chilidog.highland.cc.ks.us

home *** CD-ROM | disk | FTP | other *** search

/ chilidog.highland.cc.ks.us / chilidog.highland.cc.ks.us.zip / chilidog.highland.cc.ks.us / backup / bradford.20100913.bsc-siteConfiguration.tar.gz / bradford.20100913.bsc-siteConfiguration.tar / bsc / siteConfiguration / .factory.named.conf.2009-06-24-10-30-51 < prev next >

Wrap

Text File | 2009-01-20 | 9KB | 335 lines

////////////////////////////////////////////////// // This file is for NS500's ONLY! // If this is an NS1200 then edit the dhcpd.conf // on the NS8200. ////////////////////////////////////////////////// // // Access Control Lists lookup variables examples // See the "ACL" Section below // // 192.168.26.2 Registration Interface // 192.168.26.0 Registration Network // /24 Registration Network Mask // // 192.168.27.2 Remediation Interface // 192.168.27.0 Remediation Network // /24 Remediation Network Mask // // 192.168.28.2 Authentication Interface // 192.168.28.0 Authentication Network // /24 Authentication Network Mask // // 192.168.29.2 Dead End Interface // 192.168.29.0 Dead End Network // /24 Dead End Network Mask // // 192.168.30.2 Hub Interface // 192.168.30.0 Hub Network // /24 Hub Network Mask // // 192.168.31.2 VPN Interface // 192.168.31.0 VPN Network // /24 VPN Network Mask // // 192.168.32.2 Isolation Interface // 192.168.32.0 Isolation Network // /24 Isolation Network Mask // // /32 Network Mask to Identify a single IP // // 192.168.10.10 IP Address of a Production DNS // // 192.168.10.33 The Primary Interface of the CMRC // // 127.0.0.1 Primary loopback address of the CMRC // For additional loopback configurations see /etc/sysconfig/network/ReadMe_loopback // 127.0.0.2 Additional loopback address to support additional "view" // 127.0.0.3 Additional loopback address to support additional "view" // 127.0.0.4 Additional loopback address to support additional "view" // 127.0.0.5 Additional loopback address to support additional "view" // ////////////////////////////////////////////////////////////// include "/bsc/siteConfiguration/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; }; logging { ///////////////////////////////////////////////////////////////// // activate logging // Use this log file to trouble shoot client DNS issue. // the file is /var/named/named.log // Uncomment the line "severity debug ;" to get more logging. // Remember to restart DNS when making changes in the named.conf // When finished debugging remember to put a comment back // in the "severity debug ;" line. ///////////////////////////////////////////////////////////////// channel "logs" { file "/var/lib/named/bsc/siteConfiguration/named/named.log" versions 3 size 5m; // severity debug ; print-time yes; print-category yes; }; category queries { "logs"; }; category resolver { "logs"; }; category client { "logs"; }; }; ////////////////////////////////////////////////// // Access Control Lists for lookup variables // Set these IP's to match the appropriate networks ////////////////////////////////////////////////// acl "reg" { 172.16.45.2/32; 172.16.45.0/24; }; acl "rem" { 172.16.46.2/32; 172.16.46.0/24; }; acl "auth" { 172.16.47.2/32; 172.16.47.0/24; }; acl "de" { 172.16.48.2/32; 172.16.48.0/24; }; acl "hub" { 172.16.48.2/32; 172.16.48.0/24; }; acl "vpn" { 192.168.31.2/32; 192.168.31.0/24; }; acl "isol" { 192.168.32.2/32; 192.168.32.0/24; }; acl "me-reg" { 127.0.0.1/32; }; acl "me-rem" { 127.0.0.2/32; }; acl "me-auth" { 127.0.0.3/32; }; acl "me-hub" { 127.0.0.4/32; }; acl "me-vpn" { 127.0.0.5/32; }; acl "me-isol" { 127.0.0.6/32; }; ////////////////////////////////////////////////////////////// // There should be nothing changed below this line ////////////////////////////////////////////////////////////// options { // The directory statement defines the name server┤s // working directory directory "/bsc/siteConfiguration/named"; pid-file "/var/run/named/named.pid"; recursion yes; listen-on-v6 { any; }; notify no; }; view "registration" { // This