Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * Refer to the named.conf(5) and named(8) man pages, and the documentation
- * in /usr/share/doc/bind-9 for more details.
- * Online versions of the documentation can be found here:
- * http://www.isc.org/software/bind/documentation
- *
- * If you are going to set up an authoritative server, make sure you
- * understand the hairy details of how DNS works. Even with simple mistakes,
- * you can break connectivity for affected parties, or cause huge amounts of
- * useless Internet traffic.
- */
- acl "xfer" {
- /* Deny transfers by default except for the listed hosts.
- * If we have other name servers, place them here.
- */
- none;
- };
- /*
- * You might put in here some ips which are allowed to use the cache or
- * recursive queries
- */
- acl "localhost.local" { 127.0.0.0/8; };
- acl "satt.10" {192.168.10.0/24; };
- acl "satt.11" {192.168.11.0/24; };
- options {
- directory "/var/bind";
- pid-file "/var/run/named/named.pid";
- /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
- //bindkeys-file "/etc/bind/bind.keys";
- listen-on-v6 { none; };
- listen-on { 127.0.0.1; 192.168.10.254; 192.168.11.1; };
- allow-query {
- /*
- * Accept queries from our "trusted" ACL. We will
- * allow anyone to query our master zones below.
- * This prevents us from becoming a free DNS server
- * to the masses.
- */
- localhost.local;
- satt.10;
- satt.11;
- };
- allow-query-cache {
- /* Use the cache for the "trusted" ACL. */
- localhost.local;
- satt.10;
- satt.11;
- };
- allow-recursion {
- /* Only trusted addresses are allowed to use recursion. */
- localhost.local;
- satt.10;
- satt.11;
- };
- allow-transfer {
- /* Zone tranfers are denied by default. */
- none;
- };
- # allow-update {
- # /* Don't allow updates, e.g. via nsupdate. */
- # none;
- # };
- /*
- * If you've got a DNS server around at your upstream provider, enter its
- * IP address here, and enable the line below. This will make you benefit
- * from its cache, thus reduce overall DNS traffic in the Internet.
- *
- * Uncomment the following lines to turn on DNS forwarding, and change
- * and/or update the forwarding ip address(es):
- */
- forward first;
- forwarders {
- // 123.123.123.123; // Your ISP NS
- // 124.124.124.124; // Your ISP NS
- 4.2.2.1; // Level3 Public DNS
- 4.2.2.2; // Level3 Public DNS
- 8.8.8.8; // Google Open DNS
- 8.8.4.4; // Google Open DNS
- };
- //dnssec-enable yes;
- //dnssec-validation yes;
- /*
- * As of bind 9.8.0:
- * "If the root key provided has expired,
- * named will log the expiration and validation will not work."
- */
- //dnssec-validation auto;
- /* if you have problems and are behind a firewall: */
- //query-source address * port 53;
- };
- #logging {
- # channel default_log {
- # file "/var/log/named/named.log" versions 5 size 50M;
- # print-time yes;
- # print-severity yes;
- # print-category yes;
- # };
- #
- # category default { default_log; };
- # category general { default_log; };
- #};
- #include "/etc/bind/rndc.key";
- key DHCP_UPDATER {
- algorithm hmac-md5;
- secret "rdJuK9q33GvCORLY7Xm4Sw==";
- };
- controls { inet 127.0.0.1 port 953 allow { localhost; 127.0.0.1/32; } keys { "DHCP_UPDATER"; }; };
- view "network.10" {
- match-clients { localhost.local; satt.10; };
- recursion yes;
- zone "." in {
- type hint;
- file "/var/bind/named.cache";
- };
- zone "satt.local" IN {
- type master;
- file "pri/network.10/satt.local.10.zone";
- allow-update { localhost; localhost.local; satt.10; satt.11; key DHCP_UPDATER; };
- };
- zone "10.168.192.in-addr.arpa" IN {
- type master;
- file "pri/network.10/192.168.10.zone-rev";
- allow-update { localhost; localhost.local; satt.10; satt.11; key DHCP_UPDATER; };
- };
- zone "localhost" IN {
- type master;
- file "pri/localhost.zone";
- };
- zone "127.in-addr.arpa" IN {
- type master;
- file "pri/127.zone";
- };
- };
- view "network.11" {
- match-clients { localhost; localhost.local; satt.11; };
- recursion yes;
- zone "." in {
- type hint;
- file "/var/bind/named.cache";
- };
- zone "satt.local" IN {
- type master;
- file "dyn/network.11/satt.local.11.zone";
- allow-update { key DHCP_UPDATER; };
- };
- zone "11.168.192.in-addr.arpa" IN {
- type master;
- file "dyn/network.11/192.168.11.zone-rev";
- allow-update { key DHCP_UPDATER; };
- };
- server 192.168.11.1 {
- keys { DHCP_UPDATER; };
- };
- };
- logging {
- channel log_default {
- file "/var/log/named/named-default.log" versions 5 size 50m;
- severity debug;
- print-category yes;
- print-severity yes;
- print-time yes;
- };
- channel log_resolving {
- file "/var/log/named/named-resolving.log" versions 5 size 50m;
- severity info;
- print-category yes;
- print-severity yes;
- print-time yes;
- };
- channel log_security {
- file "/var/log/named/named-security.log" versions 5 size 10m;
- severity info;
- print-category yes;
- print-severity yes;
- print-time yes;
- };
- channel null {
- null;
- };
- channel log_clients {
- file "/var/log/named/named-clients.log" versions 5 size 50m;
- severity info;
- print-category yes;
- print-severity yes;
- print-time yes;
- };
- category lame-servers {
- null;
- null;
- };
- category queries {
- log_clients;
- };
- category client {
- log_default;
- };
- category unmatched {
- log_clients;
- };
- category security {
- log_security;
- };
- category default {
- log_default;
- };
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement