####### named.conf.local//// Do any local configuration here//// Consi

1. ####### named.conf.local
2. //
3. // Do any local configuration here
4. //
5.  
6. // Consider adding the 1918 zones here, if they are not used in your
7. // organization
8. //include "/etc/bind/zones.rfc1918";
9.  
10. zone "example.com" {
11. type master;
12. file "/etc/bind/db.example.com";
13. };
14.  
15. zone "50.168.192.in-addr.arpa" {
16. type master;
17. notify no;
18. file "/etc/bind/db.192";
19.  
20. };
21.  
22.  
23.  
24.  
25.  
26.  
27.  
28.  
29. ######### named.conf.options
30. options {
31. directory "/var/cache/bind";
32.  
33. // If there is a firewall between you and nameservers you want
34. // to talk to, you may need to fix the firewall to allow multiple
35. // ports to talk. See http://www.kb.cert.org/vuls/id/800113
36.  
37. // If your ISP provided one or more IP addresses for stable
38. // nameservers, you probably want to use them as forwarders.
39. // Uncomment the following block, and insert the addresses replacing
40. // the all-0's placeholder.
41.  
42. forwarders {
43. 208.67.220.220;
44. 208.67.222.222;
45. };
46.  
47. auth-nxdomain no; # conform to RFC1035
48. listen-on-v6 { none; };
49. listen-on { 192.168.50.1; };
50. dump-file "data/cache_dump.db";
51. statistics-file "data/named_stats.txt";
52. memstatistics-file "data/named_mem_stats.txt";
53. recursion no;
54. version "go away";
55.  
56. };
57.  
58.  
59.  
60.  
61.  
62.  
63.  
64. ################## db.example.com
65. ;
66. ; BIND data file for example.com
67. ;
68. $TTL 604800
69. @ IN SOA example.com. sysadmin.example.com. (
70. 310120101400 ; Serial
71. 604800 ; Refresh
72. 86400 ; Retry
73. 2419200 ; Expire
74. 604800 ) ; Negative Cache TTL
75. ;
76. @ IN NS example.com.
77. ;@ IN A 192.168.50.1
78. @ IN A 72.13.95.107
79. @ IN AAAA ::1
80.  
81. ; Public records
82. ;www IN A 72.13.95.107
83. ;
84.  
85.  
86.  
87. ; Private records
88. phpmyadmin IN A 192.168.50.1
89. nagios IN A 192.168.50.1
90. redmine IN A 192.168.50.1
91. status IN A 192.168.50.1
92.  
93. pma IN CNAME phpmyadmin
94. cacti IN CNAME nagios
95. projects IN CNAME redmine
96. git IN CNAME redmine
97. vpn IN CNAME status
98.  
99.  
100.  
101.  
102. ###### db.192
103. ;
104. ; BIND reverse data file for example.com
105. ;
106. $TTL 604800
107. @ IN SOA example.com. sysadmin.example.com. (
108. 300120101400 ; Serial
109. 604800 ; Refresh
110. 86400 ; Retry
111. 2419200 ; Expire
112. 604800 ) ; Negative Cache TTL
113. ;
114. @ IN NS example.com.
115. ;1 IN PTR example.com.
116. 1 IN PTR phpmyadmin
117. 1 IN PTR nagios
118. 1 IN PTR redmine
119. 1 IN PTR status
120.  
121.  
