Bind-2 Named Configuration

controls {
        inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; };
};

acl "trusted" { 10.10.10.0/24; 172.16.0.0/24; 127.0.0.1; };


logging {

    channel default_syslog {
        syslog local2;
        severity debug;
    };

    channel audit_log {
        file "/logs/named2.log";
        severity debug;
        print-time yes;
    };

    category default { default_syslog; };
    category general { default_syslog; };
    category security { audit_log; default_syslog; };
    category config { default_syslog; };
    category resolver { audit_log; };
    category xfer-in { audit_log; };
    category xfer-out { audit_log; };
    category notify { audit_log; };
    category client { audit_log; };
    category network { audit_log; };
    category update { audit_log; };
    category queries { audit_log; };
    category lame-servers { audit_log; };

};

// Set options for security
options {
    listen-on port 53 { 127.0.0.1; 172.16.0.2; };
    directory "/conf";
    pid-file "/var/run/named2.pid";
    statistics-file "/var/run/named2.stats";
    memstatistics-file "/var/run/named2.memstats";
    dump-file "/var/run/named2.dump";
    zone-statistics yes;
    version "[nameservers]";

    allow-notify { 10.10.10.2; };
    allow-update { 10.10.10.2; };
    auth-nxdomain yes;
    transfer-format many-answers;
    max-transfer-time-in 60;
    interface-interval 0;

    allow-transfer { none; };

    allow-query { internal; };

    allow-query-cache { internal; };
};


view "internal-in" in {

    match-clients { internal; };
    recursion yes;
    additional-from-auth yes;
    additional-from-cache yes;

    zone "." in {
        type hint;
        file "secondaries/db.rootcache";
    };

    zone "0.0.127.in-addr.arpa" in {
        type master;
        file "secondaries/db.127.0.0";

        allow-query {
            any;
        };

        allow-transfer {
            none;
        };
    };

    zone "localhost" {
       type master;
       file "secondaries/db.localhost";

        allow-query {
            any;
        };

        allow-transfer {
            none;
       };
    };

    zone "domainmu.com" in {
        type slave;
        file "secondaries/domainmu.zone";
        masters {10.10.10.2;};
    };

    zone "10.10.10.in-addr.arpa" in {
        type slave;
        file "secondaries/db.10.10.10";
        masters {10.10.10.2;};
    };

    zone "0.16.172.in-addr.arpa" in {
        type slave;
        file "secondaries/db.172.16.0";
        masters {10.10.10.2;};
    };

};

view "external-in" in {

    match-clients { any; !internal;};
    recursion no;
    additional-from-auth no;
    additional-from-cache no;

    zone "." in {
        type hint;
        file "secondaries/db.rootcache";
    };

    zone "domainmu.com" in {
        type slave;
        file "secondaries/domainmu.zone";
        masters {10.10.10.2;};

        allow-query {
            any;
        };
    };

    zone "10.10.10.in-addr.arpa" in {
        type slave;
        file "secondaries/db.10.10.10";
        masters {10.10.10.2;};

        allow-query {
            any;
        };
    };

    zone "0.16.172.in-addr.arpa" in {
        type slave;
        file "secondaries/db.172.16.0";
        masters {10.10.10.2;};

        allow-query {
            any;
        };
    };
};


view "external-chaos" chaos {
    match-clients { any; !internal; };
    recursion no;

        zone "." {
            type hint;
            file "/dev/null";
        };

        zone "bind" {
            type master;
            file "secondaries/db.bind";

            allow-query {
                internal;
            };
            allow-transfer {
                none;
            };
        };
};

include "/etc/rndc-key";

 

Leave a Reply

*