zira-etc/named.conf

key "rndc-key" {
    algorithm   hmac-md5;
    secret      "oQVIkpAszmNM8l9gY9YRw9HqMK10dF5UyTPb8KZU53fjiJtqpPOPe1B30LHk";
};

controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
    inet 192.168.1.2 port 953 allow { 192.168.1.2; } keys { rndc-key; };
};

acl "xfer" {
    // Allow no transfers.  If we have other name servers, place them here. 
    127.0.0.1;
    192.168.1.2;
    192.168.1.3;
    10.208.1.10;
    10.208.1.11;
    188.215.64.126;
    216.218.133.2;
    89.121.131.74;
    86.104.210.218;
    69.65.50.192;
};

acl "trusted" {
	127.0.0.1;
	192.168.1.0/24;
    172.17.0.0/16;
	10.208.1.0/24;
	89.121.131.74;
	86.104.210.218;
};

acl "world" {
	any;
	!127.0.0.1;
	!192.168.1.0/24;
	!10.208.1.0/24;
    !172.17.0.0/16;
};

options {
    listen-on { 127.0.0.1; 192.168.1.2; };
    directory	"/var/named"; // the default
    pid-file	"/var/run/named/named.pid";
    dump-file	"data/cache_dump.db";
    statistics-file "/var/named/named.stats";

    // dnssec
    dnssec-enable yes;
    dnssec-validation yes;
    //dnssec-lookaside auto;

    // hide bind version
    //version		"0bx0f0";
    version	"none";

    // configure max cache size
    max-cache-size 512M;

    // configure max clients per query
    max-clients-per-query 128;

    // Prevent DoS attacks by generating bogus zone transfer requests
    notify		no;

    // Generate more efficient zone transfers.  This will place multiple DNS records in a DNS message, instead of one per DNS message
    transfer-format many-answers;

    // Set the maximum zone transfer time to something more reasonable. In this case, we state that any zone transfer that takes longer
    // than 30 minutes is unlikely to ever complete
    max-transfer-time-in 30;

    // We have no dynamic interfaces, so BIND shouldn't need to poll for interface state {UP|DOWN}.
    interface-interval 0;

    allow-query { any; };
    allow-query-cache { trusted; };
    allow-transfer { xfer; };
    allow-recursion { trusted; };
    auth-nxdomain no;

    rate-limit {
		slip 2;
		window 30;
        ipv4-prefix-length 32;
        responses-per-second 25;
        errors-per-second 5;
        nxdomains-per-second 25;
		exempt-clients { 127.0.0.1; 192.168.1.0/24; 10.208.1.0/24; 86.104.210.218/32; };
    };

};

logging {
        channel default_syslog {
                // Send most of the named messages to syslog.
                syslog local2;
                severity error;
        };

        channel audit_log {
                // Send the security related messages to a separate file.
                file "data/named.log";
                severity notice;
                print-time yes;
        };

        channel query_log {
                file "data/queries.log";
                print-category yes;
                print-severity yes;
                print-time yes;
        };

        channel security_file {
                file "/var/named/data/security.log" versions 0 size 1m;
                severity info;
                print-time yes;
        };

        category default { default_syslog; };
        category general { audit_log; default_syslog; };
        category security { security_file; };
        category config { audit_log; default_syslog; };
        category resolver { audit_log; };
        category xfer-in { audit_log; };
        category xfer-out { audit_log; };
        category notify { audit_log; };
        category client { audit_log; };
        category network { audit_log; };
        category update { audit_log; };
        category queries { query_log; };
        category lame-servers { audit_log; };
};

view "localhost_resolver" {
    match-clients         { 127.0.0.0/24; };
    match-destinations    { localhost; };
    recursion yes;

zone "." IN {
     type hint;
     file "/var/named/named.ca";
};

include "/var/named/named.rfc1912.zones";

};

view "internal" {
  match-clients        { localnets; };
  match-destinations   { localnets; };
  recursion yes;
  allow-transfer { 192.168.1.2; 192.168.1.3; localhost; 188.215.64.126; };

zone "." IN {
  type hint;
  file "/var/named/named.ca";
};

zone "club3d.ro" {
  type master;
  file "/var/named/club3d.ro.zone";
};

zone "anywhere.ro" {
   type master;
   file "/var/named/anywhere.ro.zone";
};

zone "vrem.ro" {
   type master;
   file "/var/named/vrem.ro.zone";
};

zone "acasa" {
	type master;
	file "/var/named/acasa.zone";
};

zone "1.168.192.in-addr.arpa" {
	type master;
	file "/var/named/1.168.192.in-addr.arpa";
    allow-query { any; };
    allow-transfer { xfer; };
};

//zone "govoip.ro" {
//   type slave;
//   masters { 86.104.210.229; };
//   file "/var/named/slaves/govoip.ro.zone";
//};

};

view "external" {
  zone "." IN {
  type hint;
  file "/var/named/named.ca";
};

zone "club3d.ro" {
  type master;
  file "/var/named/club3d.ro.zone";
  notify yes;
  allow-transfer { 69.65.50.192; 208.43.71.243; 174.37.196.55; 216.218.133.2; };
};

zone "anywhere.ro" {
   type master;
   file "/var/named/anywhere.ro.zone";
};

zone "vrem.ro" {
   type master;
   file "/var/named/vrem.ro.zone";
};

//zone "govoip.ro" {
//   type slave;
//   masters { 86.104.210.229; };
//   file "/var/named/slaves/govoip.ro.zone";
//};

};