root@stargaze:~# cat /etc/named.conf
include "/etc/rndc.key";
acl skails_dns {
192.168.26.1/32;
192.168.112.118/32;
};
acl synthnassizer_dns {
192.168.26.6/32;
192.168.114.4/32;
};
acl dsa_dns {
192.168.26.18/32;
192.168.18.10/32;
};
acl m2g_dns {
192.168.26.14/32;
};
acl vpn_my_self {
192.168.26.1/32;
};
acl outbound_subnet {
192.168.231.0/24;
};
acl dsa_office_subnet {
192.168.18.0/24;
};
acl skails_subnet {
192.168.112.0/24;
};
acl synthnassizer_subnet {
192.168.114.0/24;
};
acl local_host {
127.0.0.1/32;
};
acl local_nets {
local_host;
skails_subnet;
};
acl vpn_subnet {
192.168.26.0/24;
};
acl other_subnets {
outbound_subnet;
};
acl trusted_subnets {
local_nets;
vpn_subnet;
synthnassizer_subnet;
dsa_office_subnet;
skails_dns;
synthnassizer_dns;
dsa_dns;
m2g_dns;
};
acl all_my_nets {
trusted_subnets;
other_subnets;
};
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
forwarders {
// 192.168.231.117; //modem
62.169.194.17; //Tellas primary
62.169.194.18; //Tellas secondary
// 195.170.0.1; //otenet
// 193.92.150.3; // ForthnetDNS For Attiki
208.67.222.222; //openDNS primary
8.8.8.8; //googleDNS1
212.70.194.244; //TEE primary
208.67.220.220; //openDNS secondary
8.8.4.4; //googleDNS2
212.70.194.250; //TEE secondary
};
forward first;
allow-recursion { trusted_subnets; }; //for whom will bind go the extra mile to find the final address
listen-on { trusted_subnets; }; //ifs on which bind listens for queries
allow-transfer { trusted_subnets; };
allow-query { trusted_subnets; };
};
logging {
channel "notice_log" {
file "/var/log/named/notice.log" versions 5 size 2m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
category default { notice_log; };
channel "queries_log" {
file "/var/log/named/queries.log" versions 5 size 2m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
category queries { queries_log; };
};
controls {
inet 127.0.0.1 port 953 allow { local_host; } keys { rndc-key; };
};
//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "caching-example/named.root";
};
zone "localhost" IN {
type master;
file "caching-example/localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "caching-example/named.local";
allow-update { none; };
};
zone "skails.home" {
type master;
file "/var/named/skails.home.hosts";
notify yes;
allow-update { key rndc-key; };
};
zone "112.168.192.in-addr.arpa" {
type master;
file "/var/named/192.168.112.rev";
notify yes;
allow-update { key rndc-key; };
};
zone "dsaconsultants.office" {
type slave;
file "/var/named/dsaconsultants.office.hosts";
masters { 192.168.18.10; };
};
zone "18.168.192.in-addr.arpa" {
type slave;
file "/var/named/192.168.18.rev";
masters { 192.168.18.10; };
};
zone "synthnassizer.home" {
type slave;
file "/var/named/synthnassizer.home.hosts";
masters { 192.168.114.4; };
};
zone "114.168.192.in-addr.arpa" {
type slave;
file "/var/named/192.168.114.rev";
masters { 192.168.114.4; };
};