CubelaPetar/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c83d178b7709663439b6e20d29156ab80d9f3005
notes/projects/tu/glt-mail/dns-server/named.conf.md
Petar Cubela c83d178b77 20250726-regular commit
2025-07-26 11:50:53 +02:00

154 lines
3.3 KiB
Markdown
Raw Blame History

## Simple
```
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
// include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
acl internal {
10.42.0.0/24;
};
options {
directory "/var/cache/bind";
forwarders {
1.1.1.1;
1.0.0.1;
};
allow-query { internal; };
};
zone "test.softbox.net" IN {
type master;
file "/etc/bind/test-softbox-net.zone";
```
## private
```
#
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/rndc.key";
include "/etc/tsig.key";
# Allow rndc management
#inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "tsig-key"; };
};
# Limit access to local network and homelab LAN
acl "clients" {
127.0.0.0/8;
10.56.0.0/21;
};
options {
forwarders {
fde4:ed21:b2c0:1::254;
10.56.0.254;
};
listen-on port 53 { 127.0.0.1; 10.56.0.3; }; ## MASTER
listen-on-v6 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
tcp-clients 50;
# Disable built-in server information zones
version none;
hostname none;
server-id none;
recursion yes;
recursive-clients 50;
allow-recursion { clients; };
allow-query { clients; };
allow-transfer { localhost; 10.56.0.4; }; ## SLAVE
auth-nxdomain no;
notify no;
#dnssec-enable yes;
dnssec-validation auto;
#dnssec-lookaside auto;
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
# Specifications of what to log, and where the log messages are sent
logging {
channel "common_log" {
file "/var/log/named/named.log" versions 10 size 5m;
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
category default { "common_log"; };
category general { "common_log"; };
category queries { "common_log"; };
category client { "common_log"; };
category security { "common_log"; };
category query-errors { "common_log"; };
category lame-servers { null; };
};
zone "." IN {
type hint;
file "named.ca";
};
# Internal zone definitions
zone "juro-vpn.reliyya.xyz" {
type forward;
forwarders { 10.56.0.254; };
};
zone "reliyya.xyz" {
type master;
file "data/db.reliyya.xyz";
#allow-update { key rndc-key; };
update-policy { grant tsig-key zonesub any; };
notify yes;
};
zone "0.56.10.in-addr.arpa" {
type master;
file "data/db.0.56.10";
#allow-update { key rndc-key; };
update-policy { grant tsig-key zonesub any; };
notify yes;
};
#zone "petarcubela.de" {
# type master;
# file "data/db.petarcubela.de";
# allow-update { key rndc-key; };
# notify yes;
#};
//zone "7.56.10.in-addr.arpa" {
// type master;
// file "data/db.7.56.10";
// allow-update { key rndc-key; };
// notify yes;
//};
[root@dns1 etc]#
```
Reference in New Issue View Git Blame Copy Permalink