Загрузить файлы в «provisioning»

2026-04-04 16:30:44 +03:00
parent f85a150e25
commit 8bb5509d9d
4 changed files with 142 additions and 0 deletions
--- a/provisioning/rndc.conf
+++ b/provisioning/rndc.conf
@@ -0,0 +1,9 @@
+key "rndc-key" {
+    algorithm hmac-md5;
+    secret "GrtiE9kz16GK+OKKU/qJvQ==";
+};
+
+options {
+    default-key "rndc-key";
+    default-server 192.168.50.10; 
+};
--- a/provisioning/servers-resolv.conf
+++ b/provisioning/servers-resolv.conf
@@ -0,0 +1,3 @@
+domain dns.lab
+search dns.lab
+nameserver 127.0.0.1
--- a/provisioning/slave-named.conf
+++ b/provisioning/slave-named.conf
@@ -0,0 +1,126 @@
+options {
+
+    // network 
+	listen-on port 53 { 192.168.50.11; };
+	listen-on-v6 port 53 { ::1; };
+
+    // data
+	directory 	"/var/named";
+	dump-file 	"/var/named/data/cache_dump.db";
+	statistics-file "/var/named/data/named_stats.txt";
+	memstatistics-file "/var/named/data/named_mem_stats.txt";
+
+    // server
+	recursion yes;
+	allow-query     { any; };
+    allow-transfer { any; };
+    
+    // dnssec
+	dnssec-enable yes;
+	dnssec-validation yes;
+
+    // others
+	bindkeys-file "/etc/named.iscdlv.key";
+	managed-keys-directory "/var/named/dynamic";
+	pid-file "/run/named/named.pid";
+	session-keyfile "/run/named/session.key";
+};
+
+logging {
+        channel default_debug {
+                file "data/named.run";
+                severity dynamic;
+        };
+};
+
+// RNDC Control for client
+key "rndc-key" {
+    algorithm hmac-md5;
+    secret "GrtiE9kz16GK+OKKU/qJvQ==";
+};
+controls {
+        inet 192.168.50.11 allow { 192.168.50.15; } keys { "rndc-key"; };
+};      
+
+
+// ZONE TRANSFER WITH TSIG
+include "/etc/named.zonetransfer.key"; 
+server 192.168.50.10 {
+    keys { "zonetransfer.key"; };
+};
+
+
+acl "client" { 192.168.50.15; }; 
+acl "client2" { 192.168.50.20; };
+
+view "client" {
+    match-clients { "client"; };
+    zone "dns.lab" {
+        type slave;
+        masters { 192.168.50.10; };
+        transfer-source 192.168.50.12;
+        file "/etc/named/named.dns.lab.limit";
+    };
+
+    zone "newdns.lab" {
+        type slave;
+        masters { 192.168.50.10; };
+        file "/etc/named/named.newdns.lab";
+    };
+
+};
+
+
+view "client2" {
+    match-clients { "client2"; };
+    zone "dns.lab" {
+        type slave;
+        masters { 192.168.50.10; };
+        file "/etc/named/named.dns.lab";
+    };
+    
+};
+
+view "any" {
+    match-clients { "any"; };
+    // root zone
+    zone "." IN {
+    	type hint;
+    	file "named.ca";
+    };
+
+    // zones like localhost
+    include "/etc/named.rfc1912.zones";
+    // root's DNSKEY
+    include "/etc/named.root.key";
+
+    // lab's zone
+    zone "dns.lab" {
+        type slave;
+        masters { 192.168.50.10; };
+        file "/etc/named/named.dns.lab";
+    };
+
+    // lab's zone reverse
+    zone "50.168.192.in-addr.arpa" {
+        type slave;
+        masters { 192.168.50.10; };
+        file "/etc/named/named.dns.lab.rev";
+    };
+
+    // lab's ddns zone
+    zone "ddns.lab" {
+        type slave;
+        masters { 192.168.50.10; };
+        file "/etc/named/named.ddns.lab";
+    };
+
+    // newlab's zone
+    zone "newdns.lab" {
+        type slave;
+        masters { 192.168.50.10; };
+        file "/etc/named/named.newdns.lab";
+    };
+};
+
+
--- a/provisioning/zonetransfer.key
+++ b/provisioning/zonetransfer.key
@@ -0,0 +1,4 @@
+key "zonetransfer.key" {
+    algorithm hmac-md5;
+    secret "SB4Db9pJomyKxTNynlAq/g==";
+};