key "rndc-key" { algorithm hmac-md5; secret "oQVIkpAszmNM8l9gY9YRw9HqMK10dF5UyTPb8KZU53fjiJtqpPOPe1B30LHk"; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; }; inet 192.168.1.2 port 953 allow { 192.168.1.2; } keys { rndc-key; }; }; acl "xfer" { // Allow no transfers. If we have other name servers, place them here. 127.0.0.1; 192.168.1.2; 192.168.1.3; 10.208.1.10; 10.208.1.11; 188.215.64.126; 216.218.133.2; 89.121.131.74; 86.104.210.218; 69.65.50.192; }; acl "trusted" { 127.0.0.1; 192.168.1.0/24; 172.17.0.0/16; 10.208.1.0/24; 5.12.34.98; 85.121.136.12; }; acl "world" { any; !127.0.0.1; !192.168.1.0/24; !10.208.1.0/24; !172.17.0.0/16; }; options { listen-on { 127.0.0.1; 192.168.1.2; }; directory "/var/named"; // the default pid-file "/var/run/named/named.pid"; dump-file "data/cache_dump.db"; statistics-file "/var/named/named.stats"; // forwarders forwarders { 1.0.0.1; 1.1.1.1; }; // dnssec dnssec-enable yes; dnssec-validation yes; //dnssec-lookaside auto; // hide bind version //version "0bx0f0"; version "none"; // configure max cache size max-cache-size 512M; // configure max clients per query max-clients-per-query 128; // Prevent DoS attacks by generating bogus zone transfer requests notify no; // Generate more efficient zone transfers. This will place multiple DNS records in a DNS message, instead of one per DNS message transfer-format many-answers; // Set the maximum zone transfer time to something more reasonable. In this case, we state that any zone transfer that takes longer // than 30 minutes is unlikely to ever complete max-transfer-time-in 30; // We have no dynamic interfaces, so BIND shouldn't need to poll for interface state {UP|DOWN}. interface-interval 0; allow-query { any; }; allow-query-cache { trusted; }; allow-transfer { xfer; }; allow-recursion { trusted; }; auth-nxdomain no; rate-limit { slip 2; window 30; ipv4-prefix-length 32; responses-per-second 50; errors-per-second 10; nxdomains-per-second 25; exempt-clients { 127.0.0.1; 192.168.1.0/24; 10.208.1.0/24; 85.121.136.12/32; }; }; }; logging { channel default_syslog { // Send most of the named messages to syslog syslog local2; severity error; }; channel audit_log { // Send the security related messages to a separate file file "data/named.log"; severity notice; print-time yes; }; channel query_log { file "data/queries.log"; print-category yes; print-severity yes; print-time yes; }; channel security_file { file "/var/named/data/security.log" versions 0 size 1m; severity info; print-time yes; }; category default { default_syslog; }; category general { audit_log; default_syslog; }; category security { security_file; }; category config { audit_log; default_syslog; }; category resolver { audit_log; }; category xfer-in { audit_log; }; category xfer-out { audit_log; }; category notify { audit_log; }; category client { audit_log; }; category network { audit_log; }; category update { audit_log; }; category queries { query_log; }; category lame-servers { audit_log; }; }; view "localhost_resolver" { match-clients { 127.0.0.0/24; }; match-destinations { localhost; }; recursion yes; zone "." IN { type hint; file "/var/named/named.ca"; }; include "/var/named/named.rfc1912.zones"; }; view "internal" { match-clients { localnets; }; match-destinations { localnets; }; recursion yes; allow-transfer { 192.168.1.2; 192.168.1.3; localhost; 188.215.64.126; }; zone "." IN { type hint; file "/var/named/named.ca"; }; zone "acasa" { type master; file "/var/named/acasa.zone"; }; zone "1.168.192.in-addr.arpa" { type master; file "/var/named/1.168.192.in-addr.arpa"; allow-query { any; }; allow-transfer { xfer; }; }; //zone "govoip.ro" { // type slave; // masters { 86.104.210.229; }; // file "/var/named/slaves/govoip.ro.zone"; //}; }; view "external" { zone "." IN { type hint; file "/var/named/named.ca"; }; };