Current File : //scripts/rebuilddnsconfig

#!/usr/local/cpanel/3rdparty/bin/perl

#                                      Copyright 2024 WebPros International, LLC
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited.

use strict;
use warnings;

use Cpanel::DNSLib                  ();
use Cpanel::OS                      ();
use Cpanel::FileUtils::Move         ();
use Cpanel::FileUtils::Copy         ();
use Cpanel::Path                    ();
use Cpanel::StringFunc::Count       ();
use Cpanel::StringFunc::Match       ();
use Cpanel::SafetyBits              ();
use Cpanel::NameServer::Conf        ();
use Cpanel::NameServer::Utils::BIND ();
use Cpanel::Validate::Domain::Tiny  ();
use Cpanel::DNSLib                  ();
use Cpanel::SafeDir::MK             ();

use Getopt::Std;
$Getopt::Std::STANDARD_HELP_VERSION = 1;

######[ declare some globals ]#####################################################################

# default location of zone files used for rebuilding named.conf
my $def_basedir;

# default location of named.conf
my $def_namedconf;

# default log directory for named
my $def_logdir;

# default location of pidfile
my $def_pidfile = '/var/run/named/named.pid';

# Verbose variable, if set to "1" actions are reported to STDOUT.
my $cpverbose = 0;

# We sent this to fixrndc, if it sends it back that means we've got a loop
my $selfcalled = 0;

my %options = ();
getopts( 'sfv', \%options );
if ( defined( $options{'v'} ) ) { $cpverbose  = 1; }
if ( defined( $options{'s'} ) ) { $selfcalled = 1; }

if ( $selfcalled == 1 ) {
    print "Loop detected, exiting.\n";
    exit;
}

######[ set defaults based on distro/OS ]##########################################################

$def_basedir   = Cpanel::OS::dns_named_basedir();    # /var/named
$def_namedconf = Cpanel::OS::dns_named_conf();       # /etc/named.conf
$def_logdir    = Cpanel::OS::dns_named_log();        # /var/log/named
my $perms_hr = Cpanel::OS::var_named_permissions();

######[ ensure base directory structure is created ]###############################################

my ( $chrootdir, $binduser, $bindgroup ) = Cpanel::NameServer::Utils::BIND::find_chrootbinddir();
my $binduid = getpwnam($binduser)  || die "$binduser not in passwd file";
my $bindgid = getgrnam($bindgroup) || die "$bindgroup not configured on the system";

# Set up directory structure
if ( !-d $def_basedir ) {
    if ( -e _ ) {
        Cpanel::FileUtils::Move::safemv( $def_basedir, $def_basedir . '.cpback' );
    }
    Cpanel::SafeDir::MK::safemkdir( $def_basedir, $perms_hr->{'mode'} );
}
else {
    chmod( $perms_hr->{'mode'}, $def_basedir ) or warn "Can't chmod $def_basedir to $perms_hr->{'mode'}: $!";
}
Cpanel::SafetyBits::safe_chown( $perms_hr->{'ownership'}->@*, $def_basedir );

# I would have added the above to iterator but for the differing owner on c9
my @dirs2create = ( "$def_basedir/data", $def_logdir, '/var/run/named' );
my @chrootdirs  = map { $chrootdir . $_ } qw{/etc /var /var/named /var/named/data /var/run /var/run/named};
push @dirs2create, @chrootdirs if $chrootdir;
foreach my $dir (@dirs2create) {
    Cpanel::SafeDir::MK::safemkdir_or_die( $dir, 0755 ) if !-e $dir;
    Cpanel::SafetyBits::safe_chown( $binduid, $bindgid, $dir );
}

my @rfc1912_files = qw{localdomain.zone named.broadcast named.ip6.local named.local named.zero named.rfc1912.zones};
if ( grep { !-e $_ } map { $def_basedir . "/$_" } @rfc1912_files ) {

