Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // acl dari semua network kita
- acl "my_network" {
- 127.0.0.0/8;
- 10.0.0.0/8;
- 172.16.0.0/12;
- 192.168.0.0/16;
- };
- // acl network yang kita blacklist agar tidak query ke dns cache dan filter
- acl "my_network_non_dns" {
- 192.168.128.0/21;
- 10.255.254.0/23;
- };
- //acl dari network server
- acl "servers" {
- 10.1.1.0/28;
- 10.10.10.0/24;
- 127.0.0.1/32;
- };
- // End of acl zone
- options {
- directory "/etc/bind/data";
- dump-file "/var/log/named/named_dump.db";
- statistics-file "/var/log/named/named.stats";
- rate-limit {
- responses-per-second 10;
- ipv4-prefix-length 32;
- exempt-clients { servers; };
- };
- max-cache-size 768M;
- dnssec-enable yes;
- dnssec-validation no;
- dnssec-lookaside auto;
- recursive-clients 1000;
- tcp-clients 1000;
- bindkeys-file "/etc/bind/bind.keys";
- auth-nxdomain no; # conform to RFC1035
- listen-on-v6 { any; };
- };
- logging {
- channel default_debug {
- file "/var/log/named/bind.log" versions 3 size 5m;
- severity dynamic;
- print-time yes;
- };
- };
- view "cache" {
- query-source address 192.168.74.69 port 53;
- match-clients { my_network; };
- match-destinations { 192.168.74.69; };
- allow-query { my_network;};
- recursion yes;
- notify no;
- // # dikomen maksudnya ngambil langsung dari root
- // forward first;
- // forwarders {
- // 103.10.121.34;
- // 103.10.121.35;
- // };
- include "/etc/bind/zones.rfc1918";
- };
- view "filter" {
- attach-cache "cache";
- query-source address 192.168.74.70 port 53;
- match-clients { my_network; };
- match-destinations { 192.168.74.70; };
- allow-query { my_network;};
- recursion yes;
- notify no;
- dlz "Mysql zone" {
- database "mysql
- {host=127.0.0.1 dbname=bind9 user=bind9 pass=qweqwe}
- {select zone from dns_records where zone = '$zone$'}
- {select ttl, type, mx_priority, case when lower(type)='TXT' then concat('\"', data, '\"') when lower(type) = 'SOA' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and host = '$record$'}";
- };
- };
- view "auth" {
- query-source address 192.168.74.71 port 53;
- match-clients { any; };
- match-destinations { 192.168.74.71; };
- recursion no;
- zone "jaringanku.net" {
- type master;
- file "/etc/bind/data/jaringanku.net";
- allow-transfer { 192.168.74.75; };
- };
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement