You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.2 KiB
57 lines
1.2 KiB
3 years ago
|
|
||
|
|
acl my_net {
|
||
|
|
192.168.2.0/24;
|
||
|
|
127.0.0.0/24;
|
||
|
|
10.5.0.0/16;
|
||
|
|
};
|
||
|
|
|
||
|
|
acl my_other_net {
|
||
|
|
172.0.0.0/8;
|
||
|
|
};
|
||
|
|
|
||
|
|
options {
|
||
|
|
directory "/var/cache/bind";
|
||
|
|
listen-on { any; };
|
||
|
|
listen-on-v6 { none; };
|
||
|
|
|
||
|
|
auth-nxdomain no; # conform to RFC1035
|
||
|
|
|
||
|
|
allow-recursion {
|
||
|
|
my_net;
|
||
|
|
};
|
||
|
|
blackhole {
|
||
|
|
my_other_net;
|
||
|
|
};
|
||
|
|
allow-transfer {
|
||
|
|
none;
|
||
|
|
};
|
||
|
|
allow-update {
|
||
|
|
none;
|
||
|
|
};
|
||
|
|
dnssec-validation no;
|
||
|
|
recursion yes;
|
||
|
|
allow-query-cache { any; };
|
||
|
|
version "not available"; // Disable for security
|
||
|
|
|
||
|
|
# disable the integrated handling of RFC1918 and non-assigned IPv6 space reverse dns
|
||
|
|
empty-zones-enable no;
|
||
|
|
|
||
|
|
};
|
||
|
|
|
||
|
|
// the loopback reverse zone
|
||
|
|
// why is this needed?
|
||
|
|
// - when a reverse DNS lookup for 127.0.0.1 address is received,
|
||
|
|
// the recursive server doesn’t have to look somewhere else for
|
||
|
|
// the answer. It has to be defined locally
|
||
|
|
// since it is just a localhost address
|
||
|
|
zone "127.in-addr.arpa" {
|
||
|
|
type master;
|
||
|
|
file "/etc/bind/db.127";
|
||
|
|
};
|
||
|
|
|
||
|
|
zone "." {
|
||
|
|
type forward;
|
||
|
|
forward only;
|
||
|
|
forwarders { 10.5.0.4; };
|
||
|
|
};
|