/bind/local/cache"; | ||
7 | bindkeys-file "/etc/bind/bind.keys"; | ||
8 | |||
9 | //======================================================================== | ||
10 | // If BIND logs error messages about the root key being expired, | ||
11 | // you will need to update your keys. See https://www.isc.org/bind-keys | ||
12 | //======================================================================== | ||
13 | |||
14 | // mcrute: disable dnssec because the AWS resolvers return invalid zone | ||
15 | // signatures | ||
16 | dnssec-validation no; | ||
17 | |||
18 | auth-nxdomain no; # conform to RFC1035 | ||
19 | |||
20 | listen-on { any; }; | ||
21 | listen-on-v6 { any; }; | ||
22 | |||
23 | version none; | ||
24 | hostname none; | ||
25 | |||
26 | allow-recursion { | ||
27 | internal-nets; | ||
28 | localhost; | ||
29 | }; | ||
30 | |||
31 | allow-transfer { | ||
32 | internal-nets; | ||
33 | localhost; | ||
34 | }; | ||
35 | |||
36 | // Allow more transfers at once to improve slave convergence | ||
37 | transfers-in 30; | ||
38 | transfers-out 30; | ||
39 | }; | ||
40 | |||
41 | controls { | ||
42 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; | ||
43 | inet ::1 allow { localhost; } keys { "rndc-key"; }; | ||
44 | }; | ||
45 | |||
46 | acl internal-nets { | ||
47 | 172.16.0.0/16; // SEA1 - AWS | ||
48 | 172.17.0.0/16; // SEA2 | ||
49 | 172.18.0.0/16; // FKL1 | ||
50 | |||
51 | 2001:470:e8d1::/48; // SEA1 Big Block | ||
52 | 2001:470:b:130::/64; // SEA1 | ||
53 | 2600:1f14:f39:e000::/56; // PDX1 | ||
54 | 2600:1f16:33:500::/56; // CMH1 | ||
55 | 2a05:d01c:7ba:b800::/56; // LHR1 | ||
56 | |||
57 | 192.168.255.0/24; // Local Docker Bridge | ||
58 | }; | ||
59 | |||
60 | include "/etc/bind/local/zones.conf"; | ||