summaryrefslogtreecommitdiff
path: root/etc/dns/backup.conf
diff options
context:
space:
mode:
Diffstat (limited to 'etc/dns/backup.conf')
-rw-r--r--etc/dns/backup.conf171
1 files changed, 144 insertions, 27 deletions
diff --git a/etc/dns/backup.conf b/etc/dns/backup.conf
index 1f58dac..fd7b81d 100644
--- a/etc/dns/backup.conf
+++ b/etc/dns/backup.conf
@@ -1,43 +1,160 @@
+/*
+ * Refer to the named.conf(5) and named(8) man pages, and the documentation
+ * in /usr/share/doc/bind-9 for more details.
+ * Online versions of the documentation can be found here:
+ * http://www.isc.org/software/bind/documentation
+ *
+ * If you are going to set up an authoritative server, make sure you
+ * understand the hairy details of how DNS works. Even with simple mistakes,
+ * you can break connectivity for affected parties, or cause huge amounts of
+ * useless Internet traffic.
+ */
+
+acl "xfer" {
+ 10.10.0.0/24;
+ fdc7:602:e9c5:b8f0::/64;
+};
+
+acl "trusted" {
+ 127.0.0.0/8;
+ ::1/128;
+ 10.10.0.0/16;
+ fdc7:602:e9c5:b8f0::/64;
+};
+
options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";
-};
-zone "." IN {
- type hint;
- file "named.ca";
-};
+ /* https://www.isc.org/solutions/dlv */
+ bindkeys-file "/etc/bind/bind.keys";
+
+ listen-on-v6 { any; };
+ listen-on { any; };
+
+ allow-query {
+ trusted;
+ };
+
+ allow-query-cache {
+ trusted;
+ };
+
+ allow-transfer {
+ xfer;
+ };
+
+/*
+ * If you've got a DNS server around at your upstream provider, enter its
+ * IP address here, and enable the line below. This will make you benefit
+ * from its cache, thus reduce overall DNS traffic in the Internet.
+ *
+ * Uncomment the following lines to turn on DNS forwarding, and change
+ * and/or update the forwarding ip address(es):
+ */
+ forward first;
+ forwarders {
+ 212.159.13.49; // Plus.net primary
+ 212.159.13.50; // Plus.net secondary
+ 4.2.2.1; // Level3 Public DNS
+ 4.2.2.2; // Level3 Public DNS
+ 8.8.8.8; // Google Open DNS
+ 8.8.4.4; // Google Open DNS
+ };
-zone "randomdan.homeip.net" IN {
- type slave;
- masters { 192.168.0.3; };
+
+ dnssec-enable yes;
+
+ /* if you have problems and are behind a firewall: */
+ //query-source address * port 53;
};
-zone "random.lan" IN {
- type slave;
- masters { 192.168.0.3; };
+logging {
+ channel default_log {
+ file "/var/log/named/named.log" versions 5 size 50M;
+ print-time yes;
+ print-severity yes;
+ print-category yes;
+ };
+ category default { default_log; };
+ category general { default_log; };
};
-zone "randomdan.lan" IN {
- type slave;
- masters { 192.168.0.3; };
+include "/etc/bind/rndc.key";
+controls {
+ inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};
-zone "localhost" IN {
- type master;
- file "pri/localhost.zone";
- allow-update { none; };
- notify no;
+
+view "internal" in {
+ match-clients { trusted; };
+ recursion yes;
+ additional-from-auth yes;
+ additional-from-cache yes;
+
+ zone "." in {
+ type hint;
+ file "/var/bind/root.cache";
+ };
+
+ zone "localhost" IN {
+ type master;
+ file "pri/localhost.zone";
+ allow-update { none; };
+ notify no;
+ };
+
+ zone "127.in-addr.arpa" IN {
+ type master;
+ file "pri/localhost.zone";
+ allow-update { none; };
+ notify no;
+ };
+
+ zone "randomdan.homeip.net" IN {
+ type slave;
+ file "sec/randomdan.homeip.net.zone";
+ masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; };
+ };
+
+ zone "random.lan" IN {
+ type slave;
+ file "sec/random.lan.zone";
+ masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; };
+ };
+
+ zone "10.10.in-addr.arpa" IN {
+ type slave;
+ file "sec/10.10.zone";
+ masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; };
+ };
+
+ zone "0.f.8.b.5.c.9.e.2.0.6.0.7.c.d.f.ip6.apra" IN {
+ type slave;
+ file "sec/fdc7:602:e9c5:b8f0.zone";
+ masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; };
+ };
};
-zone "0.168.192.in-addr.arpa" IN {
- type slave;
- masters { 192.168.0.3; };
+view "public" in {
+ match-clients { any; };
+ recursion no;
+ additional-from-auth no;
+ additional-from-cache no;
+
+ zone "." in {
+ type hint;
+ file "/var/bind/root.cache";
+ };
+
+ zone "randomdan.homeip.net" IN {
+ type slave;
+ file "sec/randomdan.homeip.net.zone";
+ masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; };
+ };
};
-zone "127.in-addr.arpa" IN {
- type master;
- file "pri/127.zone";
- allow-update { none; };
- notify no;
+key updatekey {
+ algorithm hmac-md5;
+ secret "df61eb0aa23833c56751a6c8f579f695";
};