[sysadmin-notify] [ansible] Enable bind recursion on internal view
commit f1131181e26fe6cc0c998432c62d5cf774f8ee3a
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Jan 4 23:01:49 2018 +0100
Enable bind recursion on internal view
roles/dns/files/named.conf | 17 +++++++++++++++++
1 files changed, 17 insertions(+), 0 deletions(-)
---
diff --git a/roles/dns/files/named.conf b/roles/dns/files/named.conf
index 5f8462e..e0c587c 100644
--- a/roles/dns/files/named.conf
+++ b/roles/dns/files/named.conf
@@ -22,12 +22,19 @@ acl "everyone" { 0.0.0.0/0; ::0/0; };
//
acl "ns_kimsufi" { 213.186.33.199; 2001:41d0:8:2b87::/128; };
acl "ns_online" { 62.210.16.8; };
+
+acl "local" {
+ localhost;
+ localnets;
+};
+
//
options {
directory "/";
auth-nxdomain yes;
allow-query { everyone; };
dnssec-enable yes;
+ dnssec-validation yes;
query-source address * port *;
query-source-v6 address * port *;
allow-transfer { localhost; slaves; ns_kimsufi; ns_online;};
@@ -84,6 +91,16 @@ controls {
inet 127.0.0.1 port 953 allow { localhost; } keys { rndc-key; };
};
+view "INTERNAL" {
+ match-clients { local; };
+ recursion yes;
+ include "/etc/named/zones.conf";
+ forwarders {
+ 62.210.16.6;
+ 62.210.16.7;
+ };
+ forward only;
+};
view "DEFAULT" {
match-clients { any; };