controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; };
};
acl "trusted" { 10.10.10.0/24; 172.16.0.0/24; 127.0.0.1; };
logging {
channel default_syslog {
syslog local2;
severity debug;
};
channel audit_log {
file "/logs/named2.log";
severity debug;
print-time yes;
};
category default { default_syslog; };
category general { default_syslog; };
category security { audit_log; default_syslog; };
category config { default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
// Set options for security
options {
listen-on port 53 { 127.0.0.1; 172.16.0.2; };
directory "/conf";
pid-file "/var/run/named2.pid";
statistics-file "/var/run/named2.stats";
memstatistics-file "/var/run/named2.memstats";
dump-file "/var/run/named2.dump";
zone-statistics yes;
version "[nameservers]";
allow-notify { 10.10.10.2; };
allow-update { 10.10.10.2; };
auth-nxdomain yes;
transfer-format many-answers;
max-transfer-time-in 60;
interface-interval 0;
allow-transfer { none; };
allow-query { internal; };
allow-query-cache { internal; };
};
view "internal-in" in {
match-clients { internal; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
zone "." in {
type hint;
file "secondaries/db.rootcache";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "secondaries/db.127.0.0";
allow-query {
any;
};
allow-transfer {
none;
};
};
zone "localhost" {
type master;
file "secondaries/db.localhost";
allow-query {
any;
};
allow-transfer {
none;
};
};
zone "domainmu.com" in {
type slave;
file "secondaries/domainmu.zone";
masters {10.10.10.2;};
};
zone "10.10.10.in-addr.arpa" in {
type slave;
file "secondaries/db.10.10.10";
masters {10.10.10.2;};
};
zone "0.16.172.in-addr.arpa" in {
type slave;
file "secondaries/db.172.16.0";
masters {10.10.10.2;};
};
};
view "external-in" in {
match-clients { any; !internal;};
recursion no;
additional-from-auth no;
additional-from-cache no;
zone "." in {
type hint;
file "secondaries/db.rootcache";
};
zone "domainmu.com" in {
type slave;
file "secondaries/domainmu.zone";
masters {10.10.10.2;};
allow-query {
any;
};
};
zone "10.10.10.in-addr.arpa" in {
type slave;
file "secondaries/db.10.10.10";
masters {10.10.10.2;};
allow-query {
any;
};
};
zone "0.16.172.in-addr.arpa" in {
type slave;
file "secondaries/db.172.16.0";
masters {10.10.10.2;};
allow-query {
any;
};
};
};
view "external-chaos" chaos {
match-clients { any; !internal; };
recursion no;
zone "." {
type hint;
file "/dev/null";
};
zone "bind" {
type master;
file "secondaries/db.bind";
allow-query {
internal;
};
allow-transfer {
none;
};
};
};
include "/etc/rndc-key";
Leave a Reply