/*
 * Refer to the named.conf(5) and named(8) man pages, and the documentation
 * in /usr/share/doc/bind-9 for more details.
 * Online versions of the documentation can be found here:
 * http://www.isc.org/software/bind/documentation
 *
 * If you are going to set up an authoritative server, make sure you
 * understand the hairy details of how DNS works. Even with simple mistakes,
 * you can break connectivity for affected parties, or cause huge amounts of
 * useless Internet traffic.
 */

acl "xfer" {
	10.10.0.0/24;
	fdc7:602:e9c5:b8f0::/64;
};

acl "trusted" {
	127.0.0.0/8;
	::1/128;
	10.10.0.0/16;
	fdc7:602:e9c5:b8f0::/64;
};

options {
	directory "/var/bind";
	pid-file "/var/run/named/named.pid";

	/* https://www.isc.org/solutions/dlv */
	bindkeys-file "/etc/bind/bind.keys";

	listen-on-v6 { any; };
	listen-on { any; };

	allow-query {
		trusted;
	};

	allow-query-cache {
		trusted;
	};

	allow-transfer {
		xfer;
	};

/*
 * If you've got a DNS server around at your upstream provider, enter its
 * IP address here, and enable the line below. This will make you benefit
 * from its cache, thus reduce overall DNS traffic in the Internet.
 * 
 * Uncomment the following lines to turn on DNS forwarding, and change
 *  and/or update the forwarding ip address(es):
 */
	forward first;
	forwarders {
		8.8.8.8;		// Google Open DNS
		8.8.4.4;		// Google Open DNS
	};
};

logging {
	channel default_log {
		file "/var/log/named/named.log" versions 5 size 50M;
		print-time yes;
		print-severity yes;
		print-category yes;
	};
	category default { default_log; };
	category general { default_log; };
};

include "/etc/bind/rndc.key";
controls {
	inet 127.0.0.1 port 953 allow { 127.0.0.0/8; 10.10.0.0/16; fdc7:602:e9c5:b8f0::0/64; ::1/128; } keys { "rndc-key"; };
};


view "internal" in {
	match-clients { trusted; };
	recursion yes;

	zone "." in {
		type hint;
		file "/var/bind/root.cache";
	};

	zone "all.spamrats.com" { type forward; forward first; forwarders {}; };
	zone "black.uribl.com" { type forward; forward first; forwarders {}; };
	zone "grey.uribl.com" { type forward; forward first; forwarders {}; };
	zone "list.dnswl.org" { type forward; forward first; forwarders {}; };
	zone "multi.surbl.org" { type forward; forward first; forwarders {}; };
	zone "multi.uribl.com" { type forward; forward first; forwarders {}; };
	zone "zen.spamhaus.org" { type forward; forward first; forwarders {}; };
	zone "dbl.spamhaus.org" { type forward; forward first; forwarders {}; };

	zone "localhost" IN {
		type master;
		file "pri/localhost.zone";
		allow-update { none; };
		notify no;
	};

	zone "127.in-addr.arpa" IN {
		type master;
		file "pri/localhost.zone";
		allow-update { none; };
		notify no;
	};

	zone "randomdan.homeip.net" IN {
		type slave;
		file "sec/randomdan.homeip.net.zone";
		masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; };
	};

	zone "random.lan" IN {
		type slave;
		file "sec/random.lan.zone";
		masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; };
	};

	zone "10.10.in-addr.arpa" IN {
		type slave;
		file "sec/10.10.zone";
		masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; };
	};

	zone "0.f.8.b.5.c.9.e.2.0.6.0.7.c.d.f.ip6.arpa" IN {
		type slave;
		file "sec/fdc7:602:e9c5:b8f0.zone";
		masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; };
	};
};