My named.conf looks like this:
Code:
# cat named.conf
// logging
logging {
channel LAMER_log {
file "log/named-lamer.log" versions 3 size 10m;
severity info;
print-severity yes;
print-time yes;
};
channel SEC_log {
file "log/named-sec.log" versions 3 size 10m;
severity info;
print-severity yes;
print-time yes;
};
// channel STAT_log {
// file "log/named-stat.log" versions 3 size 10m;
// severity info;
// print-severity yes;
// print-time yes;
// };
// category cname { null; };
category lame-servers { LAMER_log; };
category security { SEC_log; };
// category statistics { STAT_log; };
};
// define local addresses
acl "local-net" {
10.1.1.0/24;
};
// define bogons (bogus addresses)
acl "bogons" {
0.0.0.0/8;
169.254.0.0/16;
192.168.0.0/16;
};
// only allow local command channel on port 953
controls {
inet 127.0.0.1 port 953 allow {
127.0.0.1;
};
};
include "etc/trusted-keys";
options {
cleaning-interval 1440;
dnssec-enable yes;
dnssec-validation yes;
//dnssec-lookaside auto; as of BIND>=9.7
dnssec-lookaside . trust-anchor dlv.isc.org.;
zone-statistics yes;
dialup yes;
listen-on port 53 {
10.9.2.1;
};
listen-on-v6 port 53 {
};
// don't allow any host by default
allow-transfer {
none;
};
// allow only dns queries inside the local network
allow-query {
local-net;
};
blackhole {
bogons;
};
// forwarders
forward first;
forwarders {
xxx.xxx.xxx.xxx;
xxx.xxx.xxx.xxx;
};
auth-nxdomain no; # conform to RFC1035
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "etc/root.hint";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "etc/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "etc/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "etc/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "etc/db.255";
};
zone "10.in-addr.arpa" {
type master;
file "etc/db.10";
};
zone "localnet" {
type master;
file "etc/localnet/db.localnet.signed";
};
zone "1.1.10.in-addr.arpa" {
type master;
file "etc/localnet/db.1.1.10";
};