1 |
include "/etc/rndc.key"; |
2 |
|
3 |
controls { |
4 |
inet 127.0.0.1 port 953 |
5 |
allow { 127.0.0.1; } keys { mykey; }; |
6 |
}; |
7 |
|
8 |
|
9 |
|
10 |
logging { |
11 |
channel "default" { |
12 |
syslog local1; |
13 |
severity info; |
14 |
}; |
15 |
category "default" { "default"; }; |
16 |
}; |
17 |
|
18 |
acl "trusted_networks" { |
19 |
127.0.0.1; |
20 |
212.85.158.144/28; |
21 |
}; |
22 |
// Enable statistics at http://127.0.0.1:5380/ |
23 |
statistics-channels { |
24 |
inet 127.0.0.1 port 5380 allow { 127.0.0.1; }; |
25 |
}; |
26 |
|
27 |
options { |
28 |
version ""; |
29 |
directory "/var/named"; |
30 |
dump-file "/var/tmp/named_dump.db"; |
31 |
pid-file "/var/run/named.pid"; |
32 |
statistics-file "/var/tmp/named.stats"; |
33 |
zone-statistics yes; |
34 |
// datasize 256M; |
35 |
coresize 100M; |
36 |
// fetch-glue no; |
37 |
// recursion no; |
38 |
// recursive-clients 10000; |
39 |
auth-nxdomain yes; |
40 |
query-source address * port *; |
41 |
listen-on port 53 { any; }; |
42 |
cleaning-interval 120; |
43 |
transfers-in 20; |
44 |
transfers-per-ns 2; |
45 |
lame-ttl 0; |
46 |
max-ncache-ttl 10800; |
47 |
|
48 |
// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; }; |
49 |
|
50 |
// allow-update { none; }; |
51 |
// allow-transfer { any; }; |
52 |
|
53 |
// Prevent DoS attacks by generating bogus zone transfer |
54 |
// requests. This will result in slower updates to the |
55 |
// slave servers (e.g. they will await the poll interval |
56 |
// before checking for updates). |
57 |
notify no; |
58 |
// notify explicit; |
59 |
// also-notify { secondary_name_server }; |
60 |
|
61 |
// Generate more efficient zone transfers. This will place |
62 |
// multiple DNS records in a DNS message, instead of one per |
63 |
// DNS message. |
64 |
transfer-format many-answers; |
65 |
|
66 |
// Set the maximum zone transfer time to something more |
67 |
// reasonable. In this case, we state that any zone transfer |
68 |
// that takes longer than 60 minutes is unlikely to ever |
69 |
// complete. WARNING: If you have very large zone files, |
70 |
// adjust this to fit your requirements. |
71 |
max-transfer-time-in 60; |
72 |
|
73 |
// We have no dynamic interfaces, so BIND shouldn't need to |
74 |
// poll for interface state {UP|DOWN}. |
75 |
interface-interval 0; |
76 |
|
77 |
// Uncoment these to enable IPv6 connections support |
78 |
// IPv4 will still work |
79 |
// listen-on { none; }; |
80 |
// listen-on-v6 { any; }; |
81 |
|
82 |
// allow-query { trusted_networks; }; |
83 |
|
84 |
allow-transfer {"none";}; |
85 |
|
86 |
allow-recursion { trusted_networks; }; |
87 |
|
88 |
// Deny anything from the bogon networks as |
89 |
// detailed in the "bogon" ACL. |
90 |
// blackhole { bogon; }; |
91 |
}; |
92 |
|
93 |
zone "." IN { |
94 |
type hint; |
95 |
file "named.ca"; |
96 |
}; |
97 |
|
98 |
zone "localdomain" IN { |
99 |
type master; |
100 |
file "master/localdomain.zone"; |
101 |
allow-update { none; }; |
102 |
}; |
103 |
|
104 |
zone "localhost" IN { |
105 |
type master; |
106 |
file "master/localhost.zone"; |
107 |
allow-update { none; }; |
108 |
}; |
109 |
|
110 |
zone "0.0.127.in-addr.arpa" IN { |
111 |
type master; |
112 |
file "reverse/named.local"; |
113 |
allow-update { none; }; |
114 |
}; |
115 |
|
116 |
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { |
117 |
type master; |
118 |
file "reverse/named.ip6.local"; |
119 |
allow-update { none; }; |
120 |
}; |
121 |
|
122 |
zone "255.in-addr.arpa" IN { |
123 |
type master; |
124 |
file "reverse/named.broadcast"; |
125 |
allow-update { none; }; |
126 |
}; |
127 |
|
128 |
zone "0.in-addr.arpa" IN { |
129 |
type master; |
130 |
file "reverse/named.zero"; |
131 |
allow-update { none; }; |
132 |
}; |
133 |
|