should match our registration network. allow-recursion { reg; }; match-clients { reg; }; // The file /var/named/zones.common is where to add // DNS zones that the clients can lookup include "zones.common"; include "zones.reg"; // This forwards all others requests to us at PassThru-reg. zone "." { type forward; forwarders { 127.0.0.1; }; }; }; // All others resolve to view "PassThru-reg" { //This should match our own forward requests. match-clients { me-reg; }; zone "." { type master; file "root.hint.reg"; }; }; view "remediation" { // This should match our remediation network. allow-recursion { rem; }; match-clients { rem; }; // The file /var/named/zones.common is where to add // DNS zones that the clients can lookup include "zones.common"; include "zones.rem"; // This forwards all others requests to us at PassThru-rem. zone "." { type forward; forwarders { 127.0.0.2; }; }; }; // All others resolve to view "PassThru-rem" { //This should match our own forward requests. match-clients { me-rem; }; zone "." { type master; file "root.hint.rem"; }; }; view "deadEnd" { // This should match our DeadEnd network. allow-recursion { de; }; match-clients { de; }; zone "." { type master; file "root.hint.de"; }; }; view "authentication" { // This should match our authentication network. allow-recursion { auth; }; match-clients { auth; }; // The file /var/named/zones.common is where to add // DNS zones that the clients can lookup include "zones.common"; include "zones.auth"; // This forwards all others requests to us at PassThru-auth. zone "." { type forward; forwarders { 127.0.0.3; }; }; }; // All others resolve to view "PassThru-auth" { //This should match our own forward requests. match-clients { me-auth; }; zone "." { type master; file "root.hint.auth"; }; }; view "Hub" { // This should match our Hub network. allow-recursion { hub; }; match-clients { hub; }; // The file /var/named/zones.common is where to add // DNS zones that the clients can lookup include "zones.common"; include "zones.hub"; // This forwards all others requests to us at PassThru-hub. zone "." { type forward; forwarders { 127.0.0.4; }; }; }; // All others resolve to view "PassThru-hub" { //This should match our own forward requests. match-clients { me-hub; }; zone "." { type master; file "root.hint.hub"; }; }; view "VPN" { // This should match our VPN network. allow-recursion { vpn; }; match-clients { vpn; }; // The file /var/named/zones.common is where to add // DNS zones that the clients can lookup include "zones.common"; include "zones.vpn"; // This forwards all others requests to us at PassThru-vpn. zone "." { type forward; forwarders { 127.0.0.5; }; }; }; // All others resolve to view "PassThru-VPN" { //This should match our own forward requests. match-clients { me-vpn; }; zone "." { type master; file "root.hint.vpn"; }; }; //view "deadend" { // // This should match our deadend network. // allow-recursion { deadend; }; // match-clients { deadend; }; // // // // The file /var/named/zones.common is where to add // // DNS zones that the clients can lookup // include "zones.common"; // include "zones.de"; // // // This forwards all others requests to us at PassThru-vpn. // zone "." { // type forward; // forwarders { 127.0.0.6; }; // }; //}; // // // All others resolve to //view "PassThru-deadend" { // //This should match our own forward requests. // match-clients { me-de; }; // zone "." { // type master; // file "root.hint.de"; // }; //}; view "Isol" { // This should match our Isolation network. allow-recursion { isol; }; match-clients { isol; }; // The file /var/named/zones.common is where to add // DNS zones that the clients can lookup include "zones.common"; include "zones.isol"; // This forwards all others requests to us at PassThru-isol. zone "." { type forward; forwarders { 127.0.0.6; }; }; }; // All others resolve to view "PassThru-isol" { //This should match our own forward requests. match-clients { me-isol; }; zone "." { type master; file "root.hint.isol"; }; };