    # RFC1912
    Cpanel::FileUtils::Copy::safecopy( '/usr/local/cpanel/scripts/named.rfc1912.zones', "$def_basedir/named.rfc1912.zones" );
    system 'tar', 'xvf', '/usr/local/cpanel/scripts/rfc1912_zones.tar', '-C', $def_basedir;    # uses new .tar without the ./named/ directory so we can use it for both
    if ($chrootdir) {
        system 'tar', 'xvf', '/usr/local/cpanel/scripts/rfc1912_zones.tar', '-C', $chrootdir . '/var/named';
    }
}

######[ create a brand new named.conf from a default template if needed ]##########################

if ( !-e $def_namedconf || -z _ ) {    # no named.conf or zero bytes

    print "Installing default Bind configuration\n" if $cpverbose;

    #>>>>>[ Write default configuration w/ proper basedir ]>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    if ( open my $conf_fh, '>', $def_namedconf ) {
        foreach (&getdefault_nameddotconf) {
            s/###BASE_DIR###/$def_basedir/g;
            s/###PID_FILE###/$def_pidfile/g;
            print {$conf_fh} $_;
        }
        close $conf_fh;
    }

    clearcache();

    # Reset ownership
    Cpanel::SafetyBits::safe_recchown( 'named', 'named', $def_basedir );

    # Force
    $options{'f'} = 1;
}
else {
    # As of BIND 9.16
    # The keyword additional_from_cache_line will cause a warning
    # As of BIND 9.18
    # The keyword additional_from_cache_line will cause an error
    # Strip that out if it exists and we are on BIND 9.16+

    my $named_ref = Cpanel::NameServer::Utils::BIND::named_version();
    if ( $named_ref->{success} && ( "$named_ref->{major}.$named_ref->{minor}" >= 9.16 ) ) {
        require Path::Tiny;

        my $file         = Path::Tiny::path($def_namedconf);
        my @lines        = $file->lines();
        my @output_lines = grep { $_ !~ m/additional-from-cache/ } @lines;
        $file->spew(@output_lines);
    }
}

my $dnslib = Cpanel::DNSLib->new();

my $needpid = 0;

######[> Ensure all .db's have an entry in named.conf and vice versa >]############################

# suck up all zones of the named.conf and zone dir in memory for fast parsing, heavy on mem side but better than thrashing hdd

my $ndc_fh;

my $namedconf_obj = Cpanel::NameServer::Conf->new();

# start with a freshly rebuild conf file when force is specified (also happens when named.conf was empty)
if ( $options{'f'} && $namedconf_obj->type() ne 'bind' ) {
    $namedconf_obj->rebuild_conf();
}
my %current_zone_entries = map { $_ => 1 } @{ $namedconf_obj->fetchzones() };

opendir my $zone_dh, $def_basedir or die "Unable to read zone file directory $def_basedir: $!";
my @zonedir_contents = readdir($zone_dh);
closedir $zone_dh;

my %current_zone_files = ();
foreach my $zonefile (@zonedir_contents) {
    if ( $zonefile =~ /^([\w\-.]+)\.db$/ && Cpanel::Validate::Domain::Tiny::validdomainname($1) ) {
        $current_zone_files{$1} = 1;
    }
}

my %bad_zones = %current_zone_entries;
delete @bad_zones{ keys %current_zone_files };
delete $bad_zones{'.'};

my %missing_zones = %current_zone_files;
delete @missing_zones{ keys %current_zone_entries };

# make sure all zones.db files have entry in named.conf
# Add missing files to named.conf
if ( scalar keys %missing_zones ) {
    print "Adding zones " . join( ' ', keys %missing_zones ) . "\n" if $cpverbose;
    $namedconf_obj->addzones( keys %missing_zones );
}

# make sure all entries in named.conf have zone files
if ( scalar keys %bad_zones ) {
    print 'Removing zones ' . join( ' ', keys %bad_zones ) . " from configuration, zonefiles missing\n" if $cpverbose;
    $namedconf_obj->removezones( keys %bad_zones );
}

$namedconf_obj->finish();

######[> Handle chroot setups >]###################################################################

