| acl "dns_slaves" { 172.16.1.2; # IP of the slave DNS nameserver 172.16.101.2 # ditto }; acl "lan_hosts" { 192.168.0.0/24; # network address of your local LAN 127.0.0.1; # allow loop back }; options { # this section sets the default options directory "/etc/namedb" # directory where the zone files will reside listen-on { 192.168.0.1; # IP address of the local interface to listen 127.0.0.1; # ditto }; auth-nxdomain no; # conform to RFC1035 allow-query { any; }; # allow anyone to issue queries recursion no; # disallow recursive queries unless over-ridden below version "0"; # obscures version reporting - can't hurt }; key "rndc-key" { algorithm hmac-md5; secret "nOzUd7+Hwdq6k6CQq7SbDw=="; # DO NOT USE THIS KEY - example only }; controls { inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; }; view "internal" { match-clients { lan_hosts; }; # match hosts in acl "lan_hosts" above recursion yes; # allow recursive queries notify no; # disable AA notifies // prime the server with knowledge of the root servers zone "." { type hint; file "db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "db.local"; }; zone "127.in-addr.arpa" { type master; file "db.127"; }; zone "0.in-addr.arpa" { type master; file "db.0"; }; zone "255.in-addr.arpa" { type master; file "db.255"; }; zone "example.com" { type master; file "internal/example.com.zone"; }; }; view "external" { // "localnets" and "any" are special reserved words // "localnets" mean any network address (as opposed to host address) configured // on the local network interfaces - "!" means to negate match-clients { !localnets; any; }; recursion no; # disallow recursive queries allow-transfer { dns_slaves; }; # allow "hosts in act "dns_slaves" to transfer zones zone "example.com" { type master; file "external/example.com.zone"; }; }; |
