config bind chroot

include "/etc/rndc.key";
// assume our server has the IP 192.168.10.5 serving the 192.168.10.0/24 subnet
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };
inet 192.168.20.2 allow { 192.168.20.0/24; } keys { "rndc-key"; };
};

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
pid-file "/var/run/named/named.pid";
memstatistics-file "/var/named/data/named_mem_stats.txt";

recursion yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

allow-recursion {
localhost;
127.0.0.1;
192.168.20.0/24;
};

// these are the opendns servers (optional)
forwarders {
8.8.8.8;
8.8.4.4;
};

listen-on {
localhost;
127.0.0.1;
192.168.20.2;
};

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;

// so people can't try to guess what version you're running
version "REFUSED";

allow-query {
localhost;
127.0.0.1;
192.168.20.0/24;
};
};

server 192.168.20.2 {
keys { rndc-key; };
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";

//forward zone
zone "pepznet.co.id" IN {
type master;
file "pepznet.co.id.zone";
//allow-update { none; };
// we assume we have a slave dns server with the IP 192.168.10.6
allow-transfer { 192.168.20.2; };
notify yes;
also-notify { 192.168.20.2; };
};

//reserve zone
zone "20.168.192.in-addr.arpa" IN {
type master;
file "192.168.20.zone";
//allow-update { none; };
// we assume we have a slave dns server with the IP 192.168.10.6
allow-transfer { 192.168.20.2; };
notify yes;
also-notify { 192.168.20.2; };
};