# This logic is required due to how bind-chroot symlinks /etc/named.conf to the chroot location
# And how File::Copy will not follow the symlinks, but will recreate them instead
if ( -l $def_namedconf ) {
    my $target = readlink $def_namedconf;
    print "Symlink detected: $target\n";

    if ( open( $ndc_fh, '<', $target ) ) {
        unlink $def_namedconf;
        print "Restoring $def_namedconf from $target before proceeding\n";
        Cpanel::FileUtils::Copy::safecopy( $target, $def_namedconf );
    }
    else {
        print "Failed to read symlinked $def_namedconf [$target]. Cannot continue.\n";
        exit 1;
    }
}
else {
    open( $ndc_fh, "<", $def_namedconf );
}

open( my $ndf_fh, ">", $def_namedconf . '.rebuilddnsconfig' );

if ( !$ndc_fh ) {
    open( $ndc_fh, "<", $def_namedconf );
}

my $inc               = 0;
my $firstline         = 0;
my $numbrace          = 0;
my $zonemarker        = 0;
my $cppcomment        = 0;
my $currzone          = '';
my $skip_next_opening = 0;
my $zonedir           = Cpanel::DNSLib::find_zonedir();

while (<$ndc_fh>) {

    # Rudamentary comment exclusion.
    if ($cppcomment) {
        if (m/\*\//) {
            $cppcomment = 0;
        }
        print $ndf_fh $_;
        next;
    }
    if (m/^\s*\#/) {
        print $ndf_fh $_;
        next;
    }
    if (m/^\s*\/\//) {
        print $ndf_fh $_;
        next;
    }
    if (m/^\s*\/\*/) {
        $cppcomment = 1;
        print $ndf_fh $_;
        next;
    }
    if ( $skip_next_opening && m/^\s*\{\s*$/ ) {
        $skip_next_opening = 0;
        $numbrace++;
        next;
    }
    next if m/bind.conf.wp/;
    next if ( m/\s*include\s+/ && m/rndc.key/ );
    if ( $needpid && m/pid-file/ ) {
        next;
    }

    if (m/\s*zone\s+["']([^"']+)/) {
        $zonemarker = 1;
        $currzone   = $1;
    }
    elsif (m/\s*include\s+["']([^"']+)/) {
        my $file      = $1;
        my $filemtime = ( stat($file) )[9];
        if ( -f _ ) {
            copytochroot( $file, $filemtime );
        }
    }

    if ($zonemarker) {
        $numbrace += Cpanel::StringFunc::Count::get_curly_brace_count($_);

        if ( $numbrace == 0 ) {
            $zonemarker = 0;
        }

        if (m/(.*[\s\t\;\{])file\s+(["'])([^"']+)(.*)/) {
            my $postfile    = $4;
            my $file        = $3;
            my $prefile     = $2;
            my $space       = $1;
            my $relativedir = '';
            my $fileold     = $file;

            if ( !Cpanel::StringFunc::Match::beginmatch( $file, '/' ) ) {
                if ( $file =~ m/^([^\/]+)/ ) {
                    $relativedir = $1;
                }
            }

            my $filename = $file;
            if ( $file =~ m/([^\/]+)$/ ) {
                $filename = $1;
            }

            my $filenew = $zonedir . '/' . $filename;

            if ( $file eq $filenew ) {
                print $ndf_fh $_;
            }
            elsif ( !Cpanel::StringFunc::Match::beginmatch( $file, '/' ) ) {
                $file = $filenew;
                print "Updating $fileold to $filenew\n";

                #print $ndf_fh "${space}file ${prefile}${filenew}${postfile}";
            }
            else {
                if ( !Cpanel::StringFunc::Match::beginmatch( $file, '/dev/' ) ) {
                    $filenew = $zonedir . '/' . $filename;
                    print "Updating $file to $filenew\n";

