Часть 1. Установка и настройка авторитарного DNS сервера на основе решения PowerDNS

# sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eno160  -j ACCEPT -A INPUT -i eno192 -p tcp  -m state --state NEW  --dport 53 -j ACCEPT -A INPUT -i eno192 -p udp -m state --state NEW  --dport 53 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited -P INPUT DROP COMMIT  

CREATE DATABASE powerdns character set utf8; GRANT ALL ON powerdns.* TO 'imperituroard'@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; USE powerdns; CREATE TABLE domains (   id                    INT AUTO_INCREMENT,   name                  VARCHAR(255) NOT NULL,   master                VARCHAR(128) DEFAULT NULL,   last_check            INT DEFAULT NULL,   type                  VARCHAR(6) NOT NULL,   notified_serial       INT DEFAULT NULL,   account               VARCHAR(40) DEFAULT NULL,   PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records (   id                    INT AUTO_INCREMENT,   domain_id             INT DEFAULT NULL,   name                  VARCHAR(255) DEFAULT NULL,   type                  VARCHAR(10) DEFAULT NULL,   content               VARCHAR(64000) DEFAULT NULL,   ttl                   INT DEFAULT NULL,   prio                  INT DEFAULT NULL,   change_date           INT DEFAULT NULL,   disabled              TINYINT(1) DEFAULT 0,   ordername             VARCHAR(255) BINARY DEFAULT NULL,   auth                  TINYINT(1) DEFAULT 1,   PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX recordorder ON records (domain_id, ordername); CREATE TABLE supermasters (   ip                    VARCHAR(64) NOT NULL,   nameserver            VARCHAR(255) NOT NULL,   account               VARCHAR(40) NOT NULL,   PRIMARY KEY (ip, nameserver) ) Engine=InnoDB; CREATE TABLE comments (   id                    INT AUTO_INCREMENT,   domain_id             INT NOT NULL,   name                  VARCHAR(255) NOT NULL,   type                  VARCHAR(10) NOT NULL,   modified_at           INT NOT NULL,   account               VARCHAR(40) NOT NULL,   comment               VARCHAR(64000) NOT NULL,   PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX comments_domain_id_idx ON comments (domain_id); CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); CREATE TABLE domainmetadata (   id                    INT AUTO_INCREMENT,   domain_id             INT NOT NULL,   kind                  VARCHAR(32),   content               TEXT,   PRIMARY KEY (id) ) Engine=InnoDB; CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); CREATE TABLE cryptokeys (   id                    INT AUTO_INCREMENT,   domain_id             INT NOT NULL,   flags                 INT NOT NULL,   active                BOOL,   content               TEXT,   PRIMARY KEY(id) ) Engine=InnoDB; CREATE INDEX domainidindex ON cryptokeys(domain_id); CREATE TABLE tsigkeys (   id                    INT AUTO_INCREMENT,   name                  VARCHAR(255),   algorithm             VARCHAR(50),   secret                VARCHAR(255),   PRIMARY KEY (id) ) Engine=InnoDB; CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); 

 setuid=pdns setgid=pdns launch=gmysql gmysql-host=127.0.0.1 gmysql-user=imperituroard gmysql-password=password gmysql-dbname=powerdns gmysql-dnssec=yes # Autogenerated configuration file template ################################# # allow-axfr-ips        Allow zonetransfers only to these subnets #  allow-axfr-ips=0.0.0.0/0  ################################# # allow-dnsupdate-from  A global setting to allow DNS updates from these IP ranges. # # allow-dnsupdate-from=127.0.0.0/8,::1  ################################# # allow-notify-from     Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies. # # allow-notify-from=0.0.0.0/0,::/0  ################################# # allow-recursion       List of subnets that are allowed to recurse # allow-recursion=0.0.0.0/0 #lazy-recursion=yes  #recursor=127.0.0.1:5354 recursor=134.17.0.3 #recursor=212.98.160.50 8.8.8.8 8.8.4.4 82.209.240.241 #recursor=8.8.4.4 #recursor=198.41.0.4 #recursor=192.228.79.201 #recursor=192.33.4.12 #recursor=199.7.91.13 #recursor=192.203.230.10 #recursor=192.5.5.241 #recursor=192.112.36.4 #recursor=128.63.2.53 #recursor=192.36.148.17 #recursor=192.58.128.30 #recursor=193.0.14.129 #recursor=199.7.83.42 #recursor=202.12.27.33 ################################# # also-notify   When notifying a domain, also notify these nameservers # # also-notify=  ################################# # any-to-tcp    Answer ANY queries with tc=1, shunting to TCP # # any-to-tcp=no  ################################# # cache-ttl     Seconds to store packets in the PacketCache cache-ttl=20000  ################################# # carbon-interval       Number of seconds between carbon (graphite) updates # # carbon-interval=30  ################################# # carbon-ourname        If set, overrides our reported hostname for carbon stats # # carbon-ourname=  ################################# # carbon-server