パート1. PowerDNSソリューションに基づく信頼できるDNSサーバーのインストールと構成//基本インストール

 # sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i ens160 -j ACCEPT -A INPUT -i ens192 -p tcp -m state --state NEW --dport 53 -j ACCEPT -A INPUT -i ens192 -p udp -m state --state NEW --dport 53 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited -P INPUT DROP COMMIT 

 CREATE DATABASE powerdns character set utf8; GRANT ALL ON powerdns.* TO 'imperituroard'@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; USE powerdns; CREATE TABLE domains ( id INT AUTO_INCREMENT, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records ( id INT AUTO_INCREMENT, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, disabled TINYINT(1) DEFAULT 0, ordername VARCHAR(255) BINARY DEFAULT NULL, auth TINYINT(1) DEFAULT 1, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX recordorder ON records (domain_id, ordername); CREATE TABLE supermasters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) NOT NULL, PRIMARY KEY (ip, nameserver) ) Engine=InnoDB; CREATE TABLE comments ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) NOT NULL, comment VARCHAR(64000) NOT NULL, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX comments_domain_id_idx ON comments (domain_id); CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); CREATE TABLE domainmetadata ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, kind VARCHAR(32), content TEXT, PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); CREATE TABLE cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, content TEXT, PRIMARY KEY(id) ) Engine=InnoDB; CREATE INDEX domainidindex ON cryptokeys(domain_id); CREATE TABLE tsigkeys ( id INT AUTO_INCREMENT, name VARCHAR(255), algorithm VARCHAR(50), secret VARCHAR(255), PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); 

 setuid=pdns setgid=pdns launch=gmysql gmysql-host=127.0.0.1 gmysql-user=imperituroard gmysql-password=password gmysql-dbname=powerdns gmysql-dnssec=yes # Autogenerated configuration file template ################################# # allow-axfr-ips Allow zonetransfers only to these subnets # allow-axfr-ips=0.0.0.0/0 ################################# # allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges. # # allow-dnsupdate-from=127.0.0.0/8,::1 ################################# # allow-notify-from Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies. # # allow-notify-from=0.0.0.0/0,::/0 ################################# # allow-recursion List of subnets that are allowed to recurse # allow-recursion=0.0.0.0/0 #lazy-recursion=yes #recursor=127.0.0.1:5354 recursor=134.17.0.3 #recursor=212.98.160.50 8.8.8.8 8.8.4.4 82.209.240.241 #recursor=8.8.4.4 #recursor=198.41.0.4 #recursor=192.228.79.201 #recursor=192.33.4.12 #recursor=199.7.91.13 #recursor=192.203.230.10 #recursor=192.5.5.241 #recursor=192.112.36.4 #recursor=128.63.2.53 #recursor=192.36.148.17 #recursor=192.58.128.30 #recursor=193.0.14.129 #recursor=199.7.83.42 #recursor=202.12.27.33 ################################# # also-notify When notifying a domain, also notify these nameservers # # also-notify= ################################# # any-to-tcp Answer ANY queries with tc=1, shunting to TCP # # any-to-tcp=no ################################# # cache-ttl Seconds to store packets in the PacketCache cache-ttl=20000 ################################# # carbon-interval Number of seconds between carbon (graphite) updates # # carbon-interval=30 ################################# # carbon-ourname If set, overrides our reported hostname for carbon stats # # carbon-ourname= ################################# # carbon-server If set, send metrics in carbon (graphite) format to this server # # carbon-server= ################################# # chroot If set, chroot to this directory for more security # # chroot= ################################# # config-dir Location of configuration directory (pdns.conf) # # config-dir=/usr/local/etc ################################# # config-name Name of this virtual configuration - will rename the binary image # # config-name= ################################# # control-console Debugging switch - don't use # control-console=no ################################# # daemon Operate as a daemon # #daemon=yes ################################# # default-ksk-algorithms Default KSK algorithms # # default-ksk-algorithms=rsasha256 ################################# # default-ksk-size Default KSK size (0 means default) # # default-ksk-size=0 ################################# # default-soa-mail mail address to insert in the SOA record if none set in the backend # # default-soa-mail= ################################# # default-soa-name name to insert in the SOA record if none set in the backend # default-soa-name=powerdnstest.tech.mts.by ################################# # default-ttl Seconds a result is valid if not set otherwise # default-ttl=3600 ################################# # default-zsk-algorithms Default ZSK algorithms # # default-zsk-algorithms=rsasha256 ################################# # default-zsk-size Default ZSK size (0 means default) # # default-zsk-size=0 ################################# # direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis # # direct-dnskey=no ################################# # disable-axfr Disable zonetransfers but do allow TCP queries # # disable-axfr=no ################################# # disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing. # # disable-axfr-rectify=no ################################# # disable-tcp Do not listen to TCP queries # # disable-tcp=no ################################# # distributor-threads Default number of Distributor (backend) threads to start # # distributor-threads=3 ################################# # do-ipv6-additional-processing Do AAAA additional processing # # do-ipv6-additional-processing=yes ################################# # edns-subnet-processing If we should act on EDNS Subnet options # # edns-subnet-processing=no ################################# # entropy-source If set, read entropy from this file # # entropy-source=/dev/urandom ################################# # experimental-api-key REST API Static authentication key (required for API use) # # experimental-api-key= ################################# # experimental-api-readonly If the JSON API should disallow data modification # # experimental-api-readonly=no ################################# # experimental-dname-processing If we should support DNAME records # # experimental-dname-processing=no ################################# # experimental-dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no. # # experimental-dnsupdate=no ################################# # experimental-json-interface If the webserver should serve JSON data # # experimental-json-interface=no ################################# # experimental-logfile Filename of the log file for JSON parser # # experimental-logfile=/var/log/pdns.log ################################# # forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master. # # forward-dnsupdate=yes ################################# # guardian Run within a guardian process # #guardian=no ################################# # include-dir Include *.conf files from this directory # # include-dir= ################################# # launch Which backends to launch and order to query them in # # launch= ################################# # load-modules Load this module - supply absolute or relative path # # load-modules= ################################# # local-address Local IP addresses to which we bind # # local-address=0.0.0.0 ################################# # local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server # # local-address-nonexist-fail=yes ################################# # local-ipv6 Local IP address to which we bind # # local-ipv6= ################################# # local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server # # local-ipv6-nonexist-fail=yes ################################# # local-port The port on which we listen # # local-port=53 ################################# # log-dns-details If PDNS should log DNS non-erroneous details # # log-dns-details=no #log-dns-details=/var/log/pdns/pdns-details.log #log-failed-updates=/var/log/pdns/pdns-fail.log #logfile=/var/log/pdns/pdns.log ################################# # log-dns-queries If PDNS should log all incoming DNS queries # log-dns-queries=yes ################################# # logging-facility Log under a specific facility # logging-facility=0 ################################# # loglevel Amount of logging. Higher is more. Do not set below 3 # #logfile=/var/log/pdns/pdns.log #logfile=/etc/pdns/ loglevel=9 ################################# # lua-prequery-script Lua script with prequery handler # # lua-prequery-script= ################################# # master Act as a master # # master=no ################################# # max-cache-entries Maximum number of cache entries # # max-cache-entries=1000000 ################################# # max-ent-entries Maximum number of empty non-terminals in a zone # # max-ent-entries=100000 ################################# # max-nsec3-iterations Limit the number of NSEC3 hash iterations # # max-nsec3-iterations=500 ################################# # max-queue-length Maximum queuelength before considering situation lost # max-queue-length=5000 ################################# # max-signature-cache-entries Maximum number of signatures cache entries # # max-signature-cache-entries= ################################# ################################# # max-tcp-connections Maximum number of TCP connections # max-tcp-connections=20 ################################# # module-dir Default directory for modules # # module-dir=/usr/local/lib/pdns ################################# # negquery-cache-ttl Seconds to store negative query results in the QueryCache # # negquery-cache-ttl=60 ################################# # no-shuffle Set this to prevent random shuffling of answers - for regression testing # # no-shuffle=off ################################# # only-notify Only send AXFR NOTIFY to these IP addresses or netmasks # # only-notify=0.0.0.0/0,::/0 ################################# # out-of-zone-additional-processing Do out of zone additional processing # # out-of-zone-additional-processing=yes ################################# # overload-queue-length Maximum queuelength moving to packetcache only # # overload-queue-length=0 ################################# # pipebackend-abi-version Version of the pipe backend ABI # # pipebackend-abi-version=1 ################################# # prevent-self-notification Don't send notifications to what we think is ourself # # prevent-self-notification=yes ################################# # query-cache-ttl Seconds to store query results in the QueryCache # # query-cache-ttl=20 ################################# # query-local-address Source IP address for sending queries # # query-local-address=0.0.0.0 ################################# # query-local-address6 Source IPv6 address for sending queries # # query-local-address6=:: ################################# # query-logging Hint backends that queries should be logged # # query-logging=no ################################# # queue-limit Maximum number of milliseconds to queue a query # # queue-limit=1500 ################################# # receiver-threads Default number of receiver threads to start # # receiver-threads=1 ################################# # recursive-cache-ttl Seconds to store packets for recursive queries in the PacketCache # # recursive-cache-ttl=10 ################################# # recursor If recursion is desired, IP address of a recursing nameserver # # recursor=no ################################# # retrieval-threads Number of AXFR-retrieval threads for slave operation # # retrieval-threads=2 ################################# # reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket # # reuseport=no ################################# # security-poll-suffix Domain name from which to query security update notifications # # security-poll-suffix=secpoll.powerdns.com. ################################# # send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority # # send-root-referral=no ################################# # server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom # # server-id= ################################# # setgid If set, change group id to this gid for more security # # setgid= ################################# # setuid If set, change user id to this uid for more security # # setuid= ################################# # signing-threads Default number of signer threads to start # # # signing-threads=3 ################################# # slave Act as a slave # # slave=no ################################# # slave-cycle-interval Schedule slave freshness checks once every .. seconds # # slave-cycle-interval=60 ################################# # slave-renotify If we should send out notifications for slaved updates # # slave-renotify=no ################################# # soa-expire-default Default SOA expire # # soa-expire-default=604800 ################################# # soa-minimum-ttl Default SOA minimum ttl # # soa-minimum-ttl=3600 ################################# # soa-refresh-default Default SOA refresh # # soa-refresh-default=10800 ################################# # soa-retry-default Default SOA retry # # soa-retry-default=3600 ################################# # socket-dir Where the controlsocket will live # # socket-dir=/var/run ################################# # tcp-control-address If set, PowerDNS can be controlled over TCP on this address # # tcp-control-address= ################################# # tcp-control-port If set, PowerDNS can be controlled over TCP on this address # # tcp-control-port=53000 ################################# # tcp-control-range If set, remote control of PowerDNS is possible over these networks only # # tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 ################################# # tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret # # tcp-control-secret= ################################# # traceback-handler Enable the traceback handler (Linux only) # # traceback-handler=yes ################################# # trusted-notification-proxy IP address of incoming notification proxy # # trusted-notification-proxy= ################################# # udp-truncation-threshold Maximum UDP response size before we truncate # # udp-truncation-threshold=1680 ################################# # version-string PowerDNS version in packets - full, anonymous, powerdns or custom # # version-string=full ################################# # webserver Start a webserver for monitoring # # webserver=no ################################# # webserver-address IP Address of webserver to listen on # # webserver-address=127.0.0.1 ################################# # webserver-allow-from Webserver access is only allowed from these subnets # # webserver-allow-from=0.0.0.0/0,::/0 ################################# # webserver-password Password required for accessing the webserver # # webserver-password= ################################# # webserver-port Port of webserver to listen on # # webserver-port=8081 ################################# # webserver-print-arguments If the webserver should print arguments # # webserver-print-arguments=no 

 # # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. # In particular, see # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> # for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so 'log/access_log' # with ServerRoot set to '/www' will be interpreted by the # server as '/www/log/access_log', where as '/log/access_log' will be # interpreted as '/log/access_log'. # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # Do not add a slash at the end of the directory path. If you point # ServerRoot at a non-local disk, be sure to specify a local disk on the # Mutex directive, if file-based mutexes are used. If you wish to share the # same ServerRoot for multiple httpd daemons, you will need to change at # least PidFile. # ServerRoot "/etc/httpd" # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 Listen 80 # # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you # have to place corresponding `LoadModule' lines at this location so the # directives contained in it are actually available _before_ they are used. # Statically compiled modules (those listed by `httpd -l') do not need # to be loaded here. # # Example: # LoadModule foo_module modules/mod_foo.so # Include conf.modules.d/*.conf # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # User apache Group apache # 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # <VirtualHost> definition. These values also provide defaults for # any <VirtualHost> containers you may define later in the file. # # All of these directives may appear inside <VirtualHost> containers, # in which case these default settings will be overridden for the # virtual host being defined. # # # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. eg admin@your-domain.com # ServerAdmin root@localhost # # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If your host doesn't have a registered DNS name, enter its IP address here. # #ServerName www.example.com:80 # # Deny access to the entirety of your server's filesystem. You must # explicitly permit access to web content directories in other # <Directory> blocks below. # <Directory /> AllowOverride none Require all denied </Directory> # # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below. # # # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/var/www/html" # # Relax access to content within /var/www. # <Directory "/var/www"> AllowOverride None # Allow open access: Require all granted </Directory> # Further relax access to the default document root: <Directory "/var/www/html"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Require all granted </Directory> <Directory "/var/www/html/powerdns/"> Order deny,allow deny from all allow from 217.21.61.8 allow from 10.128.71.3 allow from 10.135.55.4 allow from 46.216.24.152 </Directory> # # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # <IfModule dir_module> DirectoryIndex index.html </IfModule> # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ".ht*"> Require all denied </Files> # # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog "logs/error_log" # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn <IfModule log_config_module> # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # #CustomLog "logs/access_log" common # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # CustomLog "logs/access_log" combined </IfModule> <IfModule alias_module> # # Redirect: Allows you to tell clients about documents that used to # exist in your server's namespace, but do not anymore. The client # will make a new request for the document at its new location. # Example: # Redirect permanent /foo http://www.example.com/bar # # Alias: Maps web paths into filesystem paths and is used to # access content that does not live under the DocumentRoot. # Example: # Alias /webpath /full/filesystem/path # # If you include a trailing / on /webpath then the server will # require it to be present in the URL. You will also likely # need to provide a <Directory> section to allow access to # the filesystem path. # # ScriptAlias: This controls which directories contain server scripts. # ScriptAliases are essentially the same as Aliases, except that # documents in the target directory are treated as applications and # run by the server when requested rather than as documents sent to the # client. The same rules about trailing "/" apply to ScriptAlias # directives as to Alias. # ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" </IfModule> # # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # <Directory "/var/www/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> # # TypesConfig points to the file containing the list of mappings from # filename extension to MIME-type. # TypesConfig /etc/mime.types # # AddType allows you to add to or override the MIME configuration # file specified in TypesConfig for specific file types. # #AddType application/x-gzip .tgz # # AddEncoding allows you to have certain browsers uncompress # information on the fly. Note: Not all browsers support this. # #AddEncoding x-compress .Z #AddEncoding x-gzip .gz .tgz # # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz # # AddHandler allows you to map certain file extensions to "handlers": # actions unrelated to filetype. These can be either built into the server # or added with the Action directive (see below) # # To use CGI scripts outside of ScriptAliased directories: # (You will also need to add "ExecCGI" to the "Options" directive.) # #AddHandler cgi-script .cgi # For type maps (negotiated resources): #AddHandler type-map var # # Filters allow you to process content before it is sent to the client. # # To parse .shtml files for server-side includes (SSI): # (You will also need to add "Includes" to the "Options" directive.) # AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> # # Specify a default charset for all content served; this enables # interpretation of all content as UTF-8 by default. To use the # default browser choice (ISO-8859-1), or to allow the META tags # in HTML content to override this choice, comment out this # directive: # AddDefaultCharset UTF-8 <IfModule mime_magic_module> # # The mod_mime_magic module allows the server to use various hints from the # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # MIMEMagicFile conf/magic </IfModule> # # Customizable error responses come in three flavors: # 1) plain text 2) local redirects 3) external redirects # # Some examples: #ErrorDocument 500 "The server made a boo boo." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html # # # EnableMMAP and EnableSendfile: On systems that support it, # memory-mapping or the sendfile syscall may be used to deliver # files. This usually improves server performance, but must # be turned off when serving from networked-mounted # filesystems or if support for these functions is otherwise # broken on your system. # Defaults if commented: EnableMMAP On, EnableSendfile Off # #EnableMMAP off EnableSendfile on # Supplemental configuration # # Load config files in the "/etc/httpd/conf.d" directory, if any. IncludeOptional conf.d/*.conf 

 <?php /** * Sample configuration file with default values * * @package Poweradmin * @copyright 2007-2010 Rejo Zenger <rejo@zenger.nl> * @copyright 2010-2014 Poweradmin Development Team * @license http://opensource.org/licenses/GPL-3.0 GPL */ // NOTE: Do not edit this file, otherwise it's very likely your changes // will be overwritten with an upgrade. // Instead, create the file "inc/config.inc.php" and set the variables you // want to set there. Your changes will override the defaults provided by us. // Better description of available configuration settings you can find here: // <https://github.com/poweradmin/poweradmin/wiki/Configuration-File> // Database settings $db_host = 'localhost'; $db_port = '3306'; $db_user = 'imperituroard'; $db_pass = 'password'; $db_name = 'powerdns'; $db_type = 'mysql'; //$db_file = ''; # used only for SQLite, provide full path to database file //$db_debug = false; # show all SQL queries $db_layer = 'PDO'; # or MDB2 //$db_ssl_ca = ''; // Security settings // This should be changed upon install $session_key = 'fg234v95ms@4n)kf!kje%7vh*eved'; $password_encryption = 'md5'; // or md5salt // Interface settings $iface_lang = 'en_EN'; $iface_style = 'example'; $iface_rowamount = 50; $iface_expire = 1800; $iface_zonelist_serial = false; $iface_title = 'Poweradmin'; $iface_add_reverse_record = true; // Predefined DNS settings $dns_hostmaster = ''; $dns_ns1 = ''; $dns_ns2 = ''; $dns_ttl = 86400; $dns_fancy = false; $dns_strict_tld_check = false; $dns_top_level_tld_check = false; // Don't allow to create top level TLDs $dns_third_level_check = false; // Timezone settings // See <http://www.php.net/manual/en/timezones.php> for help. //$timezone = 'UTC'; // Logging settings // Syslog usage - writes authentication attempts to syslog // This facility could be used in combination with fail2ban to // ban IPs with break-in attempts $syslog_use = false; $syslog_ident = 'poweradmin'; // On Windows usually only LOG_USER is available $syslog_facility = LOG_USER; // PowerDNSSEC settings $pdnssec_use = false; $pdnssec_command = '/usr/bin/pdnssec'; // LDAP settings $ldap_use = false; $ldap_debug = false; $ldap_uri = 'ldap://domaincontroller.example.com'; $ldap_basedn = 'OU=Users,DC=example,DC=com'; $ldap_binddn = 'GROUP\lookupuser'; $ldap_bindpw = 'some_password'; $ldap_user_attribute = 'sAMAccountName'; $ldap_proto = 3;