                    #print $ndf_fh "${space}file ${prefile}${filenew}${postfile}";
                }
                else {
                    $filenew = $file;
                    print $ndf_fh $_;
                }
            }

            my $absfilename = '';

            if ( $relativedir ne '' ) {
                $absfilename = Cpanel::Path::relative2abspath( $relativedir, $zonedir ) . '/' . $filename;
            }
            if ( $absfilename ne '' && -e $absfilename ) {
                $file = $absfilename;
            }

            my ( $fileinode,    $filemtime )    = stat($file);
            my ( $filenewinode, $filenewmtime ) = stat($filenew);

            if ( !$filemtime ) {
                print "!! $file does not exist, unable to locate.\n";
                print "!! Run /usr/local/cpanel/scripts/cleandns to remove zone without corresponding files.\n";
                print "!! Or locate the proper zone file and place in $zonedir and rerun\n";
                print "!! This script with the following options: /script/fixndc -fv\n";
                next;
            }

            if ( !$filenewmtime ) {
                print "Moving $file to $filenew ...\n";
                Cpanel::FileUtils::Move::safemv( $file, $filenew );
            }
            elsif ( $fileinode != $filenewinode && ( $filenewmtime > time() || $filemtime > $filenewmtime ) ) {    # timewarp safe
                Cpanel::FileUtils::Copy::safecopy( $file, $filenew );
                Cpanel::SafetyBits::safe_chown( $binduser, $bindgroup, $filenew );
            }

            copytochroot( $filenew, $filemtime );
            next;
        }
    }

    # Match for zone and file declaration on one line.
    if ( m/.*[\s\t\;\{]file\s+["'][^"']+/ && m/[\s\;]*zone/ ) {
        m/(.*[\s\t\;\{])file\s+["']([^"']+)(.*)/;
        my $file        = $2;
        my $space       = $1;
        my $space2      = $3;
        my $relativedir = '';

        my $currzone = '';
        my $delim    = '"';
        if (m/\s*zone\s+(["'])([\w\-\.]+)["']/) {
            $zonemarker = 1;
            $currzone   = $2;
            $delim      = $1;
        }
        m/zone\s+(.*)/;
        $numbrace += Cpanel::StringFunc::Count::get_curly_brace_count($1);
        if ( $numbrace <= 0 ) {
            $zonemarker = 0;
        }

        if ( !Cpanel::StringFunc::Match::beginmatch( $file, '/' ) ) {
            if ( $file =~ m/^([^\/]+)/ ) {
                $relativedir = $1;
            }
        }
        my $filename = $file;
        if ( $file =~ m/([^\/]+)$/ ) {
            $filename = $1;
        }
        my $filenew = $zonedir . '/' . $filename;

        if ( $file eq $filenew ) {
            print $ndf_fh $_;
        }
        elsif ( !Cpanel::StringFunc::Match::beginmatch( $file, '/' ) ) {
            $file = $filenew;
            print "Updating $file to $filenew\n";

            #print $ndf_fh "${space}file ${delim}${filenew}${space2}";
        }
        else {
            if ( !Cpanel::StringFunc::Match::beginmatch( $file, '/dev/' ) ) {
                $filenew = $zonedir . '/' . $filename;
                print "Updating $file to $filenew\n";

                #print $ndf_fh "${space}file ${delim}${filenew}${space2}";
            }
            else {
                $filenew = $file;
                print $ndf_fh $_;
            }
        }

        my $absfilename = '';
        if ($relativedir) {
            $absfilename = Cpanel::Path::relative2abspath( $relativedir, $zonedir ) . '/' . $filename;
        }
        if ( $absfilename ne '' && -e $absfilename ) {
            $file = $absfilename;
        }

        my $mtime = 0;
        if ( -e $file ) {
            $mtime = ( stat(_) )[9];
            if ( !-e $filenew ) {
                print "Moving $file to $filenew ...\n";
                Cpanel::FileUtils::Move::safemv( $file, $filenew );
            }
            elsif (( stat($file) )[1] != ( stat($filenew) )[1]
                && ( ( stat($filenew) )[9] > time() || $mtime > ( stat($filenew) )[9] ) ) {    # timewarp safe
                Cpanel::FileUtils::Copy::safecopy( $file, $filenew );
                Cpanel::SafetyBits::safe_chown( $binduser, $bindgroup, $filenew );
            }
        }
        else {
            print "!! $file does not exist, unable to locate.\n";
            print "!! Run /usr/local/cpanel/scripts/cleandns to remove zone without corresponding files.\n";
            print "!! Or locate the proper zone file and place in $zonedir and rerun\n";
            print "!! This script with the following options: /script/fixndc -fv\n";
            $filenew = '';
        }

