You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
109 lines
2.2 KiB
109 lines
2.2 KiB
/*
|
|
* Refer to the named.conf(5) and named(8) man pages, and the documentation
|
|
* in /usr/share/doc/bind-* for more details.
|
|
* Online versions of the documentation can be found here:
|
|
* https://kb.isc.org/article/AA-01031
|
|
*
|
|
* If you are going to set up an authoritative server, make sure you
|
|
* understand the hairy details of how DNS works. Even with simple mistakes,
|
|
* you can break connectivity for affected parties, or cause huge amounts of
|
|
* useless Internet traffic.
|
|
*/
|
|
|
|
/*
|
|
* You might put in here some ips which are allowed to use the cache or
|
|
* recursive queries
|
|
*/
|
|
acl "trusted" {
|
|
127.0.0.0/8;
|
|
10.0.0.0/8;
|
|
192.168.1.0/24;
|
|
::1/128;
|
|
};
|
|
|
|
acl "dns_servers" {
|
|
127.0.0.1;
|
|
10.0.1.3;
|
|
10.1.0.3;
|
|
10.2.0.3;
|
|
10.4.0.3;
|
|
};
|
|
|
|
options {
|
|
directory "/var/bind";
|
|
pid-file "/run/named/named.pid";
|
|
disable-empty-zone "10.in-addr.arpa";
|
|
|
|
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
|
|
//bindkeys-file "/etc/bind/bind.keys";
|
|
|
|
listen-on-v6 { ::1; };
|
|
listen-on { 10.0.0.0/8; 127.0.0.1; };
|
|
|
|
allow-query {
|
|
/*
|
|
* Accept queries from our "trusted" ACL. We will
|
|
* allow anyone to query our master zones below.
|
|
* This prevents us from becoming a free DNS server
|
|
* to the masses.
|
|
*/
|
|
trusted;
|
|
};
|
|
|
|
allow-query-cache {
|
|
/* Use the cache for the "trusted" ACL. */
|
|
trusted;
|
|
};
|
|
|
|
allow-recursion {
|
|
/* Only trusted addresses are allowed to use recursion. */
|
|
trusted;
|
|
};
|
|
|
|
recursion yes;
|
|
|
|
response-policy {
|
|
zone "rpz.zone";
|
|
};
|
|
};
|
|
|
|
controls {
|
|
// local host -- default key.
|
|
inet 127.0.0.1 port 953 -allow { 127.0.0.1; "rndc-users"; }
|
|
keys { "rndc-remote"; "rndc-key"; };
|
|
inet 127.0.0.1 allow { localhost; };
|
|
};
|
|
|
|
include "/etc/bind/rndc.key";
|
|
|
|
zone "." in {
|
|
type hint;
|
|
file "/var/bind/named.cache";
|
|
};
|
|
|
|
zone "localhost" IN {
|
|
type master;
|
|
file "pri/localhost.zone";
|
|
notify no;
|
|
};
|
|
|
|
zone "rpz.zone" {
|
|
type master;
|
|
file "/var/bind/pri/rpz.zone";
|
|
allow-query {trusted;};
|
|
allow-update {none;};
|
|
};
|
|
|
|
# DMZ
|
|
zone "dmz.calculate.ru" IN {
|
|
type slave;
|
|
file "/var/bind/sec/dmz.calculate.ru.zone";
|
|
masters { 10.1.0.3; };
|
|
};
|
|
|
|
zone "1.10.in-addr.arpa" IN {
|
|
type slave;
|
|
file "/var/bind/sec/dmz.calculate.ru.rev.zone";
|
|
masters { 10.1.0.3; };
|
|
};
|