If set, send metrics in carbon (graphite) format to this server # # carbon-server=  ################################# # chroot        If set, chroot to this directory for more security # # chroot=  ################################# # config-dir    Location of configuration directory (pdns.conf) # # config-dir=/usr/local/etc  ################################# # config-name   Name of this virtual configuration - will rename the binary image # # config-name=  ################################# # control-console       Debugging switch - don't use # control-console=no  ################################# # daemon        Operate as a daemon # #daemon=yes  ################################# # default-ksk-algorithms        Default KSK algorithms # # default-ksk-algorithms=rsasha256  ################################# # default-ksk-size      Default KSK size (0 means default) # # default-ksk-size=0  ################################# # default-soa-mail      mail address to insert in the SOA record if none set in the backend # # default-soa-mail=  ################################# # default-soa-name      name to insert in the SOA record if none set in the backend # default-soa-name=powerdnstest.tech.mts.by  ################################# # default-ttl   Seconds a result is valid if not set otherwise # default-ttl=3600  ################################# # default-zsk-algorithms        Default ZSK algorithms # # default-zsk-algorithms=rsasha256  ################################# # default-zsk-size      Default ZSK size (0 means default) # # default-zsk-size=0  ################################# # direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis # # direct-dnskey=no  ################################# # disable-axfr  Disable zonetransfers but do allow TCP queries # # disable-axfr=no  ################################# # disable-axfr-rectify  Disable the rectify step during an outgoing AXFR. Only required for regression testing. # # disable-axfr-rectify=no  ################################# # disable-tcp   Do not listen to TCP queries # # disable-tcp=no  ################################# # distributor-threads   Default number of Distributor (backend) threads to start # # distributor-threads=3  ################################# # do-ipv6-additional-processing Do AAAA additional processing # # do-ipv6-additional-processing=yes  ################################# # edns-subnet-processing        If we should act on EDNS Subnet options # # edns-subnet-processing=no  ################################# # entropy-source        If set, read entropy from this file # # entropy-source=/dev/urandom  ################################# # experimental-api-key  REST API Static authentication key (required for API use) # # experimental-api-key=  ################################# # experimental-api-readonly     If the JSON API should disallow data modification # # experimental-api-readonly=no  ################################# # experimental-dname-processing If we should support DNAME records # # experimental-dname-processing=no  ################################# # experimental-dnsupdate        Enable/Disable DNS update (RFC2136) support. Default is no. # # experimental-dnsupdate=no  ################################# # experimental-json-interface   If the webserver should serve JSON data # # experimental-json-interface=no  ################################# # experimental-logfile  Filename of the log file for JSON parser # # experimental-logfile=/var/log/pdns.log  ################################# # forward-dnsupdate     A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master. # # forward-dnsupdate=yes  ################################# # guardian      Run within a guardian process # #guardian=no  ################################# # include-dir   Include *.conf files from this directory # # include-dir=  ################################# # launch        Which backends to launch and order to query them in # # launch=  ################################# # load-modules  Load this module - supply absolute or relative path # # load-modules=  ################################# # local-address Local IP addresses to which we bind # # local-address=0.0.0.0  ################################# # local-address-nonexist-fail   Fail to start if one or more of the local-address's do not exist on this server # # local-address-nonexist-fail=yes  ################################# # local-ipv6    Local IP address to which we bind # # local-ipv6=  ################################# # local-ipv6-nonexist-fail      Fail to start if one or more of the local-ipv6 addresses do not exist on this server # # local-ipv6-nonexist-fail=yes  ################################# # local-port    The port on which we listen # # local-port=53  ################################# # log-dns-details       If PDNS should log DNS non-erroneous details # # log-dns-details=no #log-dns-details=/var/log/pdns/pdns-details.log #log-failed-updates=/var/log/pdns/pdns-fail.log #logfile=/var/log/pdns/pdns.log ################################# # log-dns-queries       If PDNS should log all incoming DNS queries # log-dns-queries=yes  ################################# # logging-facility      Log under a specific facility # logging-facility=0  ################################# # loglevel      Amount of logging. Higher is more. Do not set below 3 #  #logfile=/var/log/pdns/pdns.log #logfile=/etc/pdns/ loglevel=9  ################################# # lua-prequery-script   Lua script with prequery handler # # lua-prequery-script=  ################################# # master        Act as a master # # master=no  ################################# # max-cache-entries     Maximum number of cache entries # # max-cache-entries=1000000  ################################# # max-ent-entries       Maximum number of empty non-terminals in a zone # # max-ent-entries=100000  ################################# # max-nsec3-iterations  Limit the number of NSEC3 hash iterations # # max-nsec3-iterations=500  ################################# # max-queue-length      Maximum queuelength before considering situation lost # max-queue-length=5000  ################################# # max-signature-cache-entries   Maximum number of signatures cache entries # # max-signature-cache-entries=  ################################# ################################# # max-tcp-connections   Maximum number of TCP connections # max-tcp-connections=20  ################################# # module-dir    Default directory for modules # # module-dir=/usr/local/lib/pdns  ################################# # negquery-cache-ttl    Seconds to store negative query results in the QueryCache # # negquery-cache-ttl=60  ################################# # no-shuffle    Set this to prevent random shuffling of answers - for regression testing # # no-shuffle=off  ################################# # only-notify   Only send AXFR NOTIFY to these IP addresses or netmasks # # only-notify=0.0.0.0/0,::/0  ################################# # out-of-zone-additional-processing     Do out of zone additional processing # # out-of-zone-additional-processing=yes  ################################# # overload-queue-length Maximum queuelength moving to packetcache only # # overload-queue-length=0  ################################# # pipebackend-abi-version       Version of the pipe backend ABI # # pipebackend-abi-version=1 ################################# # prevent-self-notification     Don't send notifications to what we think is ourself # # prevent-self-notification=yes  ################################# # query-cache-ttl       Seconds to store query results in the QueryCache # # query-cache-ttl=20  ################################# # query-local-address   Source IP address for sending queries # # query-local-address=0.0.0.0  ################################# # query-local-address6  Source IPv6 address for sending queries # # query-local-address6=::  ################################# # query-logging Hint backends that queries should be logged # # query-logging=no  ################################# # queue-limit   Maximum number of milliseconds to queue a query # # queue-limit=1500  ################################# # receiver-threads      Default number of receiver threads to start # # receiver-threads=1  ################################# # recursive-cache-ttl   Seconds to store packets for recursive queries in the PacketCache # # recursive-cache-ttl=10  ################################# # recursor      If recursion is desired, IP address of a recursing nameserver # # recursor=no  ################################# # retrieval-threads     Number of AXFR-retrieval threads for slave operation # # retrieval-threads=2  ################################# # reuseport     Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket # # reuseport=no  ################################# # security-poll-suffix  Domain name from which to query security update notifications # # security-poll-suffix=secpoll.powerdns.com.  ################################# # send-root-referral    Send out old-fashioned root-referral instead of ServFail in case of no authority # # send-root-referral=no  ################################# # server-id     Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom # # server-id=  ################################# # setgid        If set, change group id to this gid for more security # # setgid=  ################################# # setuid        If set, change user id to this uid for more security # # setuid=  ################################# # signing-threads       Default number of signer threads to start # # # signing-threads=3  ################################# # slave Act as a slave # # slave=no  ################################# # slave-cycle-interval  Schedule slave freshness checks once every .. seconds # # slave-cycle-interval=60  ################################# # slave-renotify        If we should send out notifications for slaved updates # # slave-renotify=no  ################################# # soa-expire-default    Default SOA expire # # soa-expire-default=604800  ################################# # soa-minimum-ttl       Default SOA minimum ttl # # soa-minimum-ttl=3600  ################################# # soa-refresh-default   Default SOA refresh # # soa-refresh-default=10800  ################################# # soa-retry-default     Default SOA retry # # soa-retry-default=3600 ################################# # socket-dir    Where the controlsocket will live # # socket-dir=/var/run  ################################# # tcp-control-address   If set, PowerDNS can be controlled over TCP on this address # # tcp-control-address=  ################################# # tcp-control-port      If set, PowerDNS can be controlled over TCP on this address # # tcp-control-port=53000  ################################# # tcp-control-range     If set, remote control of PowerDNS is possible over these networks only # # tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10  ################################# # tcp-control-secret    If set, PowerDNS can be controlled over TCP after passing this secret # # tcp-control-secret=  ################################# # traceback-handler     Enable the traceback handler (Linux only) # # traceback-handler=yes  ################################# # trusted-notification-proxy    IP address of incoming notification proxy # # trusted-notification-proxy=  ################################# # udp-truncation-threshold      Maximum UDP response size before we truncate # # udp-truncation-threshold=1680 ################################# # version-string        PowerDNS version in packets - full, anonymous, powerdns or custom # # version-string=full  ################################# # webserver     Start a webserver for monitoring # # webserver=no  ################################# # webserver-address     IP Address of webserver to listen on # # webserver-address=127.0.0.1  ################################# # webserver-allow-from  Webserver access is only allowed from these subnets # # webserver-allow-from=0.0.0.0/0,::/0  ################################# # webserver-password    Password required for accessing the webserver # # webserver-password=  ################################# # webserver-port        Port of webserver to listen on # # webserver-port=8081  ################################# # webserver-print-arguments     If the webserver should print arguments # # webserver-print-arguments=no  

 # # This is the main Apache HTTP server configuration file.  It contains the # configuration directives that give the server its instructions. # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. # In particular, see  # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> # for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding # what they do.  They're here only as hints or reminders.  If you are unsure # consult the online docs. You have been warned.   # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path.  If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so 'log/access_log' # with ServerRoot set to '/www' will be interpreted by the # server as '/www/log/access_log', where as '/log/access_log' will be # interpreted as '/log/access_log'.  # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # Do not add a slash at the end of the directory path.  If you point # ServerRoot at a non-local disk, be sure to specify a local disk on the # Mutex directive, if file-based mutexes are used.  If you wish to share the # same ServerRoot for multiple httpd daemons, you will need to change at # least PidFile. # ServerRoot "/etc/httpd"  # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to  # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 Listen 80  # # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you # have to place corresponding `LoadModule' lines at this location so the # directives contained in it are actually available _before_ they are used. # Statically compiled modules (those listed by `httpd -l') do not need # to be loaded here. # # Example: # LoadModule foo_module modules/mod_foo.so # Include conf.modules.d/*.conf  # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch.   # # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # User apache Group apache  # 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # <VirtualHost> definition.  These values also provide defaults for # any <VirtualHost> containers you may define later in the file. # # All of these directives may appear inside <VirtualHost> containers, # in which case these default settings will be overridden for the # virtual host being defined. #  # # ServerAdmin: Your address, where problems with the server should be # e-mailed.  This address appears on some server-generated pages, such # as error documents.  e.g. admin@your-domain.com # ServerAdmin root@localhost  # # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If your host doesn't have a registered DNS name, enter its IP address here. # #ServerName www.example.com:80  # # Deny access to the entirety of your server's filesystem. You must # explicitly permit access to web content directories in other  # <Directory> blocks below. # <Directory />     AllowOverride none     Require all denied </Directory>  # # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below. #  # # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/var/www/html"  # # Relax access to content within /var/www. # <Directory "/var/www">     AllowOverride None     # Allow open access:     Require all granted </Directory>  # Further relax access to the default document root: <Directory "/var/www/html">     #     # Possible values for the Options directive are "None", "All",     # or any combination of:     #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews     #     # Note that "MultiViews" must be named *explicitly* --- "Options All"     # doesn't give it to you.     #     # The Options directive is both complicated and important.  Please see     # http://httpd.apache.org/docs/2.4/mod/core.html#options     # for more information.     #     Options Indexes FollowSymLinks      #     # AllowOverride controls what directives may be placed in .htaccess files.     # It can be "All", "None", or any combination of the keywords:     #   Options FileInfo AuthConfig Limit     #     AllowOverride None      #     # Controls who can get stuff from this server.     #     Require all granted </Directory>   <Directory "/var/www/html/powerdns/"> Order deny,allow deny from all allow from 217.21.61.8 allow from 10.128.71.3 allow from 10.135.55.4 allow from 46.216.24.152 </Directory>   # # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # <IfModule dir_module>     DirectoryIndex index.html </IfModule>  # # The following lines prevent .htaccess and .htpasswd files from being  # viewed by Web clients.  # <Files ".ht*">     Require all denied </Files>  # # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here.  If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog "logs/error_log"  # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn  <IfModule log_config_module>     #     # The following directives define some format nicknames for use with     # a CustomLog directive (see below).     #     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined     LogFormat "%h %l %u %t \"%r\" %>s %b" common      <IfModule logio_module>       # You need to enable mod_logio.c to use %I and %O       LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio     </IfModule>      #     # The location and format of the access logfile (Common Logfile Format).     # If you do not define any access logfiles within a <VirtualHost>     # container, they will be logged here.  Contrariwise, if you *do*     # define per-<VirtualHost> access logfiles, transactions will be     # logged therein and *not* in this file.     #     #CustomLog "logs/access_log" common      #     # If you prefer a logfile with access, agent, and referer information     # (Combined Logfile Format) you can use the following directive.     #     CustomLog "logs/access_log" combined </IfModule>  <IfModule alias_module>     #     # Redirect: Allows you to tell clients about documents that used to      # exist in your server's namespace, but do not anymore. The client      # will make a new request for the document at its new location.     # Example:     # Redirect permanent /foo http://www.example.com/bar      #     # Alias: Maps web paths into filesystem paths and is used to     # access content that does not live under the DocumentRoot.     # Example:     # Alias /webpath /full/filesystem/path     #     # If you include a trailing / on /webpath then the server will     # require it to be present in the URL.  You will also likely     # need to provide a <Directory> section to allow access to     # the filesystem path.      #     # ScriptAlias: This controls which directories contain server scripts.      # ScriptAliases are essentially the same as Aliases, except that     # documents in the target directory are treated as applications and     # run by the server when requested rather than as documents sent to the     # client.  The same rules about trailing "/" apply to ScriptAlias     # directives as to Alias.     #     ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"  </IfModule>  # # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # <Directory "/var/www/cgi-bin">     AllowOverride None     Options None     Require all granted </Directory>  <IfModule mime_module>     #     # TypesConfig points to the file containing the list of mappings from     # filename extension to MIME-type.     #     TypesConfig /etc/mime.types      #     # AddType allows you to add to or override the MIME configuration     # file specified in TypesConfig for specific file types.     #     #AddType application/x-gzip .tgz     #     # AddEncoding allows you to have certain browsers uncompress     # information on the fly. Note: Not all browsers support this.     #     #AddEncoding x-compress .Z     #AddEncoding x-gzip .gz .tgz     #     # If the AddEncoding directives above are commented-out, then you     # probably should define those extensions to indicate media types:     #     AddType application/x-compress .Z     AddType application/x-gzip .gz .tgz      #     # AddHandler allows you to map certain file extensions to "handlers":     # actions unrelated to filetype. These can be either built into the server     # or added with the Action directive (see below)     #     # To use CGI scripts outside of ScriptAliased directories:     # (You will also need to add "ExecCGI" to the "Options" directive.)     #     #AddHandler cgi-script .cgi      # For type maps (negotiated resources):     #AddHandler type-map var      #     # Filters allow you to process content before it is sent to the client.     #     # To parse .shtml files for server-side includes (SSI):     # (You will also need to add "Includes" to the "Options" directive.)     #     AddType text/html .shtml     AddOutputFilter INCLUDES .shtml </IfModule>  # # Specify a default charset for all content served; this enables # interpretation of all content as UTF-8 by default.  To use the  # default browser choice (ISO-8859-1), or to allow the META tags # in HTML content to override this choice, comment out this # directive: # AddDefaultCharset UTF-8  <IfModule mime_magic_module>     #     # The mod_mime_magic module allows the server to use various hints from the     # contents of the file itself to determine its type.  The MIMEMagicFile     # directive tells the module where the hint definitions are located.     #     MIMEMagicFile conf/magic </IfModule>  # # Customizable error responses come in three flavors: # 1) plain text 2) local redirects 3) external redirects # # Some examples: #ErrorDocument 500 "The server made a boo boo." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html #  # # EnableMMAP and EnableSendfile: On systems that support it,  # memory-mapping or the sendfile syscall may be used to deliver # files.  This usually improves server performance, but must # be turned off when serving from networked-mounted  # filesystems or if support for these functions is otherwise # broken on your system. # Defaults if commented: EnableMMAP On, EnableSendfile Off # #EnableMMAP off EnableSendfile on  # Supplemental configuration # # Load config files in the "/etc/httpd/conf.d" directory, if any. IncludeOptional conf.d/*.conf  

 <?php  /**  * Sample configuration file with default values  *  * @package     Poweradmin  * @copyright   2007-2010 Rejo Zenger <rejo@zenger.nl>  * @copyright   2010-2014 Poweradmin Development Team  * @license     http://opensource.org/licenses/GPL-3.0 GPL  */ // NOTE: Do not edit this file, otherwise it's very likely your changes  // will be overwritten with an upgrade.   // Instead, create the file "inc/config.inc.php" and set the variables you // want to set there. Your changes will override the defaults provided by us. // Better description of available configuration settings you can find here: // <https://github.com/poweradmin/poweradmin/wiki/Configuration-File> // Database settings $db_host = 'localhost'; $db_port = '3306'; $db_user = 'imperituroard'; $db_pass = 'password'; $db_name = 'powerdns'; $db_type = 'mysql'; //$db_file		= '';		# used only for SQLite, provide full path to database file //$db_debug		= false;	# show all SQL queries $db_layer		= 'PDO';	# or MDB2 //$db_ssl_ca            = ''; // Security settings // This should be changed upon install $session_key = 'fg234v95ms@4n)kf!kje%7vh*eved'; $password_encryption = 'md5'; // or md5salt  // Interface settings $iface_lang = 'en_EN'; $iface_style = 'example'; $iface_rowamount = 50; $iface_expire = 1800; $iface_zonelist_serial = false; $iface_title = 'Poweradmin'; $iface_add_reverse_record = true;  // Predefined DNS settings $dns_hostmaster = ''; $dns_ns1 = ''; $dns_ns2 = ''; $dns_ttl = 86400; $dns_fancy = false; $dns_strict_tld_check = false; $dns_top_level_tld_check = false;     // Don't allow to create top level TLDs $dns_third_level_check = false; // Timezone settings // See <http://www.php.net/manual/en/timezones.php> for help. //$timezone		= 'UTC'; // Logging settings // Syslog usage - writes authentication attempts to syslog // This facility could be used in combination with fail2ban to // ban IPs with break-in attempts $syslog_use = false; $syslog_ident = 'poweradmin'; // On Windows usually only LOG_USER is available $syslog_facility = LOG_USER;  // PowerDNSSEC settings $pdnssec_use = false; $pdnssec_command = '/usr/bin/pdnssec';  // LDAP settings $ldap_use = false; $ldap_debug = false; $ldap_uri = 'ldap://domaincontroller.example.com'; $ldap_basedn = 'OU=Users,DC=example,DC=com'; $ldap_binddn = 'GROUP\lookupuser'; $ldap_bindpw = 'some_password'; $ldap_user_attribute = 'sAMAccountName'; $ldap_proto = 3;