        if ( $filenew ne '' ) {
            copytochroot( $filenew, $mtime );
        }
    }

    if ( !$inc ) {
        print $ndf_fh $_;
    }
    else {
        if ($firstline) {
            $firstline = 0;
            next;
        }
        $numbrace += Cpanel::StringFunc::Count::get_curly_brace_count($_);
        if ( $numbrace == 0 ) {
            $inc = 0;
        }
    }

    if ( $needpid && m/^\s*options\s*/ ) {
        if ( !m/\{/ ) {

            #print $ndf_fh "{\n\tpid-file \"/var/run/named/pid\"\;\n";
            $skip_next_opening = 1;
        }
        else {

            #print $ndf_fh "\tpid-file \"/var/run/named/pid\"\;\n";
        }
        next;
    }
}

close $ndc_fh;
close $ndf_fh;

Cpanel::FileUtils::Copy::safecopy( $def_namedconf, $def_namedconf . '.prerebuilddnsconfig' );

clearcache();

Cpanel::SafetyBits::safe_chown( $binduser, $bindgroup, $def_namedconf );

if ( $chrootdir ne '' ) {
    print "Updated $def_namedconf in chroot directory\n" if $cpverbose;
    if ( -e $chrootdir . $def_namedconf ) {
        if ( ( stat($def_namedconf) )[1] != ( stat( $chrootdir . $def_namedconf ) )[1] ) {
            Cpanel::FileUtils::Copy::safecopy( $def_namedconf, $chrootdir . $def_namedconf );
            Cpanel::SafetyBits::safe_chown( $binduser, $bindgroup, $chrootdir . $def_namedconf );
        }
    }
    else {
        Cpanel::FileUtils::Copy::safecopy( $def_namedconf, $chrootdir . $def_namedconf );
        Cpanel::SafetyBits::safe_chown( $binduser, $bindgroup, $chrootdir . $def_namedconf );
    }
}

# Reset ownership of named.conf
print "Changing ownership of $def_namedconf: $binduser:$bindgroup\n" if $cpverbose;
Cpanel::SafetyBits::safe_chown( $binduser, $bindgroup, $def_namedconf );

if ( !-e '/var/cpanel/usensd' ) {
    print "Restarting Bind\n" if $cpverbose;
    system('/usr/local/cpanel/scripts/restartsrv_named');
}
else {

    # This will also regenerate the zone database
    print "Restarting NSD\n" if $cpverbose;
    system('/usr/local/cpanel/scripts/restartsrv_nsd');
}

######[ call fixrndc to ensure working rndckey config ]############################################

if ( !-e '/var/cpanel/usensd' ) {

    print "Running `/usr/local/cpanel/scripts/fixrndc -f` to check rndc key\n" if $cpverbose;
    my $opts = $cpverbose ? '-fvs' : '-fs';
    exec( '/usr/local/cpanel/scripts/fixrndc', $opts );
}

exit(0);

################################################################################
# sub copytochroot
################################################################################

sub copytochroot {
    my $filenew = shift;

    # mtime of original file
    my $mtime = shift || 0;
    if ( $chrootdir ne '' ) {
        my $chrootfile = $chrootdir . $filenew;
        print "Copying $filenew to $chrootfile\n" if $cpverbose;
        my ( $fsinode, $fsmode, $fsuid, $fsgid, $fsmtime ) = ( stat($filenew) )[ 1, 2, 4, 5, 9 ];
        my $fsperms = $fsmode & 07777;
        if ( -e $chrootfile ) {
            my ( $chrootinode, $chrootmode, $chrootuid, $chrootgid, $chrootmtime ) = ( stat(_) )[ 1, 2, 4, 5, 9 ];
            my $chrootperms = $chrootmode & 07777;
            if ($mtime) {
                my $now = time();
                if ( $fsinode != $chrootinode
                    && ( $mtime > $chrootmtime || $mtime > $now || $chrootmtime > $now || $chrootuid != $binduid || $chrootgid != $bindgid || $chrootperms != $fsperms ) ) {    #timewarp safe
                    if ( Cpanel::FileUtils::Copy::safecopy( $filenew, $chrootfile ) ) {
                        print "Copied $filenew to chroot environment.\n" if $cpverbose;
                        Cpanel::SafetyBits::safe_chown( $binduser, $bindgroup, $chrootfile );
                        Cpanel::SafetyBits::safe_chmod( $fsperms, $chrootfile );
                        return 1;
                    }
                    else {
                        warn "Problem copying $filenew to $chrootdir";
                        return 0;
                    }
                }
                else {
                    print "$filenew already exists in chroot environment.\n" if $cpverbose;
                    return 1;
                }
            }
            else {
                if ( $fsinode != $chrootinode ) {
                    if ( Cpanel::FileUtils::Copy::safecopy( $filenew, $chrootfile ) ) {
                        Cpanel::SafetyBits::safe_chown( $binduser, $bindgroup, $chrootfile );
                        Cpanel::SafetyBits::safe_chmod( $fsperms, $chrootfile );
                        print "Copied $filenew to chroot environment.\n" if $cpverbose;
                        return 1;
                    }
                    else {
                        warn "Problem copying $filenew to $chrootdir";
                        return 0;
                    }
                }
                else {
                    if ( $chrootuid != $binduid || $chrootgid != $bindgid || $chrootperms != $fsperms ) {
                        Cpanel::SafetyBits::safe_chown( $binduser, $bindgroup, $chrootfile );
                        Cpanel::SafetyBits::safe_chmod( $fsperms, $chrootfile );
                    }
                    print "$filenew already exists in chroot environment.\n" if $cpverbose;
                    return 1;
                }
            }
            warn "Problem copying $filenew to chroot environment. This should not happen.";
            return 0;
        }
        elsif ( Cpanel::FileUtils::Copy::safecopy( $filenew, $chrootfile ) ) {
            print "Copied $filenew to chroot environment.\n" if $cpverbose;
            Cpanel::SafetyBits::safe_chown( $binduser, $bindgroup, $chrootfile );
            return 1;
        }
        else {
            warn "Problem copying $filenew to chroot environment.\n";
            return 0;
        }
    }
    return 0;
}

sub clearcache {
    if ( -e $def_namedconf . '.cache' ) {
        unlink( $def_namedconf . '.cache' );
    }

    return;
}

######[ Default named.conf template ]##############################################################

sub getdefault_nameddotconf {
    my $bind_ipv6_line = '';
    if ( -f '/etc/cpanel/ipv6/range_allocation_data' ) {
        $bind_ipv6_line = "\n\    // Enable IPv6\n    listen-on-v6 { any; };   /* updated by cPanel */";
    }

    my $additional_from_cache_line = "additional-from-cache no;";

    # As of BIND 9.18
    # The keyword additional_from_cache_line will cause an error

    my $named_ref = Cpanel::NameServer::Utils::BIND::named_version();
    if ( $named_ref->{success} && ( "$named_ref->{major}.$named_ref->{minor}" >= 9.18 ) ) {
        $additional_from_cache_line = "";
    }

    return <<"EOC";
options {
    /* make named use port 53 for the source of all queries, to allow
         * firewalls to block all ports except 53:
         */

    // query-source    port 53;
    $bind_ipv6_line
    recursion no;

    /* We no longer enable this by default as the dns posion exploit
        has forced many providers to open up their firewalls a bit */

