include "/etc/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; options { /* make named use port 53 for the source of all queries, to allow */ // query-source port 53; recursion no; /* We no longer enable this by default as the dns posion exploit has forced many providers to open up their firewalls a bit */ // Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default pid-file "/var/run/named/named.pid"; dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; /* memstatistics-file "data/named_mem_stats.txt"; */ allow-transfer { "none"; }; }; logging { channel default_log { file "/var/log/named/named.log" versions 5 size 128M; print-time yes; print-severity yes; print-category yes; severity warning; }; category default { default_log; }; category general { default_log; }; }; // All BIND 9 zones are in a "view", which allow different zones to be served // to different types of client addresses, and for options to be set for groups // of zones. // // By default, if named.conf contains no "view" clauses, all zones are in the // "default" view, which matches all clients. // // If named.conf contains any "view" clause, then all zones MUST be in a view; // so it is recommended to start off using views to avoid having to restructure // your configuration files in the future. view "localhost_resolver" { /* This view sets up named to be a localhost resolver ( caching only nameserver ). */ match-clients { 127.0.0.0/24; }; match-destinations { localhost; }; recursion yes; zone "." IN { type hint; file "/var/named/named.ca"; }; /* these are zones that contain definitions for all the localhost */ include "/var/named/named.rfc1912.zones"; }; view "internal" { /* This view will contain zones you want to serve only to "internal" clients */ match-clients { localnets; }; match-destinations { localnets; }; recursion yes; zone "." IN { type hint; file "/var/named/named.ca"; }; // include "/var/named/named.rfc1912.zones"; // you should not serve your rfc1912 names to non-localhost clients. // These are your "authoritative" internal zones, and would probably // also be included in the "localhost_resolver" view above : zone "cloud-ci.unifiedlayer.com" { type master; file "/var/named/cloud-ci.unifiedlayer.com.db"; }; zone "vps-4103104.goatdigital.com.br" { type master; file "/var/named/vps-4103104.goatdigital.com.br.db"; }; zone "ns1.goatdigital.com.br" { type master; file "/var/named/ns1.goatdigital.com.br.db"; }; zone "ns2.goatdigital.com.br" { type master; file "/var/named/ns2.goatdigital.com.br.db"; }; zone "goatdigital.com.br" { type master; file "/var/named/goatdigital.com.br.db"; }; zone "anunciarnogoogle.goatdigital.com.br" { type master; file "/var/named/anunciarnogoogle.goatdigital.com.br.db"; }; }; view "external" { /* This view will contain zones you want to serve only to "external" clients */ recursion no; additional-from-cache no; // you'd probably want to deny recursion to external clients, so you don't // end up providing free DNS service to all takers // all views must contain the root hints zone: zone "." IN { type hint; file "/var/named/named.ca"; }; // These are your "authoritative" external zones, and would probably // contain entries for just your web and mail servers: // BEGIN external zone entries zone "cloud-ci.unifiedlayer.com" { type master; file "/var/named/cloud-ci.unifiedlayer.com.db"; }; zone "vps-4103104.goatdigital.com.br" { type master; file "/var/named/vps-4103104.goatdigital.com.br.db"; }; zone "ns1.goatdigital.com.br" { type master; file "/var/named/ns1.goatdigital.com.br.db"; }; zone "ns2.goatdigital.com.br" { type master; file "/var/named/ns2.goatdigital.com.br.db"; }; zone "goatdigital.com.br" { type master; file "/var/named/goatdigital.com.br.db"; }; zone "anunciarnogoogle.goatdigital.com.br" { type master; file "/var/named/anunciarnogoogle.goatdigital.com.br.db"; }; };