altf4arnold/heracles-templates
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

[ADD] adding templates

Browse source
This commit is contained in:
Arnold Dechamps 2024-10-24 13:52:34 +02:00
parent 330e76f89c
commit 898eab7849
No known key found for this signature in database
GPG key ID: AE66543374E41C89
6 changed files with 196 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
master/named.conf Normal file
View file

@ -0,0 +1,21 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
dnssec-policy "algo13" {
keys {
ksk lifetime unlimited algorithm 13;
zsk lifetime 30d algorithm 13;
};
max-zone-ttl 1d;
signatures-validity 14d;
signatures-refresh 7d;
};

20
master/named.conf.local Normal file
View file

@ -0,0 +1,20 @@
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "example.com" {
type master;
file "/var/bind/zones/db.example.com";
allow-query { any; };
allow-transfer { 192.168.1.1; };
also-notify { 192.168.1.1; };
inline-signing yes;
dnssec-policy "algo13";
key-directory "/etc/bind/keys";
};

68
master/named.conf.options Normal file
View file

@ -0,0 +1,68 @@
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
allow-new-zones yes;
listen-on-v6 { any; };
};
logging {
channel transfers {
file "/var/log/bind/transfers" versions 3 size 10M;
print-time yes;
severity info;
};
channel notify {
file "/var/log/bind/notify" versions 3 size 10M;
print-time yes;
severity info;
};
channel dnssec {
file "/var/log/bind/dnssec" versions 3 size 10M;
print-time yes;
severity info;
};
channel query {
file "/var/log/bind/query" versions 5 size 10M;
print-time yes;
severity info;
};
channel general {
file "/var/log/bind/general" versions 3 size 10M;
print-time yes;
severity info;
};
channel slog {
syslog security;
severity info;
};
category xfer-out { transfers; slog; };
category xfer-in { transfers; slog; };
category notify { notify; };
category lame-servers { general; };
category config { general; };
category default { general; };
category security { general; slog; };
category dnssec { dnssec; };
// category queries { query; };
};

11
slave/named.conf Normal file
View file

@ -0,0 +1,11 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

9
slave/named.conf.local Normal file
View file

@ -0,0 +1,9 @@
zone "example.com" {
type slave;
notify yes;
file "/var/lib/bind/db-example.com";
masters { 192.168.1.1; };
allow-notify { 192.168.1.1; };
allow-query { any; };
allow-transfer { "none"; };
};

67
slave/named.conf.options Normal file
View file

@ -0,0 +1,67 @@
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};
logging {
channel transfers {
file "/var/log/bind/transfers" versions 3 size 10M;
print-time yes;
severity info;
};
channel notify {
file "/var/log/bind/notify" versions 3 size 10M;
print-time yes;
severity info;
};
channel dnssec {
file "/var/log/bind/dnssec" versions 3 size 10M;
print-time yes;
severity info;
};
channel query {
file "/var/log/bind/query" versions 5 size 10M;
print-time yes;
severity info;
};
channel general {
file "/var/log/bind/general" versions 3 size 10M;
print-time yes;
severity info;
};
channel slog {
syslog security;
severity info;
};
category xfer-out { transfers; slog; };
category xfer-in { transfers; slog; };
category notify { notify; };
category lame-servers { general; };
category config { general; };
category default { general; };
category security { general; slog; };
category dnssec { dnssec; };
// category queries { query; };
};