o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
7e2e43ffe76926329fe0b0bd3ccd6ba113812de8
Office_Networks/GA-Schloss/bind/named.conf.options
Christoph 938a94cc3b Add GA-Schloss. Renew WF.
2018-06-25 01:57:21 +02:00

134 lines
3.0 KiB
Plaintext
Raw Blame History

acl internaldns {
192.168.11.3;
192.168.10.3;
192.168.10.6;
# Nameserver Gateway Altenschlirf
192.168.10.254;
172.16.0.1;
# Nameserver Gateway Novalishaus
192.168.81.1;
10.2.11.2;
# Nameserver wolle
10.113.12.3;
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
// Security options
listen-on port 53 {
127.0.0.1;
10.10.11.254;
192.168.11.1;
192.168.11.254;
};
// Use this sender IPv4 for zone transfers
//transfer-source 192.168.11.1 ;
allow-query {
127.0.0.1;
192.168.0.0/16;
10.0.0.0/8;
172.16.0.0/12;
2001:6f8:107e::/48;
fe80::/8;
::1/128;
};
// caching name services
recursion yes;
allow-recursion {
127.0.0.1;
192.168.0.0/16;
172.16.0.0/12;
10.0.0.0/8;
fe80::/8;
::1/128;
};
allow-transfer {
internaldns;
};
transfer-source 192.168.11.1;
notify-source 192.168.11.1;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
## - If zone-statistics is "yes", statistic file will be written.
## -
## - Notice:
## - The named.stats file may grow very large over the time use some logrotate to keep it
## - small, this may result in graphs being reset ( something I don't care about here )
## -
zone-statistics yes;
statistics-file "/var/log/named/named.stats";
};
logging {
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
//severity warning;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel queries_log {
file "/var/log/named/query.log" versions 10 size 5m;
severity debug;
//severity notice;
print-time yes;
print-severity yes;
print-category no;
};
channel log_zone_transfers {
file "/var/log/named/axfr.log" versions 5 size 2m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category resolver {
queries_log;
};
category queries {
queries_log;
};
category xfer-in {
log_zone_transfers;
};
category xfer-out {
log_zone_transfers;
};
category notify {
log_zone_transfers;
};
category default{
simple_log;
};
};
Reference in New Issue View Git Blame Copy Permalink