diff options
| author | Mike Crute <mike@crute.us> | 2019-12-10 22:03:28 +0000 |
|---|---|---|
| committer | Mike Crute <mike@crute.us> | 2019-12-10 22:07:18 +0000 |
| commit | 34306c78d76fe0cc0885f528f37e100352e426d6 (patch) | |
| tree | 5252cf3d39de2ea5818aeff45cb0933ea4c94660 /bind/conf/named.conf | |
| parent | 6dbd14383a3a3c784cabf4efa2dd423dfc042926 (diff) | |
| download | dockerfiles-34306c78d76fe0cc0885f528f37e100352e426d6.tar.bz2 dockerfiles-34306c78d76fe0cc0885f528f37e100352e426d6.tar.xz dockerfiles-34306c78d76fe0cc0885f528f37e100352e426d6.zip | |
bind: Consolidate configuration files
Add DNS master/slave support to container so that slaves don't require
any additional configuration outside of their environment.
Pull common master/slave configuration into the base container.
Diffstat (limited to 'bind/conf/named.conf')
| -rw-r--r-- | bind/conf/named.conf | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/bind/conf/named.conf b/bind/conf/named.conf new file mode 100644 index 0000000..071cea7 --- /dev/null +++ b/bind/conf/named.conf | |||
| @@ -0,0 +1,60 @@ | |||
| 1 | // vi:ft=named | ||
| 2 | |||
| 3 | include "/etc/bind/rndc.key"; | ||
| 4 | |||
| 5 | options { | ||
| 6 | directory "/etc/bind/local/cache"; | ||
| 7 | bindkeys-file "/etc/bind/bind.keys"; | ||
| 8 | |||
| 9 | //======================================================================== | ||
| 10 | // If BIND logs error messages about the root key being expired, | ||
| 11 | // you will need to update your keys. See https://www.isc.org/bind-keys | ||
| 12 | //======================================================================== | ||
| 13 | |||
| 14 | // mcrute: disable dnssec because the AWS resolvers return invalid zone | ||
| 15 | // signatures | ||
| 16 | dnssec-validation no; | ||
| 17 | |||
| 18 | auth-nxdomain no; # conform to RFC1035 | ||
| 19 | |||
| 20 | listen-on { any; }; | ||
| 21 | listen-on-v6 { any; }; | ||
| 22 | |||
| 23 | version none; | ||
| 24 | hostname none; | ||
| 25 | |||
| 26 | allow-recursion { | ||
| 27 | internal-nets; | ||
| 28 | localhost; | ||
| 29 | }; | ||
| 30 | |||
| 31 | allow-transfer { | ||
| 32 | internal-nets; | ||
| 33 | localhost; | ||
| 34 | }; | ||
| 35 | |||
| 36 | // Allow more transfers at once to improve slave convergence | ||
| 37 | transfers-in 30; | ||
| 38 | transfers-out 30; | ||
| 39 | }; | ||
| 40 | |||
| 41 | controls { | ||
| 42 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; | ||
| 43 | inet ::1 allow { localhost; } keys { "rndc-key"; }; | ||
| 44 | }; | ||
| 45 | |||
| 46 | acl internal-nets { | ||
| 47 | 172.16.0.0/16; // SEA1 - AWS | ||
| 48 | 172.17.0.0/16; // SEA2 | ||
| 49 | 172.18.0.0/16; // FKL1 | ||
| 50 | |||
| 51 | 2001:470:e8d1::/48; // SEA1 Big Block | ||
| 52 | 2001:470:b:130::/64; // SEA1 | ||
| 53 | 2600:1f14:f39:e000::/56; // PDX1 | ||
| 54 | 2600:1f16:33:500::/56; // CMH1 | ||
| 55 | 2a05:d01c:7ba:b800::/56; // LHR1 | ||
| 56 | |||
| 57 | 192.168.255.0/24; // Local Docker Bridge | ||
| 58 | }; | ||
| 59 | |||
| 60 | include "/etc/bind/local/zones.conf"; | ||