Selveste1

bind9 dosn't server requests

Nov 21st, 2016
72
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # /etc/bind/named.conf
  2. include "/etc/bind/named.conf.log";
  3. include "/etc/bind/named.conf.acl";
  4. include "/etc/bind/named.conf.options";
  5. include "/etc/bind/named.conf.controls";
  6. include "/etc/bind/named.conf.local";
  7. include "/etc/bind/named.conf.default-zones";
  8. include "/etc/bind/bind.keys";
  9.  
  10.  
  11. # /etc/bind/named.conf.log
  12. logging {
  13. channel default {
  14. file "/var/log/bind/bind.log" size 5m;
  15. severity warning;
  16. print-time yes;
  17. print-severity yes;
  18. print-category yes;
  19. };
  20.  
  21. channel security_channel {
  22. file "/var/log/bind/security.log";
  23. severity debug;
  24. print-time yes;
  25. print-category yes;
  26. print-severity yes;
  27. };
  28.  
  29. channel xfer_log {
  30. file "/var/log/bind/xfer.log";
  31. severity info;
  32. print-time yes;
  33. print-category yes;
  34. print-severity yes;
  35. };
  36.  
  37. channel dnssec {
  38. file "/var/log/bind/dnssec.log";
  39. severity info;
  40. print-time yes;
  41. print-category yes;
  42. print-severity yes;
  43. };
  44.  
  45. channel query_log {
  46. file "/var/log/bind/bind9-query.log";
  47. severity debug 3;
  48. print-time yes;
  49. print-category yes;
  50. print-severity yes;
  51. };
  52.  
  53. category default { default; };
  54. category dnssec { dnssec; };
  55. category security { security_channel; default; };
  56. category update-security { security_channel; default; };
  57. category queries { query_log; };
  58. category xfer-in { xfer_log; };
  59. category xfer-out { xfer_log; };
  60. category notify { xfer_log; };
  61. category lame-servers { null; };
  62. };
  63.  
  64.  
  65. # /etc/bind/named.conf.acl
  66. acl locals {
  67. localhost;
  68. ::1;
  69. 127.0.0.1;
  70. 127.0/8;
  71. };
  72. acl mynetworks {
  73. 192.168.210.0/23; // Static+Dyn LAN via IPv4
  74. 192.168.220.0/24; // Static+Dyn LAN via IPv4
  75.  
  76. 2001:16d8:ddde:10::/63; // Sixxs /48 range
  77. 2001:16d8:ddde:20::/64; // Sixxs /48 range
  78. // 2001:X:Y::/48; // routed IPv6 /48
  79. fe80::/16; // Link-Local IPv6
  80. };
  81. acl guestnetwork {
  82. 192.168.230.0/24; // Guest routed IPv4
  83. 2001:16d8:ddde:30::/64; // Sixxs /48 range
  84. };
  85. acl testnetwork {
  86. 192.168.240.0/24; // Guest routed IPv4
  87. 2001:16d8:ddde:40::/64; // Sixxs /48 range
  88. };
  89. acl bgp-vpn {
  90. 192.168.1.11; // cvs on Semark network
  91. 2001:470:ded5:88::11/128; // cvs on Semark network
  92. 192.168.1.14;
  93. 2001:470:ded5:88::14/128;
  94. };
  95. acl semark {
  96. 192.168.0.0/23;
  97. };
  98. acl blocked {
  99. // Put blocked addresses here
  100.  
  101. };
  102.  
  103.  
  104. # /etc/bind/named.conf.options
  105. options {
  106. directory "/var/cache/bind";
  107. statistics-file "/var/bind/data/bind_stats.txt";
  108. memstatistics-file "/var/bind/data/bind_mem_stats.txt";
  109.  
  110. forwarders {
  111. 8.8.8.8;
  112. 8.8.4.4;
  113. 2001:4860:4860::8888;
  114. 2001:4860:4860::8844;
  115. };
  116.  
  117. dnssec-enable yes;
  118. dnssec-validation yes;
  119. dnssec-lookaside auto;
  120.  
  121. auth-nxdomain no; # conform to RFC1035
  122.  
  123. listen-on { any; };
  124. listen-on-v6 { any; };
  125.  
  126. query-source address * ;
  127. query-source-v6 address * ;
  128.  
  129. recursion yes;
  130. version "REFUSED";
  131.  
  132. # provide-ixfr yes;
  133. # ixfr-from-differences yes;
  134.  
  135. allow-query-cache {
  136. locals;
  137. mynetworks;
  138. guestnetwork;
  139. };
  140. allow-query {
  141. locals;
  142. mynetworks;
  143. guestnetwork;
  144. bgp-vpn;
  145. semark;
  146. };
  147. allow-transfer {
  148. locals;
  149. bgp-vpn;
  150. };
  151. allow-recursion {
  152. locals;
  153. mynetworks;
  154. guestnetwork;
  155. bgp-vpn;
  156. };
  157.  
  158. blackhole {
  159. blocked;
  160. };
  161.  
  162. tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
  163. };
  164.  
  165.  
  166. # /etc/bind/named.conf.controls
  167. controls {
  168. inet 127.0.0.1 port 953
  169. allow { locals; } keys { "rndc-key"; };
  170. inet ::1 port 953
  171. allow { locals; } keys { "rndc-key"; };
  172.  
  173. };
  174.  
  175.  
  176. # /etc/bind/named.conf.local (only parts of it, but it's the same deal for the rest)
  177. include "/etc/bind/rndc.key";
  178. include "/etc/bind/transfer.key";
  179. include "/etc/bind/zones.rfc1918";
  180.  
  181. zone "semarkit.net" {
  182. type master;
  183. allow-transfer {
  184. locals;
  185. bgp-vpn;
  186. key "transfer-key";
  187. };
  188. also-notify {
  189. 2001:470:ded5:88::11;
  190. };
  191. file "/etc/bind/master/semarkit.net";
  192.  
