View Single Post
Old 25th February 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

You can use this named.conf as a template:
Code:
// $OpenBSD: named-dual.conf,v 1.11 2009/11/02 21:12:56 jakob Exp $
//
// Example file for a named configuration with dual views,
// one processing recursive queries only and one processing
// authoritative-only queries.


// Update this list to include only the networks for which you want
// to execute recursive queries. The default setting allows all hosts
// on any IPv4 networks for which the system has an interface, and
// the IPv6 localhost address.
//
acl clients {
        localnets;
        ::1;
};

options {
        version "";     // remove this to allow version queries

        listen-on    { any; };
        listen-on-v6 { any; };

        empty-zones-enable yes;
};

logging {
        category lame-servers { null; };
};

view "recursive" {
        match-clients { clients; };
        match-recursive-only yes;
        allow-recursion { clients; };

        zone "." {
                type hint;
                file "etc/root.hint";
        };

        zone "localhost" {
                type master;
                file "standard/localhost";
                allow-transfer { localhost; };
        };

        zone "127.in-addr.arpa" {
                type master;
                file "standard/loopback";
                allow-transfer { localhost; };
        };

        zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
                type master;
                file "standard/loopback6.arpa";
                allow-transfer { localhost; };
        };
};

view "authoritative" {
        recursion no;
                                                                                                             (p2 of 2)
        additional-from-auth no;
        additional-from-cache no;

        // Master zones
        //
        //zone "myzone.net" {
        //      type master;
        //      file "master/myzone.net";
        //};

        // Slave zones
        //
        //zone "otherzone.net" {
        //      type slave;
        //      file "slave/otherzone.net";
        //      masters { 192.168.1.10; [...;] };
        //};
};
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote