View Single Post
Old 30th January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

My named.conf looks like this:

Code:
# cat named.conf

// logging
logging {
        channel LAMER_log {
                file "log/named-lamer.log" versions 3 size 10m;
                severity info;
                print-severity yes;
                print-time yes;
        };

        channel SEC_log {
                file "log/named-sec.log" versions 3 size 10m;
                severity info;
                print-severity yes;
                print-time yes;
        };

        // channel STAT_log {
        //      file "log/named-stat.log" versions 3 size 10m;
        //      severity info;
        //      print-severity yes;
        //      print-time yes;
        // };

        // category cname { null; };
        category lame-servers { LAMER_log; };
        category security { SEC_log; };
        // category statistics { STAT_log; };
};



// define local addresses
acl "local-net" {
        10.1.1.0/24;
};

// define bogons (bogus addresses)
acl "bogons" {
        0.0.0.0/8;
        169.254.0.0/16;
        192.168.0.0/16;
};

// only allow local command channel on port 953
controls {
        inet 127.0.0.1 port 953 allow {
                127.0.0.1;
        };
};


include "etc/trusted-keys";

options {
        cleaning-interval 1440;
        dnssec-enable yes;
        dnssec-validation yes;
        //dnssec-lookaside auto; as of BIND>=9.7
        dnssec-lookaside . trust-anchor dlv.isc.org.;
        zone-statistics yes;

        dialup yes;

        listen-on port 53 {
                10.9.2.1;
        };
        listen-on-v6 port 53 {
        };

        // don't allow any host by default
        allow-transfer {
                none;
        };

        // allow only dns queries inside the local network
        allow-query {
                local-net;
        };

        blackhole {
                bogons;
        };                                

        // forwarders
        forward first;

        forwarders {
                xxx.xxx.xxx.xxx;
                xxx.xxx.xxx.xxx;
        };

        auth-nxdomain no;    # conform to RFC1035
};



// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "etc/root.hint";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "etc/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "etc/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "etc/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "etc/db.255";
};

zone "10.in-addr.arpa" {
        type master;
        file "etc/db.10";
};



zone "localnet" {
        type master;
        file "etc/localnet/db.localnet.signed";
};

zone "1.1.10.in-addr.arpa" {
        type master;
        file "etc/localnet/db.1.1.10";
};
Reply With Quote