  193. // DNSSEC
  194. key-directory "/var/cache/bind";
  195. update-policy {
  196. grant "rndc-key" name ANY;
  197. };
  198. auto-dnssec maintain;
  199. inline-signing yes;
  200. };
  201. [...]
  202. zone "dyn.semarkit.net" {
  203. type master;
  204. allow-transfer {
  205. locals;
  206. bgp-vpn;
  207. key "transfer-key";
  208. };
  209. also-notify {
  210. 2001:470:ded5:88::11;
  211. };
  212. file "/etc/bind/master/dyn.semarkit.net";
  213.  
  214. // DNSSEC
  215. key-directory "/var/cache/bind";
  216. update-policy {
  217. grant "rndc-key" name ANY;
  218. };
  219. auto-dnssec maintain;
  220. inline-signing yes;
  221. };
  222. zone "211.168.192.in-addr.arpa" {
  223. type master;
  224. allow-transfer {
  225. locals;
  226. bgp-vpn;
  227. key "transfer-key";
  228. };
  229. also-notify {
  230. 2001:470:ded5:88::11;
  231. };
  232. file "/etc/bind/master/db.192.168.255";
  233.  
  234. // DNSSEC
  235. key-directory "/var/cache/bind";
  236. update-policy {
  237. grant "rndc-key" tcp-self ANY;
  238. };
  239. auto-dnssec maintain;
  240. inline-signing yes;
  241. };
  242. zone "1.1.0.0.e.d.d.d.8.d.6.1.1.0.0.2.ip6.arpa" {
  243. type master;
  244. allow-transfer {
  245. locals;
  246. bgp-vpn;
  247. key "transfer-key";
  248. };
  249. also-notify {
  250. 2001:470:ded5:88::11;
  251. };
  252. file "/etc/bind/master/db.2001.470.dd5b.fe.1";
  253.  
  254. // DNSSEC
  255. key-directory "/var/cache/bind";
  256. update-policy {
  257. grant "rndc-key" tcp-self ANY;
  258. };
  259. auto-dnssec maintain;
  260. inline-signing yes;
  261. };
  262. [...]
  263. zone "semark.dk" {
  264. type slave;
  265. masters { 2001:470:ded5:88::11; };
  266. file "/etc/bind/slave/semark.dk";
  267. };
  268.  
  269.  
  270. # /etc/bind/named.conf.default-zones
  271. // prime the server with knowledge of the root servers
  272. zone "." {
  273. type hint;
  274. file "/etc/bind/db.root";
  275. };
  276. zone "localhost" {
  277. type master;
  278. file "/etc/bind/db.local";
  279. };
  280. zone "127.in-addr.arpa" {
  281. type master;
  282. file "/etc/bind/db.127";
  283. };
  284. zone "0.in-addr.arpa" {
  285. type master;
  286. file "/etc/bind/db.0";
  287. };
  288. zone "255.in-addr.arpa" {
  289. type master;
  290. file "/etc/bind/db.255";
  291. };
  292.  
  293.  
  294. # ls -la /etc/bind/
  295. -rw-r--r-- 1 bind bind 2389 Jan 1 2015 bind.keys
  296. -rw-r--r-- 1 bind bind 237 Jan 1 2015 db.0
  297. -rw-r--r-- 1 bind bind 271 Jan 1 2015 db.127
  298. -rw-r--r-- 1 bind bind 237 Jan 1 2015 db.255
  299. -rw-r--r-- 1 bind bind 353 Jan 1 2015 db.empty
  300. -rw-r--r-- 1 bind bind 270 Jan 1 2015 db.local
  301. -rw-r--r-- 1 bind bind 3171 Jul 2 12:41 db.root
  302. lrwxrwxrwx 1 root bind 15 Nov 21 12:29 keys -> /var/cache/bind
  303. drwxrwsrwx 2 bind bind 4096 Nov 21 12:52 master
  304. -rw-r--r-- 1 bind bind 607 Nov 21 12:43 named.conf
  305. -rw-r--r-- 1 bind bind 985 Nov 21 09:50 named.conf.acl
  306. -rw-r--r-- 1 bind bind 141 Nov 21 11:05 named.conf.controls
  307. -rw-r--r-- 1 bind bind 490 Jan 1 2015 named.conf.default-zones
  308. -rw-r--r-- 1 bind bind 8299 Nov 21 10:50 named.conf.local
  309. -rw-r--r-- 1 bind bind 1071 Aug 9 10:47 named.conf.log
  310. -rw-r--r-- 1 bind bind 1034 Nov 21 12:43 named.conf.options
  311. -rwxrwxrwx 1 bind bind 77 Jan 27 2015 rndc.key
  312. drwxr-sr-x 2 bind bind 4096 Nov 19 10:17 slave
  313. -rw-r----- 1 bind bind 101 Jun 8 2015 transfer.key
  314. -rw-r--r-- 1 bind bind 1317 Jan 1 2015 zones.rfc1918
  315.  
  316.  
  317. # /etc/bind/rndc.key
  318. key "rndc-key" {
  319. algorithm hmac-md5;
  320. secret "RemovedForSomeReasonOFC";
  321. };
  322.  
  323.  
  324. # /etc/bind/master/dyn.semarkit.net (before signed)
  325. $ORIGIN .
  326. $TTL 86400 ; 1 day
  327. dyn.semarkit.net IN SOA ns1.static.semarkit.net. zonemaster.static.semarkit.net. (
  328. 2016112111 ; serial
  329. 14400 ; refresh (4 hours)
  330. 7200 ; retry (2 hours)
  331. 2419200 ; expire (4 weeks)
  332. 3600 ; minimum (1 hour)
  333. )
  334. NS ns1.static.semarkit.net.
  335. NS ns2.static.semarkit.net.
  336. $ORIGIN dyn.semarkit.net.
  337. $TTL 3600 ; 1 hour
  338. somehostname1 A 192.168.211.53
  339. TXT "029f0efce9cf5ca63568d9a132f26cc86e"
  340. somehostname2 A 192.168.211.91
  341. TXT "022699ab2d36dee71a9d8591093e452294"
  342.  
  343.  
