named.conf

1. /*
2. * Refer to the named.conf(5) and named(8) man pages, and the documentation
3. * in /usr/share/doc/bind-9 for more details.
4. * Online versions of the documentation can be found here:
5. * http://www.isc.org/software/bind/documentation
6. *
7. * If you are going to set up an authoritative server, make sure you
8. * understand the hairy details of how DNS works. Even with simple mistakes,
9. * you can break connectivity for affected parties, or cause huge amounts of
10. * useless Internet traffic.
11. */
12.  
13. acl "xfer" {
14. /* Deny transfers by default except for the listed hosts.
15. * If we have other name servers, place them here.
16. */
17. none;
18. };
19.  
20. /*
21. * You might put in here some ips which are allowed to use the cache or
22. * recursive queries
23. */
24. acl "localhost.local" { 127.0.0.0/8; };
25. acl "satt.10" {192.168.10.0/24; };
26. acl "satt.11" {192.168.11.0/24; };
27.  
28. options {
29. directory "/var/bind";
30. pid-file "/var/run/named/named.pid";
31.  
32. /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
33. //bindkeys-file "/etc/bind/bind.keys";
34.  
35. listen-on-v6 { none; };
36. listen-on { 127.0.0.1; 192.168.10.254; 192.168.11.1; };
37.  
38. allow-query {
39. /*
40. * Accept queries from our "trusted" ACL. We will
41. * allow anyone to query our master zones below.
42. * This prevents us from becoming a free DNS server
43. * to the masses.
44. */
45. localhost.local;
46. satt.10;
47. satt.11;
48. };
49.  
50. allow-query-cache {
51. /* Use the cache for the "trusted" ACL. */
52. localhost.local;
53. satt.10;
54. satt.11;
55. };
56.  
57. allow-recursion {
58. /* Only trusted addresses are allowed to use recursion. */
59. localhost.local;
60. satt.10;
61. satt.11;
62. };
63.  
64. allow-transfer {
65. /* Zone tranfers are denied by default. */
66. none;
67. };
68.  
69. # allow-update {
70. # /* Don't allow updates, e.g. via nsupdate. */
71. # none;
72. # };
73.  
74. /*
75. * If you've got a DNS server around at your upstream provider, enter its
76. * IP address here, and enable the line below. This will make you benefit
77. * from its cache, thus reduce overall DNS traffic in the Internet.
78. *
79. * Uncomment the following lines to turn on DNS forwarding, and change
80. * and/or update the forwarding ip address(es):
81. */
82.  
83. forward first;
84. forwarders {
85. // 123.123.123.123; // Your ISP NS
86. // 124.124.124.124; // Your ISP NS
87. 4.2.2.1; // Level3 Public DNS
88. 4.2.2.2; // Level3 Public DNS
89. 8.8.8.8; // Google Open DNS
90. 8.8.4.4; // Google Open DNS
91. };
92.  
93.  
94.  
95. //dnssec-enable yes;
96. //dnssec-validation yes;
97.  
98. /*
99. * As of bind 9.8.0:
100. * "If the root key provided has expired,
101. * named will log the expiration and validation will not work."
102. */
103. //dnssec-validation auto;
104.  
105. /* if you have problems and are behind a firewall: */
106. //query-source address * port 53;
107. };
108.  
109.  
110. #logging {
111. # channel default_log {
112. # file "/var/log/named/named.log" versions 5 size 50M;
113. # print-time yes;
114. # print-severity yes;
115. # print-category yes;
116. # };
117. #
118. # category default { default_log; };
119. # category general { default_log; };
120. #};
121.  
122.  
123. #include "/etc/bind/rndc.key";
124.  
125. key DHCP_UPDATER {
126. algorithm hmac-md5;
127. secret "rdJuK9q33GvCORLY7Xm4Sw==";
128. };
129.  
130. controls { inet 127.0.0.1 port 953 allow { localhost; 127.0.0.1/32; } keys { "DHCP_UPDATER"; }; };
131.  
132.  
133. view "network.10" {
134. match-clients { localhost.local; satt.10; };
135.  
136. recursion yes;
137.  
138. zone "." in {
139. type hint;
140. file "/var/bind/named.cache";
141. };
142.  
143. zone "satt.local" IN {
144. type master;
145. file "pri/network.10/satt.local.10.zone";
146. allow-update { localhost; localhost.local; satt.10; satt.11; key DHCP_UPDATER; };
147. };
148.  
149. zone "10.168.192.in-addr.arpa" IN {
150. type master;
151. file "pri/network.10/192.168.10.zone-rev";
152. allow-update { localhost; localhost.local; satt.10; satt.11; key DHCP_UPDATER; };
153. };
154.  
155. zone "localhost" IN {
156. type master;
157. file "pri/localhost.zone";
158. };
159.  
160. zone "127.in-addr.arpa" IN {
161. type master;
162. file "pri/127.zone";
163. };
164.  
165. };
166.  
167. view "network.11" {
168. match-clients { localhost; localhost.local; satt.11; };
169.  
170. recursion yes;
171.  
172. zone "." in {
173. type hint;
174. file "/var/bind/named.cache";
175. };
176.  
177. zone "satt.local" IN {
178. type master;
179. file "dyn/network.11/satt.local.11.zone";
180. allow-update { key DHCP_UPDATER; };
181. };
182.  
183. zone "11.168.192.in-addr.arpa" IN {
184. type master;
185. file "dyn/network.11/192.168.11.zone-rev";
186. allow-update { key DHCP_UPDATER; };
187. };
188. server 192.168.11.1 {
189. keys { DHCP_UPDATER; };
190. };
191. };
192.  
193. logging {
194. channel log_default {
195. file "/var/log/named/named-default.log" versions 5 size 50m;
196. severity debug;
197. print-category yes;
198. print-severity yes;
199. print-time yes;
200. };
201. channel log_resolving {
202. file "/var/log/named/named-resolving.log" versions 5 size 50m;
203. severity info;
204. print-category yes;
205. print-severity yes;
206. print-time yes;
207. };
208. channel log_security {
209. file "/var/log/named/named-security.log" versions 5 size 10m;
210. severity info;
211. print-category yes;
212. print-severity yes;
213. print-time yes;
214. };
215. channel null {
216. null;
217. };
218. channel log_clients {
219. file "/var/log/named/named-clients.log" versions 5 size 50m;
220. severity info;
221. print-category yes;
222. print-severity yes;
223. print-time yes;
224. };
225. category lame-servers {
226. null;
227. null;
228. };
229. category queries {
230. log_clients;
231. };
232. category client {
233. log_default;
234. };
235. category unmatched {
236. log_clients;
237. };
238. category security {
239. log_security;
240. };
241. category default {
242. log_default;
243. };
244. };