diff --git a/etc/bind/named.conf b/etc/bind/named.conf new file mode 100644 index 0000000..3037174 --- /dev/null +++ b/etc/bind/named.conf @@ -0,0 +1,13 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +//Logging ein oder aus +//include "/etc/bind/named.conf.logging"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; diff --git a/etc/bind/named.conf.logging b/etc/bind/named.conf.logging new file mode 100644 index 0000000..cbedabc --- /dev/null +++ b/etc/bind/named.conf.logging @@ -0,0 +1,20 @@ + +// Anlegen des Logfiles +// touch /var/log/bind-queries.log +// chown bind. /var/log/bind-queries.log + +logging { + // Alle DNS-Anfragen mitloggen + channel "all_queries" { + file "/var/log/bind-queries.log" versions 3 size 5m; + severity info; + print-time yes; + print-severity yes; + print-category yes; + }; + + category queries { + all_queries; + }; +}; + diff --git a/etc/bind/named.conf.options b/etc/bind/named.conf.options new file mode 100644 index 0000000..36a0803 --- /dev/null +++ b/etc/bind/named.conf.options @@ -0,0 +1,42 @@ +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + // forwarders { + // 0.0.0.0; + // }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + + forwarders { + 10.83.252.11; + 10.50.252.0; +// 8.8.8.8; +// 10.50.32.1; +// 10.50.32.2; +// 213.136.95.10; +// 213.136.95.10; + }; + + allow-query { + 127.0.0.1/8; + 10.0.0.0/8; + }; + + dnssec-validation auto; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { any; }; +}; +