CubelaPetar/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c83d178b7709663439b6e20d29156ab80d9f3005
notes/projects/tu/glt-mail/dns-server/named.conf.md
Petar Cubela c83d178b77 20250726-regular commit
2025-07-26 11:50:53 +02:00

3.3 KiB
Raw Blame History

Simple

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

// include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

acl internal {
        10.42.0.0/24;
};

options {
        directory "/var/cache/bind";
        forwarders {
                1.1.1.1;
                1.0.0.1;
        };
        allow-query { internal; };
};

zone "test.softbox.net" IN {
        type master;
        file "/etc/bind/test-softbox-net.zone";

private

#
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/rndc.key";
include "/etc/tsig.key";

# Allow rndc management
#inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
controls {
	inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "tsig-key"; };
};

# Limit access to local network and homelab LAN
acl "clients" {
	127.0.0.0/8;
	10.56.0.0/21;
};

options {
	forwarders {
		fde4:ed21:b2c0:1::254;
		10.56.0.254;
	};

	listen-on port 53 { 127.0.0.1; 10.56.0.3; }; ## MASTER
	listen-on-v6 { none; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";

	tcp-clients 50;

	# Disable built-in server information zones
	version none;
	hostname none;
	server-id none;

	recursion yes;
	recursive-clients 50;
	allow-recursion { clients; };
	allow-query { clients; };
	allow-transfer { localhost; 10.56.0.4; }; ## SLAVE

	auth-nxdomain no;
	notify no;
	#dnssec-enable yes;
	dnssec-validation auto;
	#dnssec-lookaside auto;

	bindkeys-file "/etc/named.root.key";
	managed-keys-directory "/var/named/dynamic";
	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

# Specifications of what to log, and where the log messages are sent
logging {
	channel "common_log" {
		file "/var/log/named/named.log" versions 10 size 5m;
		severity dynamic;
		print-category yes;
		print-severity yes;
		print-time yes;
	};
	category default { "common_log"; };
	category general { "common_log"; };
	category queries { "common_log"; };
	category client { "common_log"; };
	category security { "common_log"; };
	category query-errors { "common_log"; };
	category lame-servers { null; };
};

zone "." IN {
	type hint;
	file "named.ca";
};

# Internal zone definitions
zone "juro-vpn.reliyya.xyz" {
    	type forward;
    	forwarders { 10.56.0.254; };
};


zone "reliyya.xyz" {
	type master;
	file "data/db.reliyya.xyz";
	#allow-update { key rndc-key; };
	update-policy { grant tsig-key zonesub any; };
	notify yes;
};

zone "0.56.10.in-addr.arpa" {
	type master;
	file "data/db.0.56.10";
	#allow-update { key rndc-key; };
	update-policy { grant tsig-key zonesub any; };
	notify yes;
};


#zone "petarcubela.de" {
#	type master;
#	file "data/db.petarcubela.de";
#	allow-update { key rndc-key; };
#	notify yes;
#};

//zone "7.56.10.in-addr.arpa" {
//	type master;
//	file "data/db.7.56.10";
//	allow-update { key rndc-key; };
//	notify yes;
//};
[root@dns1 etc]#
Reference in New Issue View Git Blame Copy Permalink