  344. # ls -la /etc/bind/master/
  345. -rw-r--r-- 1 bind bind 4016 Nov 21 01:45 dyn.semarkit.net
  346. -rw-r--r-- 1 bind bind 512 Nov 21 13:13 dyn.semarkit.net.jbk
  347. -rw-r--r-- 1 bind bind 3986 Nov 21 13:36 dyn.semarkit.net.signed.jnl
  348. -rw-r--r-- 1 bind bind 2725 Nov 21 01:45 semarkit.net
  349. -rw-r--r-- 1 bind bind 512 Nov 21 13:13 semarkit.net.jbk
  350. -rw-r--r-- 1 bind bind 1666 Nov 21 13:36 semarkit.net.signed.jnl
  351.  
  352.  
  353. # /var/log/syslog
  354. Nov 21 12:34:10 hds-lenovo named[4361]: starting BIND 9.10.3-P4-Debian <id:ebd72b3> -f -u bind
  355. Nov 21 12:34:10 hds-lenovo named[4361]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIGCHASE'
  356. Nov 21 12:34:10 hds-lenovo named[4361]: ----------------------------------------------------
  357. Nov 21 12:34:10 hds-lenovo named[4361]: BIND 9 is maintained by Internet Systems Consortium,
  358. Nov 21 12:34:10 hds-lenovo named[4361]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
  359. Nov 21 12:34:10 hds-lenovo named[4361]: corporation. Support and training for BIND 9 are
  360. Nov 21 12:34:10 hds-lenovo named[4361]: available at https://www.isc.org/support
  361. Nov 21 12:34:10 hds-lenovo named[4361]: ----------------------------------------------------
  362. Nov 21 12:34:10 hds-lenovo named[4361]: adjusted limit on open files from 4096 to 1048576
  363. Nov 21 12:34:10 hds-lenovo named[4361]: found 2 CPUs, using 2 worker threads
  364. Nov 21 12:34:10 hds-lenovo named[4361]: using 2 UDP listeners per interface
  365. Nov 21 12:34:10 hds-lenovo named[4361]: using up to 4096 sockets
  366. Nov 21 12:34:10 hds-lenovo named[4361]: loading configuration from '/etc/bind/named.conf'
  367. Nov 21 12:34:10 hds-lenovo named[4361]: reading built-in trusted keys from file '/etc/bind/bind.keys'
  368. Nov 21 12:34:10 hds-lenovo named[4361]: initializing GeoIP Country (IPv4) (type 1) DB
  369. Nov 21 12:34:10 hds-lenovo named[4361]: GEO-106FREE 20150810 Build
  370. Nov 21 12:34:10 hds-lenovo named[4361]: initializing GeoIP Country (IPv6) (type 12) DB
  371. Nov 21 12:34:10 hds-lenovo named[4361]: GEO-106FREE 20150810 Build
  372. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP City (IPv4) (type 2) DB not available
  373. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP City (IPv4) (type 6) DB not available
  374. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP City (IPv6) (type 30) DB not available
  375. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP City (IPv6) (type 31) DB not available
  376. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP Region (type 3) DB not available
  377. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP Region (type 7) DB not available
  378. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP ISP (type 4) DB not available
  379. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP Org (type 5) DB not available
  380. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP AS (type 9) DB not available
  381. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP Domain (type 11) DB not available
  382. Nov 21 12:34:10 hds-lenovo named[4361]: GeoIP NetSpeed (type 10) DB not available
  383. Nov 21 12:34:10 hds-lenovo named[4361]: using default UDP/IPv4 port range: [32768, 61000]
  384. Nov 21 12:34:10 hds-lenovo named[4361]: using default UDP/IPv6 port range: [32768, 61000]
  385. Nov 21 12:34:10 hds-lenovo named[4361]: listening on IPv6 interfaces, port 53
  386. Nov 21 12:34:10 hds-lenovo named[4361]: listening on IPv4 interface lo, 127.0.0.1#53
  387. Nov 21 12:34:10 hds-lenovo named[4361]: listening on IPv4 interface vlan10, 192.168.210.5#53
  388. Nov 21 12:34:10 hds-lenovo named[4361]: listening on IPv4 interface vlan20, 192.168.220.5#53
  389. Nov 21 12:34:10 hds-lenovo named[4361]: listening on IPv4 interface vlan30, 192.168.230.5#53
  390. Nov 21 12:34:10 hds-lenovo named[4361]: listening on IPv4 interface vlan40, 192.168.240.5#53
  391. Nov 21 12:34:10 hds-lenovo named[4361]: generating session key for dynamic DNS
  392. Nov 21 12:34:10 hds-lenovo named[4361]: sizing zone task pool based on 52 zones
  393. Nov 21 12:34:10 hds-lenovo named[4361]: using built-in DLV key for view _default
  394. Nov 21 12:34:10 hds-lenovo named[4361]: set up managed keys zone for view _default, file 'managed-keys.bind'
  395. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 64.100.IN-ADDR.ARPA
  396. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 65.100.IN-ADDR.ARPA
  397. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 66.100.IN-ADDR.ARPA
  398. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 67.100.IN-ADDR.ARPA
  399. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 68.100.IN-ADDR.ARPA
  400. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 69.100.IN-ADDR.ARPA
  401. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 70.100.IN-ADDR.ARPA
  402. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 71.100.IN-ADDR.ARPA
  403. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 72.100.IN-ADDR.ARPA
  404. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 73.100.IN-ADDR.ARPA
  405. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 74.100.IN-ADDR.ARPA
  406. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 75.100.IN-ADDR.ARPA
  407. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 76.100.IN-ADDR.ARPA
  408. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 77.100.IN-ADDR.ARPA
  409. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 78.100.IN-ADDR.ARPA
  410. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 79.100.IN-ADDR.ARPA
  411. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 80.100.IN-ADDR.ARPA
  412. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 81.100.IN-ADDR.ARPA
  413. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 82.100.IN-ADDR.ARPA
  414. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 83.100.IN-ADDR.ARPA
  415. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 84.100.IN-ADDR.ARPA
  416. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 85.100.IN-ADDR.ARPA
  417. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 86.100.IN-ADDR.ARPA
  418. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 87.100.IN-ADDR.ARPA
  419. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 88.100.IN-ADDR.ARPA
  420. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 89.100.IN-ADDR.ARPA
  421. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 90.100.IN-ADDR.ARPA
  422. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 91.100.IN-ADDR.ARPA
  423. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 92.100.IN-ADDR.ARPA
  424. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 93.100.IN-ADDR.ARPA
  425. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 94.100.IN-ADDR.ARPA
  426. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 95.100.IN-ADDR.ARPA
  427. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 96.100.IN-ADDR.ARPA
  428. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 97.100.IN-ADDR.ARPA
  429. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 98.100.IN-ADDR.ARPA
  430. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 99.100.IN-ADDR.ARPA
  431. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 100.100.IN-ADDR.ARPA
  432. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 101.100.IN-ADDR.ARPA
  433. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 102.100.IN-ADDR.ARPA
  434. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 103.100.IN-ADDR.ARPA
  435. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 104.100.IN-ADDR.ARPA
  436. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 105.100.IN-ADDR.ARPA
  437. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 106.100.IN-ADDR.ARPA
  438. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 107.100.IN-ADDR.ARPA
  439. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 108.100.IN-ADDR.ARPA
  440. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 109.100.IN-ADDR.ARPA
  441. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 110.100.IN-ADDR.ARPA
  442. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 111.100.IN-ADDR.ARPA
  443. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 112.100.IN-ADDR.ARPA
  444. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 113.100.IN-ADDR.ARPA
  445. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 114.100.IN-ADDR.ARPA
  446. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 115.100.IN-ADDR.ARPA
  447. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 116.100.IN-ADDR.ARPA
  448. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 117.100.IN-ADDR.ARPA
  449. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 118.100.IN-ADDR.ARPA
  450. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 119.100.IN-ADDR.ARPA
  451. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 120.100.IN-ADDR.ARPA
  452. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 121.100.IN-ADDR.ARPA
  453. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 122.100.IN-ADDR.ARPA
  454. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 123.100.IN-ADDR.ARPA
  455. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 124.100.IN-ADDR.ARPA
  456. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 125.100.IN-ADDR.ARPA
  457. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 126.100.IN-ADDR.ARPA
  458. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 127.100.IN-ADDR.ARPA
  459. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 254.169.IN-ADDR.ARPA
  460. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
  461. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
  462. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
  463. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
  464. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
  465. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
  466. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: D.F.IP6.ARPA
  467. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 8.E.F.IP6.ARPA
  468. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 9.E.F.IP6.ARPA
  469. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: A.E.F.IP6.ARPA
  470. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: B.E.F.IP6.ARPA
  471. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
  472. Nov 21 12:34:10 hds-lenovo named[4361]: automatic empty zone: EMPTY.AS112.ARPA
  473. Nov 21 12:34:10 hds-lenovo named[4361]: command channel listening on 127.0.0.1#953
  474. Nov 21 12:34:10 hds-lenovo named[4361]: command channel listening on ::1#953
  475.  
  476. # /var/log/bind/bind.log
  477. 21-Nov-2016 12:34:10.202 general: warning: /etc/bind/master/semarkit.org:5: ignoring out-of-zone data (semarkit.dk)
  478. 21-Nov-2016 12:34:10.202 general: warning: /etc/bind/master/semarkit.org:11: ignoring out-of-zone data (semarkit.org)
  479. 21-Nov-2016 12:34:10.208 general: warning: /etc/bind/master/semarkit.org:8: ignoring out-of-zone data (semarkit.eu)
  480. 21-Nov-2016 12:34:10.208 general: warning: /etc/bind/master/semarkit.org:11: ignoring out-of-zone data (semarkit.org)
  481. 21-Nov-2016 12:34:10.208 general: warning: /etc/bind/master/semarkit.org:5: ignoring out-of-zone data (semarkit.dk)
  482. 21-Nov-2016 12:34:10.208 general: warning: /etc/bind/master/semarkit.org:8: ignoring out-of-zone data (semarkit.eu)
  483. 21-Nov-2016 12:34:10.214 general: error: zone printers.semarkit.net/IN (signed): journal rollforward failed: journal out of sync with zone
  484. 21-Nov-2016 12:34:10.214 general: error: zone printers.semarkit.net/IN (signed): not loaded due to errors.
  485. 21-Nov-2016 12:34:10.214 general: error: zone printers.semarkit.net/IN (signed): receive_secure_db: out of range
  486. 21-Nov-2016 12:34:10.219 general: error: zone 210.168.192.in-addr.arpa/IN (signed): receive_secure_serial: unchanged
  487. 21-Nov-2016 12:34:10.219 general: error: zone 230.168.192.in-addr.arpa/IN (signed): receive_secure_serial: unchanged
  488. 21-Nov-2016 12:34:10.219 general: error: zone 0.1.0.0.e.d.d.d.8.d.6.1.1.0.0.2.ip6.arpa/IN (signed): receive_secure_serial: unchanged
  489. 21-Nov-2016 12:34:10.229 general: error: zone 200.168.192.in-addr.arpa/IN (signed): receive_secure_serial: unchanged
  490.  
  491.  
  492. # dig -x wiki.semarkit.net @192.168.210.5
  493. ; <<>> DiG 9.9.5-11-Debian <<>> -x wiki.semarkit.net @192.168.210.5
  494. ;; global options: +cmd
  495. ;; connection timed out; no servers could be reached
  496.  
  497.  
  498.  
