Bind-1 Named Configuration

controls {
        inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; };
};

acl "internal" { 10.10.10.0/24; 172.16.0.0/24; 127.0.0.1; };

logging {
    channel default_syslog {
        syslog local2;
        severity debug;
    };

    channel audit_log {
        file "/logs/named1.log";
        severity debug;
        print-time yes;
    };

    category default { default_syslog; };
    category general { default_syslog; };
    category security { audit_log; default_syslog; };
    category config { default_syslog; };
    category resolver { audit_log; };
    category xfer-in { audit_log; };
    category xfer-out { audit_log; };
    category notify { audit_log; };
    category client { audit_log; };
    category network { audit_log; };
    category update { audit_log; };
    category queries { audit_log; };
    category lame-servers { audit_log; };
};

options {
    listen-on port 53 { 127.0.0.1; 10.10.10.2; };
    directory "/conf";
    pid-file "/var/run/named1.pid";
    statistics-file "/var/run/named1.stats";
    memstatistics-file "/var/run/named1.memstats";
    dump-file "/var/run/named1.dump";
    zone-statistics yes;
    version "[bind-version]";

    notify no;
    auth-nxdomain yes;
    transfer-format many-answers;
    max-transfer-time-in 60;
    interface-interval 0;

    allow-transfer { none; };

    allow-query { internal; };

    allow-query-cache { internal; };
};

view "internal-in" in {

    match-clients { internal; };
    recursion yes;
    additional-from-auth yes;
    additional-from-cache yes;

    zone "." in {
        type hint;
        file "db.rootcache";
    };

    zone "0.0.127.in-addr.arpa" in {
        type master;
        file "db.127.0.0";

        allow-query {
            any;
        };

        allow-transfer {
            none;
        };
    };

    zone "localhost" {
       type master;
       file "db.localhost";

        allow-query {
            any;
        };

        allow-transfer {
            none;
       };
    };

    zone "domainmu.com" in {
        type master;
        file "domainmu.zone";
	allow-transfer { 172.16.0.2; 10.10.10.2; };
    };

    zone "10.10.10.in-addr.arpa" in {
        type master;
        file "db.10.10.10";
	allow-transfer { 172.16.0.2; 10.10.10.2; };
    };

   zone "0.16.172.in-addr.arpa" in {
        type master;
        file "db.172.16.0";
	allow-transfer { 172.16.0.2; 10.10.10.2; };
    };

};

view "external-in" in {

    match-clients { any; !internal; };
    recursion no;
    additional-from-auth no;
    additional-from-cache no;

    // Link in our zones
    zone "." in {
        type hint;
        file "db.rootcache";
    };

    zone "domainmu.com" in {
        type master;
        file "domainmu.zone";

        allow-query {
            any;
        };
    };

    zone "10.10.10.in-addr.arpa" in {
        type master;
        file "db.10.10.10";

        allow-query {
            any;
        };
    };

    zone "0.16.172.in-addr.arpa" in {
        type master;
        file "db.172.16.0";

        allow-query {
            any;
        };
    };

};

view "external-chaos" chaos {
    match-clients { any; !internal;};
    recursion no;

        zone "." {
            type hint;
            file "/dev/null";
        };

        zone "bind" {
            type master;
            file "db.bind";

            allow-query {
                internal;
            };
            allow-transfer {
                none;
            };
        };
};

include "/etc/rndc-key";

 

Leave a Reply

*