    // Put files that named is allowed to write in the data/ directory:
    directory                "###BASE_DIR###"; // the default
    pid-file                 "###PID_FILE###";
    dump-file                "data/cache_dump.db";
    statistics-file          "data/named_stats.txt";
   /* memstatistics-file     "data/named_mem_stats.txt"; */
    allow-transfer    { "none"; };
};

logging {
        channel default_log {
                file "/var/log/named/named.log" versions 5 size 128M;
                print-time yes;
                print-severity yes;
                print-category yes;
                severity warning;
        };
        category default { default_log; };
        category general { default_log; };
};

// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.

view "localhost_resolver" {
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
    match-clients         { 127.0.0.0/24; };
    match-destinations    { localhost; };
    recursion yes;

    // The root hint zone has been removed from the default named.conf.
    // You may add it again by uncommenting the following block:
    /*
    zone "." IN {
        type hint;
        file "###BASE_DIR###/named.ca";
    };
    */

    /* these are zones that contain definitions for all the localhost
     * names and addresses, as recommended in RFC1912 - these names should
     * ONLY be served to localhost clients:
     */
    include "###BASE_DIR###/named.rfc1912.zones";
};

view "internal" {
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
    match-clients        { localnets; };
    match-destinations    { localnets; };
    recursion yes;

    // The root hint zone has been removed from the default named.conf.
    // You may add it again by uncommenting the following block:
    /*
    zone "." IN {
        type hint;
        file "###BASE_DIR###/named.ca";
    };
    */

    // include "###BASE_DIR###/named.rfc1912.zones";
    // you should not serve your rfc1912 names to non-localhost clients.

    // These are your "authoritative" internal zones, and would probably
    // also be included in the "localhost_resolver" view above :
};

view    "external" {
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
 */
    recursion no;
    $additional_from_cache_line
    // you'd probably want to deny recursion to external clients, so you don't
    // end up providing free DNS service to all takers

    // The root hint zone has been removed from the default named.conf.
    // You may add it again by uncommenting the following block:
    /*
    zone "." IN {
        type hint;
        file "###BASE_DIR###/named.ca";
    };
    */

    // These are your "authoritative" external zones, and would probably
    // contain entries for just your web and mail servers:

    // BEGIN external zone entries

};
EOC

}

###################################################################################################

Porn Search engines See Free Pornography Movies & Pornstars

Porn Search engines See Free Pornography Movies & Pornstars

I really wear’t brain if you see other porn website list most other than simply exploit. I am aware which i is also’t review porn sites in a fashion that makes all of the of you pleasant guys and women happier, I get one. However, please do not use ThePornDude.

Finest Web sites Than simply ThePornDude – tainster porn

” It’s the newest locker room of the web sites, without any jockstrap smelling. Following truth be told there’s the picture and you will Movies Revealing areas—holy shag, it’s such as a buffet away from boner energy. Straight, homosexual, bi, any kind of gets the motor revving, it’s the indeed there, categorized so you wear’t occur to stumble on the certain furry guy’s ass unless you to definitely’s the jam.

This is simply not the articles!

Otherwise scrolled previous kinky ways on the DeviantArt and you can knew your’re also taking hard over hands-taken thighs? Just Jenny doing what Jenny wants, along with you slipping to your a premium take a look at to own $9.99/few days. And you can suddenly, naughty bros initiate appreciating something it familiar with forget about—emotion, realism, bulbs one to’s indeed out of a room rather than a studio.

But it addittionally has lots of niched and you will styled lists to have web site recommendations on particular kinks and aspirations. Porn Dude along with comes with suggestions for advanced amateur web sites, but we don’t suggest they. However highly recommend one totally free video clips tubing to his members, even when it’s safer or not or if perhaps he’s filled up with annoying adverts. And then he lays to people in the free gender shows for the camming networks, just in order that he would allow you to join.

tainster porn

And don’t forget, VR is approximately dream visiting life. Are you currently most going to assist weak-butt websites tainster porn cheating you out of the sense your deserve? None of my personal subscribers be satisfied with very first whenever full-to the debauchery is on the newest desk. These are mods, they’re also volunteers, maybe not some corporate prudes, so they have it—they’re also merely there to quit the real sickos. There’s as well as that it profile program, that is clutch. You rate the favorable crap, plus it floats to reach the top including cum within the a sexy tub.

