1 |
include "/etc/rndc.key"; |
2 |
|
3 |
controls { |
4 |
inet 127.0.0.1 port 953 |
5 |
allow { 127.0.0.1; } keys { mykey; }; |
6 |
}; |
7 |
|
8 |
|
9 |
|
10 |
logging { |
11 |
channel "default" { |
12 |
syslog local1; |
13 |
severity info; |
14 |
}; |
15 |
category "default" { "default"; }; |
16 |
}; |
17 |
|
18 |
acl "trusted_networks" { |
19 |
127.0.0.1; |
20 |
212.85.158.144/28; |
21 |
# used for various virtual machines |
22 |
192.168.0.0/16; |
23 |
10.0.0.0/8; |
24 |
172.16.0.0/12; |
25 |
}; |
26 |
// Enable statistics at http://127.0.0.1:5380/ |
27 |
statistics-channels { |
28 |
inet 127.0.0.1 port 5380 allow { 127.0.0.1; }; |
29 |
}; |
30 |
|
31 |
options { |
32 |
version ""; |
33 |
directory "/var/named"; |
34 |
dump-file "/var/tmp/named_dump.db"; |
35 |
pid-file "/var/run/named.pid"; |
36 |
statistics-file "/var/tmp/named.stats"; |
37 |
zone-statistics yes; |
38 |
// datasize 256M; |
39 |
coresize 100M; |
40 |
// fetch-glue no; |
41 |
// recursion no; |
42 |
// recursive-clients 10000; |
43 |
auth-nxdomain yes; |
44 |
query-source address * port *; |
45 |
listen-on port 53 { any; }; |
46 |
cleaning-interval 120; |
47 |
transfers-in 20; |
48 |
transfers-per-ns 2; |
49 |
lame-ttl 0; |
50 |
max-ncache-ttl 10800; |
51 |
|
52 |
// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; }; |
53 |
|
54 |
// allow-update { none; }; |
55 |
// allow-transfer { any; }; |
56 |
|
57 |
// Prevent DoS attacks by generating bogus zone transfer |
58 |
// requests. This will result in slower updates to the |
59 |
// slave servers (e.g. they will await the poll interval |
60 |
// before checking for updates). |
61 |
notify no; |
62 |
// notify explicit; |
63 |
// also-notify { secondary_name_server }; |
64 |
|
65 |
// Generate more efficient zone transfers. This will place |
66 |
// multiple DNS records in a DNS message, instead of one per |
67 |
// DNS message. |
68 |
transfer-format many-answers; |
69 |
|
70 |
// Set the maximum zone transfer time to something more |
71 |
// reasonable. In this case, we state that any zone transfer |
72 |
// that takes longer than 60 minutes is unlikely to ever |
73 |
// complete. WARNING: If you have very large zone files, |
74 |
// adjust this to fit your requirements. |
75 |
max-transfer-time-in 60; |
76 |
|
77 |
// We have no dynamic interfaces, so BIND shouldn't need to |
78 |
// poll for interface state {UP|DOWN}. |
79 |
interface-interval 0; |
80 |
|
81 |
// Uncoment these to enable IPv6 connections support |
82 |
// IPv4 will still work |
83 |
// listen-on { none; }; |
84 |
// listen-on-v6 { any; }; |
85 |
|
86 |
// allow-query { trusted_networks; }; |
87 |
|
88 |
allow-transfer {"none";}; |
89 |
|
90 |
allow-recursion { trusted_networks; }; |
91 |
|
92 |
// Deny anything from the bogon networks as |
93 |
// detailed in the "bogon" ACL. |
94 |
// blackhole { bogon; }; |
95 |
}; |
96 |
|
97 |
zone "." IN { |
98 |
type hint; |
99 |
file "named.ca"; |
100 |
}; |
101 |
|
102 |
zone "localdomain" IN { |
103 |
type master; |
104 |
file "master/localdomain.zone"; |
105 |
allow-update { none; }; |
106 |
}; |
107 |
|
108 |
zone "localhost" IN { |
109 |
type master; |
110 |
file "master/localhost.zone"; |
111 |
allow-update { none; }; |
112 |
}; |
113 |
|
114 |
zone "0.0.127.in-addr.arpa" IN { |
115 |
type master; |
116 |
file "reverse/named.local"; |
117 |
allow-update { none; }; |
118 |
}; |
119 |
|
120 |
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { |
121 |
type master; |
122 |
file "reverse/named.ip6.local"; |
123 |
allow-update { none; }; |
124 |
}; |
125 |
|
126 |
zone "255.in-addr.arpa" IN { |
127 |
type master; |
128 |
file "reverse/named.broadcast"; |
129 |
allow-update { none; }; |
130 |
}; |
131 |
|
132 |
zone "0.in-addr.arpa" IN { |
133 |
type master; |
134 |
file "reverse/named.zero"; |
135 |
allow-update { none; }; |
136 |
}; |
137 |
|