Project

General

Profile

Tâche #32204

Scénario #31999: Revoir les options du template /etc/bind/named.conf.options Samba DLZ

Revoir les options Bind

Added by Emmanuel GARETTE 5 months ago. Updated 5 months ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
04/06/2021
Due date:
% Done:

100%

Remaining (hours):
0.0

Associated revisions

Revision a59bc170 (diff)
Added by Emmanuel GARETTE 5 months ago

adapter la configuration de bind (ref #32204)

History

#1 Updated by Emmanuel GARETTE 5 months ago

  • Status changed from Nouveau to En cours

#2 Updated by Emmanuel GARETTE 5 months ago

dnssec-enable est retirer dans une version supérieur : https://bind9.readthedocs.io/en/latest/notes.html?highlight=%22dnssec-enable%22#id5

#3 Updated by Emmanuel GARETTE 5 months ago

Documentation :

auth-nxdomain
    If yes, then the AA bit is always set on NXDOMAIN responses, even if the server is not actually authoritative. The default is no.
notify

    If set to yes (the default), DNS NOTIFY messages are sent when a zone the server is authoritative for changes; see Notify. The messages are sent to the servers listed in the zone’s NS records (except the primary server identified in the SOA MNAME field), and to any servers listed in the also-notify option.

    If set to primary-only (or the older keyword master-only), notifies are only sent for primary zones. If set to explicit, notifies are sent only to servers explicitly listed using also-notify. If set to no, no notifies are sent.

    The notify option may also be specified in the zone statement, in which case it overrides the options notify statement. It would only be necessary to turn off this option if it caused secondary zones to crash.
empty-zones-enable
    This enables or disables all empty zones. By default, they are enabled.

#4 Updated by Emmanuel GARETTE 5 months ago

  • Status changed from En cours to Résolu
  • % Done changed from 0 to 100

#5 Updated by Daniel Dehennin 5 months ago

Sur un Seth 2.8.1

root@dc1:~# cat /etc/bind/named.conf.options
acl transfer_acl {
    none;
};

options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.
    forwarders {
                192.168.0.1;
    };
    forward only;

    dnssec-validation no;
    dnssec-lookaside no;

    empty-zones-enable no;

    allow-query {any;};
    notify no;

    allow-transfer {transfer_acl;};

    auth-nxdomain yes;
    listen-on-v6 { none; };
    tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";

    # https://wiki.samba.org/index.php?title=BIND9_DLZ_DNS_Back_End&diff=prev&oldid=15767
    minimal-responses yes;
};

#6 Updated by Daniel Dehennin 5 months ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) set to 0.0

Also available in: Atom PDF