Current File : //etc/named.conf.fixrndc |
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
options {
/* make named use port 53 for the source of all queries, to allow
*/
// query-source port 53;
recursion no;
/* We no longer enable this by default as the dns posion exploit
has forced many providers to open up their firewalls a bit */
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
pid-file "/var/run/named/named.pid";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
/* memstatistics-file "data/named_mem_stats.txt"; */
allow-transfer { "none"; };
};
logging {
channel default_log {
file "/var/log/named/named.log" versions 5 size 128M;
print-time yes;
print-severity yes;
print-category yes;
severity warning;
};
category default { default_log; };
category general { default_log; };
};
view "localhost_resolver" {
*/
match-clients { 127.0.0.0/24; };
match-destinations { localhost; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
/* these are zones that contain definitions for all the localhost
*/
include "/var/named/named.rfc1912.zones";
};
view "internal" {
*/
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
// include "/var/named/named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.
// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :
zone "thikawater.co.ke" {
type master;
file "/var/named/thikawater.co.ke.db";
};
zone "server1.felltech.net" {
type master;
file "/var/named/server1.felltech.net.db";
};
zone "cashewland.co.ke" {
type master;
file "/var/named/cashewland.co.ke.db";
};
zone "felltech.net" {
type master;
file "/var/named/felltech.net.db";
};
zone "thiwasco.co.ke" {
type master;
file "/var/named/thiwasco.co.ke.db";
};
};
view "external" {
*/
recursion no;
additional-from-cache no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
// all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
// BEGIN external zone entries
zone "thikawater.co.ke" {
type master;
file "/var/named/thikawater.co.ke.db";
};
zone "server1.felltech.net" {
type master;
file "/var/named/server1.felltech.net.db";
};
zone "cashewland.co.ke" {
type master;
file "/var/named/cashewland.co.ke.db";
};
zone "felltech.net" {
type master;
file "/var/named/felltech.net.db";
};
zone "thiwasco.co.ke" {
type master;
file "/var/named/thiwasco.co.ke.db";
};
};