  499. # named-checkconf -px
  500. options {
  501. blackhole {
  502. "blocked";
  503. };
  504. directory "/var/cache/bind";
  505. listen-on {
  506. "any";
  507. };
  508. listen-on-v6 {
  509. "any";
  510. };
  511. memstatistics-file "/var/bind/data/bind_mem_stats.txt";
  512. statistics-file "/var/bind/data/bind_stats.txt";
  513. tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
  514. version "REFUSED";
  515. allow-query-cache {
  516. "locals";
  517. "mynetworks";
  518. "guestnetwork";
  519. };
  520. allow-recursion {
  521. "locals";
  522. "mynetworks";
  523. "guestnetwork";
  524. "bgp-vpn";
  525. };
  526. auth-nxdomain no;
  527. dnssec-enable yes;
  528. dnssec-lookaside auto;
  529. dnssec-validation yes;
  530. query-source address 0.0.0.0 port 0;
  531. query-source-v6 address :: port 0;
  532. recursion yes;
  533. allow-query {
  534. "locals";
  535. "mynetworks";
  536. "guestnetwork";
  537. "bgp-vpn";
  538. "semark";
  539. };
  540. allow-transfer {
  541. "locals";
  542. "bgp-vpn";
  543. };
  544. forwarders {
  545. 8.8.8.8;
  546. 8.8.4.4;
  547. 2001:4860:4860::8888;
  548. 2001:4860:4860::8844;
  549. };
  550. };
  551. controls {
  552. inet 127.0.0.1 port 953 allow {
  553. "locals";
  554. } keys {
  555. "rndc-key";
  556. };
  557. inet ::1 port 953 allow {
  558. "locals";
  559. } keys {
  560. "rndc-key";
  561. };
  562. };
  563. acl "locals" {
  564. "localhost";
  565. ::1/128;
  566. 127.0.0.1/32;
  567. 127.0.0.0/8;
  568. };
  569. acl "mynetworks" {
  570. 192.168.210.0/23;
  571. 192.168.220.0/24;
  572. 2001:16d8:ddde:10::/63;
  573. 2001:16d8:ddde:20::/64;
  574. fe80::/16;
  575. };
  576. acl "guestnetwork" {
  577. 192.168.230.0/24;
  578. 2001:16d8:ddde:30::/64;
  579. };
  580. acl "testnetwork" {
  581. 192.168.240.0/24;
  582. 2001:16d8:ddde:40::/64;
  583. };
  584. acl "bgp-vpn" {
  585. 192.168.1.11/32;
  586. 2001:470:ded5:88::11/128;
  587. 192.168.1.14/32;
  588. 2001:470:ded5:88::14/128;
  589. };
  590. acl "semark" {
  591. 192.168.0.0/23;
  592. };
  593. acl "blocked" {
  594. };
  595. logging {
  596. channel "default" {
  597. file "/var/log/bind/bind.log" size 5242880;
  598. severity warning;
  599. print-time yes;
  600. print-severity yes;
  601. print-category yes;
  602. };
  603. channel "security_channel" {
  604. file "/var/log/bind/security.log";
  605. severity debug 1;
  606. print-time yes;
  607. print-severity yes;
  608. print-category yes;
  609. };
  610. channel "xfer_log" {
  611. file "/var/log/bind/xfer.log";
  612. severity info;
  613. print-time yes;
  614. print-severity yes;
  615. print-category yes;
  616. };
  617. channel "dnssec" {
  618. file "/var/log/bind/dnssec.log";
  619. severity info;
  620. print-time yes;
  621. print-severity yes;
  622. print-category yes;
  623. };
  624. channel "query_log" {
  625. file "/var/log/bind/bind9-query.log";
  626. severity debug 3;
  627. print-time yes;
  628. print-severity yes;
  629. print-category yes;
  630. };
  631. category "default" {
  632. "default";
  633. };
  634. category "dnssec" {
  635. "dnssec";
  636. };
  637. category "security" {
  638. "security_channel";
  639. "default";
  640. };
  641. category "update-security" {
  642. "security_channel";
  643. "default";
  644. };
  645. category "queries" {
  646. "query_log";
  647. };
  648. category "xfer-in" {
  649. "xfer_log";
  650. };
  651. category "xfer-out" {
  652. "xfer_log";
  653. };
  654. category "notify" {
  655. "xfer_log";
  656. };
  657. category "lame-servers" {
  658. "null";
  659. };
  660. };
  661. key "rndc-key" {
  662. algorithm "hmac-md5";
  663. secret "????????????????????????";
  664. };
  665. key "transfer-key" {
  666. algorithm "hmac-md5";
  667. secret "????????????????????????????????????????????";
  668. };
  669. zone "10.in-addr.arpa" {
  670. type master;
  671. file "/etc/bind/db.empty";
  672. };
  673. zone "16.172.in-addr.arpa" {
  674. type master;
  675. file "/etc/bind/db.empty";
  676. };
  677. zone "17.172.in-addr.arpa" {
  678. type master;
  679. file "/etc/bind/db.empty";
  680. };
  681. zone "18.172.in-addr.arpa" {
  682. type master;
  683. file "/etc/bind/db.empty";
  684. };
  685. zone "19.172.in-addr.arpa" {
  686. type master;
  687. file "/etc/bind/db.empty";
  688. };
  689. zone "20.172.in-addr.arpa" {
  690. type master;
  691. file "/etc/bind/db.empty";
  692. };
  693. zone "21.172.in-addr.arpa" {
  694. type master;
  695. file "/etc/bind/db.empty";
  696. };
  697. zone "22.172.in-addr.arpa" {
  698. type master;
  699. file "/etc/bind/db.empty";
  700. };
  701. zone "23.172.in-addr.arpa" {
  702. type master;
  703. file "/etc/bind/db.empty";
  704. };
  705. zone "24.172.in-addr.arpa" {
  706. type master;
  707. file "/etc/bind/db.empty";
  708. };
  709. zone "25.172.in-addr.arpa" {
  710. type master;
