Created
February 17, 2017 17:21
-
-
Save brentrjones/ddb512eb9a34684f2bd4f0464e5c0609 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| options { | |
| //listen-on port 53 { 127.0.0.1; }; | |
| //listen-on-v6 port 53 { ::1; }; | |
| directory "/var/named"; | |
| dump-file "/var/named/data/cache_dump.db"; | |
| statistics-file "/var/named/data/named_stats.txt"; | |
| memstatistics-file "/var/named/data/named_mem_stats.txt"; | |
| recursion no; | |
| recursive-clients 10000; | |
| dnssec-enable yes; | |
| max-cache-size 128M; | |
| dnssec-validation yes; | |
| dnssec-lookaside auto; | |
| masterfile-format text; | |
| /* Ignore errors in slave zones */ | |
| check-names master ignore; | |
| check-names slave ignore; | |
| check-names response ignore; | |
| /* Path to ISC DLV key */ | |
| bindkeys-file "/etc/named.iscdlv.key"; | |
| managed-keys-directory "/var/named/dynamic"; | |
| }; | |
| logging { | |
| channel default_debug { | |
| file "data/named.run"; | |
| severity dynamic; | |
| }; | |
| channel default_log { | |
| file "/var/log/bind.log" versions 3 size 15m; | |
| severity info; | |
| print-time yes; | |
| print-severity yes; | |
| print-category yes; | |
| }; | |
| channel debug_log { | |
| file "/var/log/debug.log" versions 3 size 15m; | |
| severity debug 3; | |
| print-severity yes; | |
| print-category yes; | |
| }; | |
| channel query_log { | |
| file "/var/log/query.log" versions 3 size 15m; | |
| severity info; | |
| print-time yes; | |
| print-severity no; | |
| print-category no; | |
| }; | |
| channel resolver_log { | |
| file "/var/log/resolver.log" versions 3 size 15m; | |
| severity info; | |
| print-time yes; | |
| print-severity yes; | |
| print-category yes; | |
| }; | |
| channel xfer_log { | |
| file "/var/log/xfer.log" versions 3 size 15m; | |
| severity debug 9; | |
| print-time yes; | |
| print-severity yes; | |
| print-category yes; | |
| }; | |
| channel dnssec_log { | |
| file "/var/log/dnssec.log" versions 3 size 15m; | |
| severity debug 9; | |
| print-time yes; | |
| print-severity yes; | |
| print-category yes; | |
| }; | |
| category "default" { "default_log"; }; | |
| category "dnssec" { dnssec_log; }; | |
| category "general" { "default_log"; }; | |
| category "queries" { "query_log"; }; | |
| category "lame-servers" { "query_log"; }; | |
| category "resolver" { "resolver_log"; }; | |
| category "client" { "default_log"; }; | |
| category "database" { "default_log"; }; | |
| category "network" { "default_log"; }; | |
| category "unmatched" { "default_log"; }; | |
| category "edns-disabled" { debug_log; }; | |
| category "security" { default_log; }; | |
| category "xfer-out" { xfer_log; }; | |
| category "xfer-in" { xfer_log; }; | |
| category "notify" { xfer_log; }; | |
| }; | |
| // Named root keys | |
| include "/etc/named.root.key"; | |
| key "dnsadmin" { | |
| algorithm hmac-md5; | |
| secret "*"; | |
| }; | |
| controls { | |
| inet 127.0.0.1 allow {localhost;}; | |
| inet * port 953 allow { | |
| 10.0.0.0/8; | |
| } | |
| keys {"dnsadmin";}; | |
| }; | |
| acl "production" { | |
| 10.0.0.0/8; | |
| 127.0.0.1; | |
| }; | |
| masters "bind_master" { | |
| 10.10.1.173; | |
| }; | |
| view "production" { | |
| match-clients { | |
| production; | |
| corporate; | |
| }; | |
| allow-recursion { | |
| production; | |
| corporate; | |
| }; | |
| recursion yes; | |
| include "/etc/named.rfc1912.zones"; | |
| zone "." IN { | |
| type hint; | |
| file "named.ca"; | |
| }; | |
| forwarders { | |
| 10.10.0.2; // AWS DNS | |
| }; | |
| zone "prod.yourdomain" { | |
| type master; | |
| file "master-zones/prod.yourdomain.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "staging.yourdomain" { | |
| type master; | |
| file "master-zones/staging.yourdomain.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "dev.yourdomain" { | |
| type master; | |
| file "master-zones/dev.yourdomain.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "thunderdome.yourdomain" { | |
| type master; | |
| file "master-zones/thunderdome.yourdomain.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "identity.yourdomain" { | |
| type master; | |
| file "master-zones/identity.yourdomain.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| // AWS Oregon PTR | |
| zone "0.10.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/0.10.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "1.10.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/1.10.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { 10.0.0.0/8; }; | |
| }; | |
| zone "2.10.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/2.10.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "3.10.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/3.10.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "4.10.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/4.10.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "5.10.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/5.10.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "6.10.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/6.10.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "7.10.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/7.10.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "253.10.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/253.10.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "254.10.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/254.10.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| // AWS Virginia | |
| zone "1.20.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/1.20.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "2.20.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/2.20.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "4.20.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/4.20.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "5.20.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/5.20.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "7.20.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/7.20.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "8.20.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/8.20.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "253.20.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/253.20.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| zone "254.20.10.IN-ADDR.ARPA" { | |
| type master; | |
| file "master-zones/254.20.10.in-addr.arpa.zone"; | |
| notify yes; | |
| allow-update { | |
| 10.0.0.0/8; | |
| }; | |
| }; | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment