/*
* Refer to the named.conf(5) and named(8) man pages, and the documentation
* in /usr/share/doc/bind-* for more details.
* Online versions of the documentation can be found here:
* https://kb.isc.org/article/AA-01031
*
* If you are going to set up an authoritative server, make sure you
* understand the hairy details of how DNS works. Even with simple mistakes,
* you can break connectivity for affected parties, or cause huge amounts of
* useless Internet traffic.
*/
/*
* You might put in here some ips which are allowed to use the cache or
* recursive queries
*/
acl "trusted" {
    127.0.0.0/8;
    10.0.0.0/8;
    192.168.1.0/24;
    ::1/128;
};

acl "dns_servers" {
    127.0.0.1;
    10.0.1.3;
    10.1.0.3;
    10.2.0.3;
    10.3.0.3;
};

options {
    directory "/var/bind";
    pid-file "/run/named/named.pid";
    disable-empty-zone "10.in-addr.arpa";

    /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
    //bindkeys-file "/etc/bind/bind.keys";
    listen-on-v6 {
        ::1;
    };

    listen-on {
        10.0.0.0/8;
        127.0.0.1;
    };

    allow-query {
        /*
        * Accept queries from our "trusted" ACL.  We will
        * allow anyone to query our master zones below.
        * This prevents us from becoming a free DNS server
        * to the masses.
        */
        trusted;
    };
    recursion yes;

    response-policy {
        zone "bad.zone";
        mood "almost.blue";
    };
};

controls {
    // local host -- default key.
    inet 127.0.0.1 port 953 allow { 127.0.0.1; "rndc-users"; } keys { "rndc-remote"; "rndc-key"; };

    inet 127.0.0.1 allow { localhost; };
};
include "/etc/bind/rndc.key";

zone "." in {
    type hint;
    file "/var/bind/named.cache";
};

zone "localhost" IN {
    type master;
    file "pri/localhost.zone";
    notify no;
};

zone "rpz.zone" {
    type master;
    file "/var/bind/pri/rpz.zone";

    allow-query {
        untrusted;
    };

    allow-update {
        none;
    };
};

# DMZ
zone "dmz.calculate.ru" IN {
    type slave;
    file "/var/bind/sec/spb.calculate.ru.zone";

    masters {
        10.1.0.3;
    };
};

zone "1.10.in-addr.arpa" IN {
    type slave;
    file "/var/bind/sec/dmz.calculate.ru.rev.zone";

    masters {
        10.1.0.3;
    };
};

zone "msk.calculate.ru" IN {
    type slave;
    file "/var/bind/sec/msk.calculate.ru.zone";

    masters {
        10.1.0.3;
    };
};

zone "17.2.10.in-addr.arpa" IN {
    type slave;
    file "/var/bind/sec/phone.spb.calculate.ru.rev.zone";

    masters {
        10.1.0.3;
    };
};