They encrypt important computer data so your boss doesn’t learn you’re also to your feet otherwise almost any. Representative information remains locked down, and your uploads is your own—nobody’s promoting their selfmade sex recording in order to sketchy advertisement enterprises. The site’s hardcore on the keeping away unlawful crap too—for those who’re also dumb adequate to article kiddie porno, they’ll nuke your account and probably your heart. To join the fresh group, you need a free account. Signing up is a lot easier than taking laid during the an excellent frat home—just an email and you will an excellent username, therefore’re also within the. Modify their profile with bullshit concerning your favourite position, therefore’lso are happy to move.

However,, I will’t attest to actually all other sites I comment, while the everything is at the mercy of changes. Merely rating an antivirus and wear’t download one executable files, please. At the same time, of a lot low-conventional classes get information out of Porno Guy. If you would like Hentai, the site will get particular premium and you will free hentai online streaming hyperlinks. Sit sexy, continue exploring, rather than forget—the largest sex body organ is your notice. Lubricant one to thing up with imagination, and also you’re also ready to go.

Budget-Amicable VR Earphones One to Nevertheless Stop Butt

tainster porn

The newest website has clear categories, ranked listing, and you may small descriptions to help you discover what you’lso are searching for rather than scrolling as a result of unlimited text. The countless categories on the site will certainly feature at the least a couple of kinks you could appreciate. Although not, some of these groups ability of many links so you can lifeless sites. In the February 2016, blogger Bill Quick, creating for the amusement reports web site Egotastic, classified ThePornDude aggregator as the a good «cornucopia» out of mature sites3. Here’s the hard facts—pun extremely intended—you won’t perish instead of pornography.

Doing it yourself Articles & the rise of Amateur Systems

For many who’re not paying for it, you’ll have to put up with certain ads. However, one doesn’t indicate you have to put up with pop-ups very unpleasant that they can create your tough dick softer if you are seeking to intimate them. Concurrently, some hoses is also steal yours study. With regards to gay websites, it’s clear which he doesn’t comprehend the kink and simply writes anything they can imagine out of. Also it’s the same to your comic strip intercourse 100 percent free sites.

I’m able to always direct you for the most popular the new gadgets, enjoy, and brain-blowing technology just before anyone else.
” It’s the brand new locker room of the sites, with no jockstrap smell.
It’s hot, intimate, and you may truth be told brainy.
At the end of a single day, you’re also perhaps not making the porn web site on the attention out of benefits – you’re also providing in order to 18-year-old virgins making use of their dick within hands.
The fresh listings are up coming filtered out so that precisely the best of talking about assessed and you may delivered to your own attention on the this site.

As well as the of-matter point is going to be a great snooze unless of course someone initiate a bond on the fucking aliens. But one to’s quick carrots if the others is this a. The brand new superior speed you are going to chafe certain cheapskates, but when you’re also seriously interested in your own porno games, it’s a tiny rates to pay for unlimited smut. You’ve got your current Dialogue, where males bullshit from the many techniques from its newest conquests so you can “hey, my personal dick’s itchy, what’s up?

Just after you to definitely’s moved, the pressure compares.
Will you be really likely to assist weakened-ass other sites cheat your outside of the sense your need?
But it addittionally is loaded with niched and you may themed lists to possess website tips about particular kinks and you can dreams.
Another pornography falls off the face of your internet sites, you understand just how strong the fresh desire most works.

tainster porn

They’re all seeking be loved ones-amicable which have complimentary sweaters and you will sexless grins. Instagram bans one hint away from breast. TikTok deletes is the reason the newest tip of lust. They blacklist NSFW programs such they’lso are radioactive. Specific governing bodies behave like pornography are atomic spend. Asia have prohibited and you may unbanned 800+ internet sites more moments than just We’ve changed socks.

Publicado

mayo 25, 2025

en

por

admin

Etiquetas: