- Accueil
- » Forum
- » Serveurs
- » Bind9 conf fail
Pages : 1
#1 Le 06/06/2013, à 08:38
- killan
Bind9 conf fail
Bonjour,
J'ai un bind9 d'installé qui gère plusieurs domaines et qui va bien, malheureusement je me fais attaqué par empoisonnement de cache, je cherche donc à renforcer ma config.
Mon named.conf est de base :
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.zones";On m'a conseillé d'utiliser des view mais dès que j'écris le code dans le conf j'ai l'erreur :
Stopping domain name service...: bind9rndc: connect failed: 127.0.0.1#953: connection refused
.
Starting domain name service...: bind9 [color=#ff0000]failed![/color]Un pote m'a donné une config qui m'irait basé sur mes fichiers :
acl "recurseallow" {
127.0.0.0/8;
::1/128;
};
options {
directory "/var/cache/bind";
listen-on { any; };
empty-zones-enable 0;
};
logging {
channel custom_log {
file "/var/log/named.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { custom_log; };
category security { custom_log; };
category lame-servers{ null; };
};
view "internal" in {
/*
* Our internal (trusted) view. We permit the internal networks
* to freely access this view. We perform recursion for our
* internal hosts, and retrieve data from the cache for them.
*/
match-clients { recurseallow; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
max-ncache-ttl 180;
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
};
view "public" in {
/*
* Our external (untrusted) view. We permit any client to access
* portions of this view. We do not perform recursion or cache
* access for hosts using this view.
*/
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
include "/etc/bind/named.conf.zones";
zone "." in {
type hint;
file "/var/bind/root.cache";
};
};
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};Malheureusement en vain, auriez-vous une idée du pourquoi le mot clef view ou son bloc pose problème ?
D'avance merci !
Dernière modification par killan (Le 06/06/2013, à 08:40)
Hors ligne
Pages : 1