You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.3 KiB
57 lines
1.3 KiB
acl my_net {
|
|
192.168.2.0/24;
|
|
127.0.0.0/24;
|
|
10.5.0.0/16;
|
|
};
|
|
|
|
acl my_other_net {
|
|
172.0.0.0/8;
|
|
};
|
|
|
|
options {
|
|
directory "/var/cache/bind";
|
|
listen-on { any; };
|
|
#listen-on-v6 { ::1; };
|
|
|
|
auth-nxdomain no; # conform to RFC1035
|
|
|
|
allow-recursion {
|
|
my_net;
|
|
};
|
|
blackhole {
|
|
my_other_net;
|
|
};
|
|
allow-transfer {
|
|
none;
|
|
};
|
|
allow-update {
|
|
none;
|
|
};
|
|
dnssec-validation no;
|
|
recursion yes;
|
|
allow-query-cache { any; };
|
|
|
|
# disable the integrated handling of RFC1918 and non-assigned IPv6 space reverse dns
|
|
empty-zones-enable no;
|
|
|
|
};
|
|
|
|
// the loopback reverse zone
|
|
// why is this needed?
|
|
// - when a reverse DNS lookup for 127.0.0.1 address is received,
|
|
// the recursive server doesn’t have to look somewhere else for
|
|
// the answer. It has to be defined locally
|
|
// since it is just a localhost address
|
|
zone "127.in-addr.arpa" {
|
|
type master;
|
|
file "/etc/bind/db.127";
|
|
};
|
|
|
|
|
|
// recursive/caching name server configuration
|
|
// this will tell named that the IP address of all the root servers are inside
|
|
// the root hints file named named.root
|
|
zone "." {
|
|
type hint;
|
|
file "/etc/bind/named.root";
|
|
};
|
|
|