Tâche #32204
Scénario #31999: Revoir les options du template /etc/bind/named.conf.options Samba DLZ
Revoir les options Bind
Statut:
Fermé
Priorité:
Normal
Assigné à:
Version cible:
Début:
06/04/2021
Echéance:
% réalisé:
100%
Restant à faire (heures):
0.0
Révisions associées
adapter la configuration de bind (ref #32204)
Historique
#1 Mis à jour par Emmanuel GARETTE il y a presque 3 ans
- Statut changé de Nouveau à En cours
#2 Mis à jour par Emmanuel GARETTE il y a presque 3 ans
dnssec-enable est retirer dans une version supérieur : https://bind9.readthedocs.io/en/latest/notes.html?highlight=%22dnssec-enable%22#id5
#3 Mis à jour par Emmanuel GARETTE il y a presque 3 ans
Documentation :
auth-nxdomain If yes, then the AA bit is always set on NXDOMAIN responses, even if the server is not actually authoritative. The default is no. notify If set to yes (the default), DNS NOTIFY messages are sent when a zone the server is authoritative for changes; see Notify. The messages are sent to the servers listed in the zone’s NS records (except the primary server identified in the SOA MNAME field), and to any servers listed in the also-notify option. If set to primary-only (or the older keyword master-only), notifies are only sent for primary zones. If set to explicit, notifies are sent only to servers explicitly listed using also-notify. If set to no, no notifies are sent. The notify option may also be specified in the zone statement, in which case it overrides the options notify statement. It would only be necessary to turn off this option if it caused secondary zones to crash. empty-zones-enable This enables or disables all empty zones. By default, they are enabled.
#4 Mis à jour par Emmanuel GARETTE il y a presque 3 ans
- Statut changé de En cours à Résolu
- % réalisé changé de 0 à 100
#5 Mis à jour par Daniel Dehennin il y a presque 3 ans
Sur un Seth 2.8.1
root@dc1:~# cat /etc/bind/named.conf.options acl transfer_acl { none; }; options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 192.168.0.1; }; forward only; dnssec-validation no; dnssec-lookaside no; empty-zones-enable no; allow-query {any;}; notify no; allow-transfer {transfer_acl;}; auth-nxdomain yes; listen-on-v6 { none; }; tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; # https://wiki.samba.org/index.php?title=BIND9_DLZ_DNS_Back_End&diff=prev&oldid=15767 minimal-responses yes; };
#6 Mis à jour par Daniel Dehennin il y a presque 3 ans
- Statut changé de Résolu à Fermé
- Restant à faire (heures) mis à 0.0