122. ############# /var/log/syslog on server
123. Jan 31 15:19:20 server named[17540]: client 192.168.50.6#50054: query (cache) 'pop.gmail.com.lan/A/IN' denied
124. Jan 31 15:19:20 server named[17540]: client 192.168.50.6#52852: query (cache) 'download850.avast.com/A/IN' denied
125. Jan 31 15:19:21 server named[17540]: client 192.168.50.6#38634: query (cache) 'pop.gmail.com/A/IN' denied
126. Jan 31 15:19:22 server named[17540]: client 192.168.50.6#53249: query (cache) 'download850.avast.com.lan/A/IN' denied
127. Jan 31 15:19:23 server named[17540]: client 192.168.50.6#50158: query (cache) 'pop.gmail.com/A/IN' denied
128. Jan 31 15:19:24 server named[17540]: client 192.168.50.6#59028: query (cache) 'pastebin.com/A/IN' denied
129. Jan 31 15:19:25 server named[17540]: client 192.168.50.6#33061: query (cache) 'pop.gmail.com.lan/A/IN' denied
130. Jan 31 15:19:25 server named[17540]: client 192.168.50.6#40061: query (cache) 'www.opendns.com/A/IN' denied
131. Jan 31 15:19:25 server named[17540]: client 192.168.50.6#49904: query (cache) 'pastebin.com/A/IN' denied
132. Jan 31 15:19:26 server named[17540]: client 192.168.50.6#40748: query (cache) 'pop.gmail.com.lan/A/IN' denied
133. Jan 31 15:19:26 server named[17540]: client 192.168.50.6#59660: query (cache) 'pastebin.com.lan/A/IN' denied
134. Jan 31 15:19:28 server named[17540]: client 192.168.50.6#38904: query (cache) 'pastebin.com.lan/A/IN' denied
135. Jan 31 15:19:29 server named[17540]: client 192.168.50.6#42210: query (cache) 'pastebin.com/A/IN' denied
136. Jan 31 15:19:29 server named[17540]: client 192.168.50.6#35240: query (cache) 'www.opendns.com/A/IN' denied
137. Jan 31 15:19:29 server named[17540]: client 192.168.50.6#44690: query (cache) 'pastebin.com/A/IN' denied
138. Jan 31 15:19:30 server named[17540]: client 192.168.50.6#33826: query (cache) 'pastebin.com.lan/A/IN' denied
139. Jan 31 15:19:31 server named[17540]: client 192.168.50.6#52377: query (cache) 'pastebin.com.lan/A/IN' denied
140. Jan 31 15:19:43 server named[17540]: client 192.168.50.6#57971: query (cache) 'twitter.com/A/IN' denied
141. Jan 31 15:19:43 server named[17540]: client 192.168.50.6#37093: query (cache) 'twitter.com/A/IN' denied
142. Jan 31 15:19:44 server named[17540]: client 192.168.50.6#46238: query (cache) 'twitter.com.lan/A/IN' denied
143. Jan 31 15:19:44 server named[17540]: client 192.168.50.6#34111: query (cache) 'twitter.com.lan/A/IN' denied
144. Jan 31 15:19:46 server named[17540]: client 192.168.50.6#50827: query (cache) 'pop.gmail.com/A/IN' denied
145. Jan 31 15:19:46 server named[17540]: client 192.168.50.6#52308: query (cache) 'pop.gmail.com/A/IN' denied
146. Jan 31 15:19:47 server named[17540]: client 192.168.50.6#45317: query (cache) 'mail.google.com/A/IN' denied
147. Jan 31 15:19:47 server named[17540]: client 192.168.50.6#43735: query (cache) 'pop.gmail.com.lan/A/IN' denied
148. Jan 31 15:19:47 server named[17540]: client 192.168.50.6#52248: query (cache) 'pop.gmail.com.lan/A/IN' denied
149. Jan 31 15:19:48 server named[17540]: client 192.168.50.6#48003: query (cache) 'pop.gmail.com/A/IN' denied
150. Jan 31 15:19:49 server named[17540]: client 192.168.50.6#52280: query (cache) 'pop.gmail.com/A/IN' denied
151. Jan 31 15:19:49 server named[17540]: client 192.168.50.6#48119: query (cache) 'pop.gmail.com.lan/A/IN' denied
152. Jan 31 15:19:50 server named[17540]: client 192.168.50.6#40738: query (cache) 'pop.gmail.com.lan/A/IN' denied
153.  
154. ############# client digs:
155. [1047][shoaibi@blade:~]$ dig yahoo.com (31/01/10 20:02:06)
156.  
157. ; <<>> DiG 9.6.1-P2 <<>> yahoo.com
158. ;; global options: +cmd
159. ;; Got answer:
160. ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24700
161. ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
162. ;; WARNING: recursion requested but not available
163.  
164. ;; QUESTION SECTION:
165. ;yahoo.com. IN A
166.  
167. ;; Query time: 689 msec
168. ;; SERVER: 192.168.50.1#53(192.168.50.1)
169. ;; WHEN: Sun Jan 31 20:19:03 2010
170. ;; MSG SIZE rcvd: 27
171.  
172. [1047][shoaibi@blade:~]$ dig gmail.com (31/01/10 20:19:03)
173.  
174. ; <<>> DiG 9.6.1-P2 <<>> gmail.com
175. ;; global options: +cmd
176. ;; Got answer:
177. ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 30199
178. ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
179. ;; WARNING: recursion requested but not available
180.  
181. ;; QUESTION SECTION:
182. ;gmail.com. IN A
183.  
184. ;; Query time: 795 msec
185. ;; SERVER: 192.168.50.1#53(192.168.50.1)
186. ;; WHEN: Sun Jan 31 20:19:08 2010
187. ;; MSG SIZE rcvd: 27
188.  
189.  
190.  
191. ####### Client resolv.conf
192. # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
193. # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
194. nameserver 192.168.50.1
195. search lan
196.  
197.