root@stargaze:~# cat /etc/named.conf include "/etc/rndc.key"; acl skails_dns { 192.168.26.1/32; 192.168.112.118/32; }; acl synthnassizer_dns { 192.168.26.6/32; 192.168.114.4/32; }; acl dsa_dns { 192.168.26.18/32; 192.168.18.10/32; }; acl m2g_dns { 192.168.26.14/32; }; acl vpn_my_self { 192.168.26.1/32; }; acl outbound_subnet { 192.168.231.0/24; }; acl dsa_office_subnet { 192.168.18.0/24; }; acl skails_subnet { 192.168.112.0/24; }; acl synthnassizer_subnet { 192.168.114.0/24; }; acl local_host { 127.0.0.1/32; }; acl local_nets { local_host; skails_subnet; }; acl vpn_subnet { 192.168.26.0/24; }; acl other_subnets { outbound_subnet; }; acl trusted_subnets { local_nets; vpn_subnet; synthnassizer_subnet; dsa_office_subnet; skails_dns; synthnassizer_dns; dsa_dns; m2g_dns; }; acl all_my_nets { trusted_subnets; other_subnets; }; options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; forwarders { // 192.168.231.117; //modem 62.169.194.17; //Tellas primary 62.169.194.18; //Tellas secondary // 195.170.0.1; //otenet // 193.92.150.3; // ForthnetDNS For Attiki 208.67.222.222; //openDNS primary 8.8.8.8; //googleDNS1 212.70.194.244; //TEE primary 208.67.220.220; //openDNS secondary 8.8.4.4; //googleDNS2 212.70.194.250; //TEE secondary }; forward first; allow-recursion { trusted_subnets; }; //for whom will bind go the extra mile to find the final address listen-on { trusted_subnets; }; //ifs on which bind listens for queries allow-transfer { trusted_subnets; }; allow-query { trusted_subnets; }; }; logging { channel "notice_log" { file "/var/log/named/notice.log" versions 5 size 2m; severity warning; print-category yes; print-severity yes; print-time yes; }; category default { notice_log; }; channel "queries_log" { file "/var/log/named/queries.log" versions 5 size 2m; severity warning; print-category yes; print-severity yes; print-time yes; }; category queries { queries_log; }; }; controls { inet 127.0.0.1 port 953 allow { local_host; } keys { rndc-key; }; }; // // a caching only nameserver config // zone "." IN { type hint; file "caching-example/named.root"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; zone "skails.home" { type master; file "/var/named/skails.home.hosts"; notify yes; allow-update { key rndc-key; }; }; zone "112.168.192.in-addr.arpa" { type master; file "/var/named/192.168.112.rev"; notify yes; allow-update { key rndc-key; }; }; zone "dsaconsultants.office" { type slave; file "/var/named/dsaconsultants.office.hosts"; masters { 192.168.18.10; }; }; zone "18.168.192.in-addr.arpa" { type slave; file "/var/named/192.168.18.rev"; masters { 192.168.18.10; }; }; zone "synthnassizer.home" { type slave; file "/var/named/synthnassizer.home.hosts"; masters { 192.168.114.4; }; }; zone "114.168.192.in-addr.arpa" { type slave; file "/var/named/192.168.114.rev"; masters { 192.168.114.4; }; };