## Simple ``` // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local // include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; acl internal { 10.42.0.0/24; }; options { directory "/var/cache/bind"; forwarders { 1.1.1.1; 1.0.0.1; }; allow-query { internal; }; }; zone "test.softbox.net" IN { type master; file "/etc/bind/test-softbox-net.zone"; ``` ## private ``` # include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/rndc.key"; include "/etc/tsig.key"; # Allow rndc management #inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "tsig-key"; }; }; # Limit access to local network and homelab LAN acl "clients" { 127.0.0.0/8; 10.56.0.0/21; }; options { forwarders { fde4:ed21:b2c0:1::254; 10.56.0.254; }; listen-on port 53 { 127.0.0.1; 10.56.0.3; }; ## MASTER listen-on-v6 { none; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; tcp-clients 50; # Disable built-in server information zones version none; hostname none; server-id none; recursion yes; recursive-clients 50; allow-recursion { clients; }; allow-query { clients; }; allow-transfer { localhost; 10.56.0.4; }; ## SLAVE auth-nxdomain no; notify no; #dnssec-enable yes; dnssec-validation auto; #dnssec-lookaside auto; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; # Specifications of what to log, and where the log messages are sent logging { channel "common_log" { file "/var/log/named/named.log" versions 10 size 5m; severity dynamic; print-category yes; print-severity yes; print-time yes; }; category default { "common_log"; }; category general { "common_log"; }; category queries { "common_log"; }; category client { "common_log"; }; category security { "common_log"; }; category query-errors { "common_log"; }; category lame-servers { null; }; }; zone "." IN { type hint; file "named.ca"; }; # Internal zone definitions zone "juro-vpn.reliyya.xyz" { type forward; forwarders { 10.56.0.254; }; }; zone "reliyya.xyz" { type master; file "data/db.reliyya.xyz"; #allow-update { key rndc-key; }; update-policy { grant tsig-key zonesub any; }; notify yes; }; zone "0.56.10.in-addr.arpa" { type master; file "data/db.0.56.10"; #allow-update { key rndc-key; }; update-policy { grant tsig-key zonesub any; }; notify yes; }; #zone "petarcubela.de" { # type master; # file "data/db.petarcubela.de"; # allow-update { key rndc-key; }; # notify yes; #}; //zone "7.56.10.in-addr.arpa" { // type master; // file "data/db.7.56.10"; // allow-update { key rndc-key; }; // notify yes; //}; [root@dns1 etc]# ```