-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathshotgund.conf
152 lines (151 loc) · 4.76 KB
/
shotgund.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#
# shotgund - an asynchronous, parallel, domain-swapping DNS daemon
#
# www.freenum.org resolver config file
# 2007-10-17 [email protected]
#
#
#
# Run with debug level 1 as default. This value can be overridden by
# the command line.
#
debug 4
#
# Fast (async poll() ) or slow (many small poll() ) queries.
# With fast queries, only log at the end of a group. With slow queries, timestamp logging per thread (per resolver.)
#
# default is to use fast poll() (async_query on)
# async_query [on/off]
#
# (We don't see enough traffic to warrant "on" right now) 2007-10-17 jtodd
#
async_query off
#
#
# debug_file specifies the file to write out the debug information.
# This value can be overridden by the command line. If run in the
# foreground, debug data will be appended to both stdout and this file.
#
debug_file shotgund_log
#
# pid_file specifies the file to write daemon process id.
#
pid_file shotgund.pid
#
#
# Syslog output. If specified, will copy output to syslog with this
# message flag. Default is to not send syslog messages.
#
# syslog_level local1.debug
#
#
# What user should the daemon run as after launch? This user takes over
# after all root-level activity (socket creation, etc) has been completed.
#
user oleksiyk
#
#
# listen (bind) addresses
# listen [address] [port]
#
listen * 1053
#
#
#
# Which domains do we want to rip apart and handle in specific ways?
# We first look at the IP address of the device that is sending
# the query. If it matches one or more lines, then see if it
# matches the top-level zone that is being requested. If there
# is a match, and a "permit", then strip off the zone from the
# query, and hand off to the groups specified in the list of
# groups after the "permit" keyword, in the order the groups
# are listed.
#
# Denied lookups are not given any response at all (this aids in
# debugging, and prevents confusing results)
#
# Wildcards can be used for domains or IP addresses (limited)
# * = any string or number, 1 or more characters
#
# Rules are interpreted in order of entry, and the first match
# ends the lookup process.
#
# If no group(s) is specified, then hand off resolution to the
# default-forwarder resolver(s).
#
# host [ip address] [zone suffix] [RR type] [permit,deny] [group-name|resolvers-name, group-name|resolvers-name, ...] [options]
#
#
# In this test case, we want to snag all NAPTR requests coming in from
# all hosts and see if they match "e164.arpa" or "e164.org" as the
# domain suffix. If so, try to do a freenum.org ISN re-write on the
# lookup. Within those re-writes, the system will also then
#
host * e164.arpa. NAPTR permit freenum local-resolvers i
host * e164.org. NAPTR permit freenum local-resolvers i
#
#
# Since people may be pointing to us as a "dumb" resolver, we should just
# pass through all these other types of queries that don't interest us
# for re-write. Just be a dumb resolver shim in these cases...
#
host * * SOA permit local-resolvers
host * * A permit local-resolvers
host * * MX permit local-resolvers
host * * PTR permit local-resolvers
host * * LOC permit local-resolvers
host * * SRV permit local-resolvers
host * * HINFO permit local-resolvers
host * * AAAA permit local-resolvers
host * * CNAME permit local-resolvers
host * * CERT permit local-resolvers
host * * A6 permit local-resolvers
host * * NS permit local-resolvers
host * * GPOS permit local-resolvers
host * * TXT permit local-resolvers
host * * NAPTR permit local-resolvers
#
# end of matching stanzas
#
#
# Let's define some local resolver(s) that should be used
# as the baseline resolvers for domains which we do
# not control directly or know the authoritative resolvers
# for (or, more importantly, that we should NOT hardcode
# the authoritative resolvers for.)
#
forwarder local-resolvers 204.91.156.197 53 2500
forwarder local-resolvers 192.148.252.133 53 2500
#
#
# Create a set of resolvers which are authoritative for
# the freenum.org zone, and we'll use these in the group
# lookups below.
#
# forwarder [group] [ip address] [port]
#
#forwarder freenum-resolvers 127.0.0.1 2053
forwarder freenum-resolvers 204.91.156.197 53
forwarder freenum-resolvers 204.61.216.4 53
#
#
#
# So here is where we fork the queries for a particular group.
# The daemon cuts off the suffix of the original query (that suffix
# is indicated in the "host" line, above) and then tacks on
# the suffix in the "zone" lines below. If an answer comes
# back from one of the lookups, then the NAPTR is given back
# to the querying host.
#
#
# Group "freenum-e164-arpa" is for freenum.org and then for
# e164.arpa zones, which have their own
# resolvers and speed assumptions.
#
# zone [group] [zone] [weight] [max ms wait] [resolvers-name]
#
zone freenum freenum.org. 1 100 freenum-resolvers
#
#
#
# end