On 19-09-2014 11:24, Craig R. Skinner wrote:
> On 2014-09-19 Fri 12:28 PM |, Krzysztof Strzeszewski wrote:
>> I want add my global domain in my serwer dns unbound... How to do?
>>
>> I konw how add my domain in named(bind):
>>
> $ man 8 unbound
> ...
> ..
> DESCRIPTION
> Unbound is an implementation of a DNS resolver, that does caching
> .....
>
>
>
> Use NSD:
>
> $ man 8 nsd
> ...
> ...
> DESCRIPTION
> NSD is a complete implementation of an authoritative DNS nameserver.
> ...
>
> $ man 5 nsd.conf
>
> The zone file format is much the same as for named(BIND), you can
> probably use the same file copied in to /var/nsd/zones/master/
>
>
>
> Something like:
>
> # nsd.conf
> server:
> verbosity: 2
> hide-version: yes
> ip4-only: yes
> ip-address: pub.lic.ip.address
> # different privileged port on loopback for unbound stub zones:
> # The ARPA Host Name Server Protocol (NAMESERVER)
> # is an obsolete network protocol ====> unused
> # http://en.wikipedia.org/wiki/ARPA_Host_Name_Server_Protocol
> ip-address: 127.0.0.1@42
>
> remote-control:
> control-enable: yes
>
> # Master zones:
> zone:
> name: "internal"
> zonefile: "master/internal"
>
> zone:
> name: "1.168.192.in-addr.arpa"
> zonefile: "master/1.168.192.in-addr.arpa"
>
> zone:
> name: "example.not"
> zonefile: "master/example.not"
> notify: slave.server.ip.address NOKEY
> provide-xfr: slave.server.ip.address NOKEY
>
>
>
>
>
>
> # unbound.conf
> server:
> interface: 127.0.0.1
> interface: 192.168.1.1
> do-ip6: no
> access-control: ::0/0 refuse
> access-control: 0.0.0.0/0 refuse
> access-control: 127.0.0.0/8 allow
> access-control: 192.168.1.0/24 allow
> hide-identity: yes
> hide-version: yes
> verbosity: 2
> log-queries: yes
> root-hints: /etc/root.hints
> do-not-query-localhost: no # NOTE THIS!!!
>
> # private networks:
> private-address: 10.0.0.0/8
> private-address: 100.64.0.0/10
> private-address: 172.16.0.0/12
> private-address: 192.0.0.0/29
> private-address: 192.168.0.0/16
> private-address: 198.18.0.0/15
> # example source code & documentation:
> private-address: 192.0.2.0/24
> private-address: 198.51.100.0/24
> private-address: 203.0.113.0/24
> # subnet, autoconfiguration between two hosts on a single link:
> private-address: 169.254.0.0/16
> # reserved for multicast assignments:
> private-address: 224.0.0.0/4
> # reserved for future use:
> private-address: 240.0.0.0/4
>
> private-domain: 'internal'
>
> local-zone: '1.168.192.in-addr.arpa' typetransparent # NOTE THIS!!!
>
> local-zone: "localhost." static
> local-data: "localhost. 10800 IN NS localhost."
> local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600
1200 604800 10800"
> local-data: "localhost. 10800 IN A 127.0.0.1"
> # Disabled: ("do-ip6: no" doesn't do it):
> # local-data: "localhost. 10800 IN AAAA ::1"
>
> remote-control:
> control-enable: yes
>
> stub-zone:
> name: 'internal'
> stub-addr: 127.0.0.1@42
>
> stub-zone:
> name: '1.168.192.in-addr.arpa'
> stub-addr: 127.0.0.1@42
>
> stub-zone:
> name: 'example.not'
> stub-addr: 127.0.0.1@42
> stub-addr: slave.server.ip.address
> stub-first: yes
>
Craig,
If I understood this correctly this "almost" replace the view
function on bind? Now that it was dropped I need to start planning my
transition.
Cheers,
[demime 1.01d removed an attachment of type application/pkcs7-signature which
had a name of smime.p7s]