  711. file "/etc/bind/db.empty";
  712. };
  713. zone "26.172.in-addr.arpa" {
  714. type master;
  715. file "/etc/bind/db.empty";
  716. };
  717. zone "27.172.in-addr.arpa" {
  718. type master;
  719. file "/etc/bind/db.empty";
  720. };
  721. zone "28.172.in-addr.arpa" {
  722. type master;
  723. file "/etc/bind/db.empty";
  724. };
  725. zone "29.172.in-addr.arpa" {
  726. type master;
  727. file "/etc/bind/db.empty";
  728. };
  729. zone "30.172.in-addr.arpa" {
  730. type master;
  731. file "/etc/bind/db.empty";
  732. };
  733. zone "31.172.in-addr.arpa" {
  734. type master;
  735. file "/etc/bind/db.empty";
  736. };
  737. zone "168.192.in-addr.arpa" {
  738. type master;
  739. file "/etc/bind/db.empty";
  740. };
  741. zone "semarkit.net" {
  742. type master;
  743. file "/etc/bind/master/semarkit.net";
  744. update-policy {
  745. grant "rndc-key" name "ANY" ;
  746. };
  747. allow-transfer {
  748. "locals";
  749. "bgp-vpn";
  750. key "transfer-key";
  751. };
  752. also-notify {
  753. 2001:470:ded5:88::11 ;
  754. };
  755. auto-dnssec maintain;
  756. inline-signing yes;
  757. key-directory "/var/cache/bind";
  758. };
  759. zone "static.semarkit.net" {
  760. type master;
  761. file "/etc/bind/master/static.semarkit.net";
  762. update-policy {
  763. grant "rndc-key" name "ANY" ;
  764. };
  765. allow-transfer {
  766. "locals";
  767. "bgp-vpn";
  768. key "transfer-key";
  769. };
  770. also-notify {
  771. 2001:470:ded5:88::11 ;
  772. };
  773. auto-dnssec maintain;
  774. inline-signing yes;
  775. key-directory "/var/cache/bind";
  776. };
  777. zone "210.168.192.in-addr.arpa" {
  778. type master;
  779. file "/etc/bind/master/db.192.168.254";
  780. update-policy {
  781. grant "rndc-key" tcp-self "ANY" ;
  782. };
  783. allow-transfer {
  784. "locals";
  785. "bgp-vpn";
  786. key "transfer-key";
  787. };
  788. also-notify {
  789. 2001:470:ded5:88::11 ;
  790. };
  791. auto-dnssec maintain;
  792. inline-signing yes;
  793. key-directory "/var/cache/bind";
  794. };
  795. zone "0.1.0.0.e.d.d.d.8.d.6.1.1.0.0.2.ip6.arpa" {
  796. type master;
  797. file "/etc/bind/master/db.2001.470.dd5b.fe.0";
  798. update-policy {
  799. grant "rndc-key" tcp-self "ANY" ;
  800. };
  801. allow-transfer {
  802. "locals";
  803. "bgp-vpn";
  804. key "transfer-key";
  805. };
  806. also-notify {
  807. 2001:470:ded5:88::11 ;
  808. };
  809. auto-dnssec maintain;
  810. inline-signing yes;
  811. key-directory "/var/cache/bind";
  812. };
  813. zone "printers.semarkit.net" {
  814. type master;
  815. file "/etc/bind/master/printers.semarkit.net";
  816. update-policy {
  817. grant "rndc-key" name "ANY" ;
  818. };
  819. allow-transfer {
  820. "locals";
  821. "bgp-vpn";
  822. key "transfer-key";
  823. };
  824. also-notify {
  825. };
  826. auto-dnssec maintain;
  827. inline-signing yes;
  828. key-directory "/var/cache/bind";
  829. };
  830. zone "220.168.192.in-addr.arpa" {
  831. type master;
  832. file "/etc/bind/master/db.192.168.220";
  833. update-policy {
  834. grant "rndc-key" tcp-self "ANY" ;
  835. };
  836. allow-transfer {
  837. "locals";
  838. "bgp-vpn";
  839. key "transfer-key";
  840. };
  841. also-notify {
  842. };
  843. auto-dnssec maintain;
  844. inline-signing yes;
  845. key-directory "/var/cache/bind";
  846. };
  847. zone "0.2.0.0.e.d.d.d.8.d.6.1.1.0.0.2.ip6.arpa" {
  848. type master;
  849. file "/etc/bind/master/db.2001.470.dd5b.fc";
  850. update-policy {
  851. grant "rndc-key" tcp-self "ANY" ;
  852. };
  853. allow-transfer {
  854. "locals";
  855. "bgp-vpn";
  856. key "transfer-key";
  857. };
  858. also-notify {
  859. };
  860. auto-dnssec maintain;
  861. inline-signing yes;
  862. key-directory "/var/cache/bind";
  863. };
  864. zone "management.semarkit.net" {
  865. type master;
  866. file "/etc/bind/master/management.semarkit.net";
  867. update-policy {
  868. grant "rndc-key" name "ANY" ;
  869. };
  870. allow-transfer {
  871. "locals";
  872. "bgp-vpn";
  873. key "transfer-key";
  874. };
  875. also-notify {
  876. 2001:470:ded5:88::11 ;
  877. };
  878. auto-dnssec maintain;
  879. inline-signing yes;
  880. key-directory "/var/cache/bind";
  881. };
  882. zone "200.168.192.in-addr.arpa" {
  883. type master;
  884. file "/etc/bind/master/db.192.168.200";
  885. update-policy {
  886. grant "rndc-key" tcp-self "ANY" ;
  887. };
  888. allow-transfer {
  889. "locals";
  890. "bgp-vpn";
  891. key "transfer-key";
  892. };
  893. also-notify {
  894. 2001:470:ded5:88::11 ;
  895. };
  896. auto-dnssec maintain;
  897. inline-signing yes;
  898. key-directory "/var/cache/bind";
  899. };
  900. zone "0.0.0.0.e.d.d.d.8.d.6.1.1.0.0.2.ip6.arpa" {
  901. type master;
  902. file "/etc/bind/master/db.2001.16d8.ddde.00";
  903. update-policy {
  904. grant "rndc-key" tcp-self "ANY" ;
  905. };
  906. allow-transfer {
  907. "locals";
  908. "bgp-vpn";
  909. key "transfer-key";
  910. };
  911. also-notify {
  912. 2001:470:ded5:88::11 ;
  913. };
  914. auto-dnssec maintain;
  915. inline-signing yes;
  916. key-directory "/var/cache/bind";
  917. };
  918. zone "dyn.semarkit.net" {
  919. type master;
  920. file "/etc/bind/master/dyn.semarkit.net";
  921. update-policy {
  922. grant "rndc-key" name "ANY" ;
  923. };
  924. allow-transfer {
  925. "locals";
  926. "bgp-vpn";
  927. key "transfer-key";
  928. };
  929. also-notify {
  930. 2001:470:ded5:88::11 ;
  931. };
  932. auto-dnssec maintain;
  933. inline-signing yes;
  934. key-directory "/var/cache/bind";
  935. };
  936. zone "211.168.192.in-addr.arpa" {
  937. type master;
  938. file "/etc/bind/master/db.192.168.255";
  939. update-policy {
  940. grant "rndc-key" tcp-self "ANY" ;
  941. };
  942. allow-transfer {
  943. "locals";
  944. "bgp-vpn";
  945. key "transfer-key";
  946. };
  947. also-notify {
  948. 2001:470:ded5:88::11 ;
  949. };
  950. auto-dnssec maintain;
  951. inline-signing yes;
  952. key-directory "/var/cache/bind";
  953. };
  954. zone "1.1.0.0.e.d.d.d.8.d.6.1.1.0.0.2.ip6.arpa" {
  955. type master;
  956. file "/etc/bind/master/db.2001.470.dd5b.fe.1";
  957. update-policy {
  958. grant "rndc-key" tcp-self "ANY" ;
  959. };
  960. allow-transfer {
  961. "locals";
  962. "bgp-vpn";
  963. key "transfer-key";
  964. };
  965. also-notify {
  966. 2001:470:ded5:88::11 ;
  967. };
  968. auto-dnssec maintain;
  969. inline-signing yes;
  970. key-directory "/var/cache/bind";
  971. };
  972. zone "guest.semarkit.net" {
  973. type master;
  974. file "/etc/bind/master/guest.semarkit.net";
  975. update-policy {
  976. grant "rndc-key" name "ANY" ;
  977. };
  978. allow-transfer {
  979. "locals";
  980. "bgp-vpn";
  981. key "transfer-key";
  982. };
  983. also-notify {
  984. };
  985. auto-dnssec maintain;
  986. inline-signing yes;
  987. key-directory "/var/cache/bind";
  988. };
  989. zone "230.168.192.in-addr.arpa" {
  990. type master;
  991. file "/etc/bind/master/db.192.168.230";
  992. update-policy {
  993. grant "rndc-key" tcp-self "ANY" ;
  994. };
  995. allow-transfer {
  996. "locals";
  997. "bgp-vpn";
  998. key "transfer-key";
  999. };
  1000. also-notify {
  1001. };
  1002. auto-dnssec maintain;
  1003. inline-signing yes;
  1004. key-directory "/var/cache/bind";
  1005. };
  1006. zone "0.3.0.0.e.d.d.d.8.d.6.1.1.0.0.2.ip6.arpa" {
  1007. type master;
  1008. file "/etc/bind/master/db.2001.470.dd5b.fd";
  1009. update-policy {
  1010. grant "rndc-key" tcp-self "ANY" ;
  1011. };
  1012. allow-transfer {
  1013. "locals";
  1014. "bgp-vpn";
  1015. key "transfer-key";
  1016. };
  1017. also-notify {
  1018. };
  1019. auto-dnssec maintain;
  1020. inline-signing yes;
  1021. key-directory "/var/cache/bind";
  1022. };
  1023. zone "test.semarkit.net" {
  1024. type master;
  1025. file "/etc/bind/master/test.semarkit.net";
  1026. update-policy {
  1027. grant "rndc-key" name "ANY" ;
  1028. };
  1029. allow-transfer {
  1030. "locals";
  1031. "bgp-vpn";
  1032. key "transfer-key";
  1033. };
  1034. also-notify {
  1035. };
  1036. auto-dnssec maintain;
  1037. inline-signing yes;
  1038. key-directory "/var/cache/bind";
  1039. };
  1040. zone "240.168.192.in-addr.arpa" {
  1041. type master;
  1042. file "/etc/bind/master/db.192.168.240";
  1043. update-policy {
  1044. grant "rndc-key" tcp-self "ANY" ;
  1045. };
  1046. allow-transfer {
  1047. "locals";
  1048. "bgp-vpn";
  1049. key "transfer-key";
  1050. };
  1051. also-notify {
  1052. };
  1053. auto-dnssec maintain;
  1054. inline-signing yes;
  1055. key-directory "/var/cache/bind";
  1056. };
  1057. zone "0.4.0.0.e.d.d.d.8.d.6.1.1.0.0.2.ip6.arpa" {
  1058. type master;
  1059. file "/etc/bind/master/db.2001.16d8.ddde.40";
  1060. update-policy {
  1061. grant "rndc-key" tcp-self "ANY" ;
  1062. };
  1063. allow-transfer {
  1064. "locals";
  1065. "bgp-vpn";
  1066. key "transfer-key";
  1067. };
  1068. also-notify {
  1069. };
  1070. auto-dnssec maintain;
  1071. inline-signing yes;
  1072. key-directory "/var/cache/bind";
  1073. };
  1074. zone "semarkit.dk" {
  1075. type master;
  1076. file "/etc/bind/master/semarkit.org";
  1077. allow-transfer {
  1078. "locals";
  1079. "bgp-vpn";
  1080. key "transfer-key";
  1081. };
  1082. };
  1083. zone "semarkit.eu" {
  1084. type master;
  1085. file "/etc/bind/master/semarkit.org";
  1086. allow-transfer {
  1087. "locals";
  1088. "bgp-vpn";
  1089. key "transfer-key";
  1090. };
  1091. };
  1092. zone "semarkit.org" {
  1093. type master;
  1094. file "/etc/bind/master/semarkit.org";
  1095. allow-transfer {
  1096. "locals";
  1097. "bgp-vpn";
  1098. key "transfer-key";
  1099. };
  1100. };
  1101. zone "semark.dk" {
  1102. type slave;
  1103. file "/etc/bind/slave/semark.dk";
  1104. masters {
