diff options
Diffstat (limited to 'etc/dns/backup.conf')
-rw-r--r-- | etc/dns/backup.conf | 171 |
1 files changed, 144 insertions, 27 deletions
diff --git a/etc/dns/backup.conf b/etc/dns/backup.conf index 1f58dac..fd7b81d 100644 --- a/etc/dns/backup.conf +++ b/etc/dns/backup.conf @@ -1,43 +1,160 @@ +/* + * Refer to the named.conf(5) and named(8) man pages, and the documentation + * in /usr/share/doc/bind-9 for more details. + * Online versions of the documentation can be found here: + * http://www.isc.org/software/bind/documentation + * + * If you are going to set up an authoritative server, make sure you + * understand the hairy details of how DNS works. Even with simple mistakes, + * you can break connectivity for affected parties, or cause huge amounts of + * useless Internet traffic. + */ + +acl "xfer" { + 10.10.0.0/24; + fdc7:602:e9c5:b8f0::/64; +}; + +acl "trusted" { + 127.0.0.0/8; + ::1/128; + 10.10.0.0/16; + fdc7:602:e9c5:b8f0::/64; +}; + options { directory "/var/bind"; pid-file "/var/run/named/named.pid"; -}; -zone "." IN { - type hint; - file "named.ca"; -}; + /* https://www.isc.org/solutions/dlv */ + bindkeys-file "/etc/bind/bind.keys"; + + listen-on-v6 { any; }; + listen-on { any; }; + + allow-query { + trusted; + }; + + allow-query-cache { + trusted; + }; + + allow-transfer { + xfer; + }; + +/* + * If you've got a DNS server around at your upstream provider, enter its + * IP address here, and enable the line below. This will make you benefit + * from its cache, thus reduce overall DNS traffic in the Internet. + * + * Uncomment the following lines to turn on DNS forwarding, and change + * and/or update the forwarding ip address(es): + */ + forward first; + forwarders { + 212.159.13.49; // Plus.net primary + 212.159.13.50; // Plus.net secondary + 4.2.2.1; // Level3 Public DNS + 4.2.2.2; // Level3 Public DNS + 8.8.8.8; // Google Open DNS + 8.8.4.4; // Google Open DNS + }; -zone "randomdan.homeip.net" IN { - type slave; - masters { 192.168.0.3; }; + + dnssec-enable yes; + + /* if you have problems and are behind a firewall: */ + //query-source address * port 53; }; -zone "random.lan" IN { - type slave; - masters { 192.168.0.3; }; +logging { + channel default_log { + file "/var/log/named/named.log" versions 5 size 50M; + print-time yes; + print-severity yes; + print-category yes; + }; + category default { default_log; }; + category general { default_log; }; }; -zone "randomdan.lan" IN { - type slave; - masters { 192.168.0.3; }; +include "/etc/bind/rndc.key"; +controls { + inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; }; }; -zone "localhost" IN { - type master; - file "pri/localhost.zone"; - allow-update { none; }; - notify no; + +view "internal" in { + match-clients { trusted; }; + recursion yes; + additional-from-auth yes; + additional-from-cache yes; + + zone "." in { + type hint; + file "/var/bind/root.cache"; + }; + + zone "localhost" IN { + type master; + file "pri/localhost.zone"; + allow-update { none; }; + notify no; + }; + + zone "127.in-addr.arpa" IN { + type master; + file "pri/localhost.zone"; + allow-update { none; }; + notify no; + }; + + zone "randomdan.homeip.net" IN { + type slave; + file "sec/randomdan.homeip.net.zone"; + masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; }; + }; + + zone "random.lan" IN { + type slave; + file "sec/random.lan.zone"; + masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; }; + }; + + zone "10.10.in-addr.arpa" IN { + type slave; + file "sec/10.10.zone"; + masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; }; + }; + + zone "0.f.8.b.5.c.9.e.2.0.6.0.7.c.d.f.ip6.apra" IN { + type slave; + file "sec/fdc7:602:e9c5:b8f0.zone"; + masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; }; + }; }; -zone "0.168.192.in-addr.arpa" IN { - type slave; - masters { 192.168.0.3; }; +view "public" in { + match-clients { any; }; + recursion no; + additional-from-auth no; + additional-from-cache no; + + zone "." in { + type hint; + file "/var/bind/root.cache"; + }; + + zone "randomdan.homeip.net" IN { + type slave; + file "sec/randomdan.homeip.net.zone"; + masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; }; + }; }; -zone "127.in-addr.arpa" IN { - type master; - file "pri/127.zone"; - allow-update { none; }; - notify no; +key updatekey { + algorithm hmac-md5; + secret "df61eb0aa23833c56751a6c8f579f695"; }; |