[Nottingham] some iptables magic required
Martin
martin at ml1.co.uk
Sun Jan 2 19:10:40 GMT 2005
> Basic BIND setup is something I have been meaning to get around to for a
> while.
Attached is my bind example. Hopefully, all is easily deciphered.
The /var/named/null.db file can be used to harmlessly divert advertising
lookups. See: http://pgl.yoyo.org/adservers/index.php
Good luck,
Martin
--
----------------
Martin Lomas
martin at ml1.co.uk
----------------
-------------- next part --------------
// generated by named-bootconf.pl
// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
};
controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid"; // Put pid file in working dir
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
listen-on { 127.0.0.0/8; 192.168.1.0/24; };
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
//
// ntldns1
// ntldns2
forwarders {
194.168.4.100;
194.168.8.100;
127.0.0.1;
};
};
zone "ml1.co.uk" { type master; notify no; file "ml1couk.db"; };
zone "lan" { type master; notify no; file "ml1lan.db"; };
// Block specific sites
zone "msn.com" { type master; notify no; file "null.db"; };
zone "msn.co.uk" { type master; notify no; file "null.db"; };
zone "msn.net" { type master; notify no; file "null.db"; };
//
// a caching only nameserver config
//
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
// workaround stupid stuff... (OE: Wed 17 Sep 2003)
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "ph" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };
-------------- next part --------------
; null BIND db file for ml1.co.uk
$TTL 86400
@ IN SOA muse06.ml1.co.uk. localdnsadmin.ml1.co.uk. (
2004071801 ; serial number YYMMDDNN
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS muse06.ml1.co.uk.
A 127.0.0.1
* IN A 127.0.0.1
-------------- next part --------------
; Example BIND db file for ml1.co.uk lan
$TTL 86400
@ IN SOA muse06.ml1.co.uk. localdnsadmin.ml1.co.uk. (
2004071801 ; serial number YYMMDDNN
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS muse06.ml1.co.uk.
MX 10 muse06.ml1.co.uk.
$ORIGIN lan.
localhost.localdomain IN A 127.0.0.1
localhost IN A 127.0.0.1
server IN A 192.168.1.1
muse06 IN A 192.168.1.1
muse04 IN A 192.168.1.4
ntlcablemodem IN A 192.168.100.0
cablemodem IN A 192.168.100.0
ntlmodem IN A 192.168.100.0
ntldhcpserver IN A 10.138.151.254
ntldhcp IN A 10.138.151.254
ntldns1 IN A 194.168.4.100
ntldns01 IN A 194.168.4.100
ntldns2 IN A 194.168.8.100
ntldns02 IN A 194.168.8.100
ntlubr IN A 10.145.167.254
time IN A 192.168.1.1
More information about the Nottingham
mailing list