  1105. 2001:470:ded5:88::11 ;
  1106. };
  1107. };
  1108. zone "static.semark.dk" {
  1109. type slave;
  1110. file "/etc/bind/slave/static.semark.dk";
  1111. masters {
  1112. 2001:470:ded5:88::11 ;
  1113. };
  1114. };
  1115. zone "dyn.semark.dk" {
  1116. type slave;
  1117. file "/etc/bind/slave/dyn.semark.dk";
  1118. masters {
  1119. 2001:470:ded5:88::11 ;
  1120. };
  1121. };
  1122. zone "1.168.192.in-addr.arpa" {
  1123. type slave;
  1124. file "/etc/bind/slave/192.168.1";
  1125. masters {
  1126. 2001:470:ded5:88::11 ;
  1127. };
  1128. };
  1129. zone "0.168.192.in-addr.arpa" {
  1130. type slave;
  1131. file "/etc/bind/slave/192.168.0";
  1132. masters {
  1133. 2001:470:ded5:88::11 ;
  1134. };
  1135. };
  1136. zone "0.0.0.0.8.8.0.0.5.d.e.d.0.7.4.0.1.0.0.2.ip6.arpa" {
  1137. type slave;
  1138. file "/etc/bind/slave/2001:470:ded5:88";
  1139. masters {
  1140. 2001:470:ded5:88::11 ;
  1141. };
  1142. };
  1143. zone "1.0.0.0.8.8.0.0.5.d.e.d.0.7.4.0.1.0.0.2.ip6.arpa" {
  1144. type slave;
  1145. file "/etc/bind/slave/2001.470.ded5.88.0";
  1146. masters {
  1147. 2001:470:ded5:88::11 ;
  1148. };
  1149. };
  1150. zone "." {
  1151. type hint;
  1152. file "/etc/bind/db.root";
  1153. };
  1154. zone "localhost" {
  1155. type master;
  1156. file "/etc/bind/db.local";
  1157. };
  1158. zone "127.in-addr.arpa" {
  1159. type master;
  1160. file "/etc/bind/db.127";
  1161. };
  1162. zone "0.in-addr.arpa" {
  1163. type master;
  1164. file "/etc/bind/db.0";
  1165. };
  1166. zone "255.in-addr.arpa" {
  1167. type master;
  1168. file "/etc/bind/db.255";
  1169. };
  1170. managed-keys {
  1171. "dlv.isc.org." initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
  1172. brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
  1173. 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
  1174. ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
  1175. Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
  1176. QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
  1177. TDN0YUuWrBNh";
  1178. "." initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
  1179. FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
  1180. bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
  1181. X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
  1182. W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
  1183. Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
  1184. QxA+Uk1ihz0=";
  1185. };
  1186.  
  1187.  
  1188. # lsof -nPi | grep -iF named
  1189. named 5766 bind 21u IPv6 44904334 0t0 TCP *:53 (LISTEN)
  1190. named 5766 bind 22u IPv4 44904338 0t0 TCP 127.0.0.1:53 (LISTEN)
  1191. named 5766 bind 23u IPv4 44904340 0t0 TCP 192.168.210.5:53 (LISTEN)
  1192. named 5766 bind 24u IPv4 44904342 0t0 TCP 192.168.220.5:53 (LISTEN)
  1193. named 5766 bind 25u IPv4 44904344 0t0 TCP 192.168.230.5:53 (LISTEN)
  1194. named 5766 bind 26u IPv4 44904346 0t0 TCP 192.168.240.5:53 (LISTEN)
  1195. named 5766 bind 27u IPv4 44904349 0t0 TCP 127.0.0.1:953 (LISTEN)
  1196. named 5766 bind 28u IPv6 44904350 0t0 TCP [::1]:953 (LISTEN)
  1197. named 5766 bind 512u IPv6 44904333 0t0 UDP *:53
  1198. named 5766 bind 513u IPv6 44904333 0t0 UDP *:53
  1199. named 5766 bind 514u IPv4 44904337 0t0 UDP 127.0.0.1:53
  1200. named 5766 bind 515u IPv4 44904337 0t0 UDP 127.0.0.1:53
  1201. named 5766 bind 516u IPv4 44904339 0t0 UDP 192.168.210.5:53
  1202. named 5766 bind 517u IPv4 44904339 0t0 UDP 192.168.210.5:53
  1203. named 5766 bind 518u IPv4 44904341 0t0 UDP 192.168.220.5:53
  1204. named 5766 bind 519u IPv4 44904341 0t0 UDP 192.168.220.5:53
  1205. named 5766 bind 520u IPv4 44904343 0t0 UDP 192.168.230.5:53
  1206. named 5766 bind 521u IPv4 44904343 0t0 UDP 192.168.230.5:53
  1207. named 5766 bind 522u IPv4 44904345 0t0 UDP 192.168.240.5:53
  1208. named 5766 bind 523u IPv4 44904345 0t0 UDP 192.168.240.5:53
  1209. named 5766 bind 524u IPv6 44904352 0t0 UDP [2001:16d8:ddde:10::5]:49082->[2001:4860:4860::8844]:53
  1210. named 5766 bind 525u IPv6 44904353 0t0 UDP [2001:16d8:ddde:10::5]:48415->[2001:4860:4860::8844]:53
  1211. named 5766 bind 526u IPv6 44904354 0t0 UDP [2001:16d8:ddde:10::5]:47717->[2001:4860:4860::8844]:53
  1212.  
  1213.  
  1214. # iptables -vnL --lin
  1215. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  1216. num pkts bytes target prot opt in out source destination
  1217. 1 12M 992M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
  1218.  
  1219. Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
  1220. num pkts bytes target prot opt in out source destination
  1221. 1 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
  1222.  
  1223. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  1224. num pkts bytes target prot opt in out source destination
  1225. 1 5977K 53G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
RAW Paste Data Copied