// This is the primary configuration file for the BIND DNS server named. # This machine (192.168.0.2) is a bogus DNS server server 192.168.0.2 { bogus yes; }; options { # Specify the bind directory (/etc/, /etc/bind/, whatever) directory "/etc/"; # Specify the pid file (needed for chroot setups) pid-file "/var/run/named.pid"; // If there is a firewall between you and nameservers you want // to talk to, you might need to uncomment the query-source // directive below. Previous versions of BIND always asked // questions using port 53, but BIND 8.1 and later use an unprivileged // port by default. // query-source address * port 53; // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; auth-nxdomain no; # conform to RFC1035 ## Allow access from unregistered network (10.10.0.0/16) and localhost allow-query { 10.10.0.0/16; 127.0.0.1; }; allow-recursion { 10.10.0.0/16; 127.0.0.1; }; allow-transfer { none; }; }; ## rndc stuff (man rndc) include "rndc.key"; controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { rndc_key; }; }; ## custom logging (needed for chroot setup) logging { channel logdefault { severity debug 3; file "/var/log/named.log" versions 3 size 20m; print-time yes; print-category yes; }; category default { logdefault; }; }; // prime the server with knowledge of the root servers //zone "." { // type hint; // file "db.root"; //}; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "db.local"; }; zone "127.in-addr.arpa" { type master; file "db.127"; }; zone "0.in-addr.arpa" { type master; file "db.0"; }; zone "255.in-addr.arpa" { type master; file "db.255"; }; ## Forward queries to the real DNS servers (192.168.0.3 and 192.168.0.4) ## Allowed Windows zones zone "microsoft.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "windows.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "windows.net" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "windowsupdate.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "windowsupdate.net" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "msft.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "msft.net" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "nsatc.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "nsatc.net" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "edgesuite.net" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "akadns.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "akadns.net" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "akamai.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "akamai.net" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; ## Allowed Apple zones zone "apple.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "akamaitechnologies.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; # Allowed Linux zones zone "debian.org" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "redhat.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "rpmfind.net" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "kernel.org" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; # Allowed BIOS zones zone "dell.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "sony.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "gateway.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; # Allowed antivirus zones zone "symantec.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "symantecliveupdate.com" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "d4p.net" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; zone "speedera.net" { type forward; forwarders { 192.168.0.3; 192.168.0.4; }; forward only; }; # Wildcard zone zone "." { type master; file "db.wildcard"; };