BIND : Use View Statement2020/05/03 |
This is an example to use View Statement in [named.conf].
On this example, Configure both settings for Internal Network like here and
settings for External Network like here with View Statement in [named.conf].
|
|
[1] | This example uses internal network [10.0.0.0/24], external network [172.16.0.80/29], domain name [srv.world], Replace them for your own environment. ( Actually, [172.16.0.80/29] is for private IP addresses, though. ) |
root@dlp:~#
vi /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; # comment out #include "/etc/bind/named.conf.default-zones"; # add include "/etc/bind/named.conf.internal-zones"; include "/etc/bind/named.conf.external-zones";
root@dlp:~#
vi /etc/bind/named.conf.options # add : set ACL entry for local network acl internal-network { 10.0.0.0/24; }; options { directory "/var/cache/bind"; ..... ..... # add local network set on [acl] section above # network range you allow to recieve queries from hosts allow-query { localhost; internal-network; }; # network range you allow to transfer zone files to clients # add secondary DNS servers if it exist allow-transfer { localhost; }; # add recursion range your allow recursive query allow-recursion { localhost; internal-network; }; //======================================================================= // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================= dnssec-validation auto; # if not listen IPV6, change [any] to [none] listen-on-v6 { any; }; };
root@dlp:~#
vi /etc/bind/named.conf.internal-zones
view "internal" {
# set internal network zones
match-clients {
localhost;
internal-network;
};
zone "srv.world" {
type master;
file "/etc/bind/srv.world.lan";
allow-update { none; };
};
zone "0.0.10.in-addr.arpa" {
type master;
file "/etc/bind/0.0.10.db";
allow-update { none; };
};
include "/etc/bind/named.conf.default-zones";
};
root@dlp:~#
vi /etc/bind/named.conf.external-zones view "external" { # match all except targets defined on [match-clients] on internal section match-clients { any; }; # allow all queries allow-query { any; }; # not allow recursive queries recursion no; zone "srv.world" { type master; file "/etc/bind/srv.world.wan"; allow-update { none; }; }; zone "80.0.16.172.in-addr.arpa" { type master; file "/etc/bind/80.0.16.172.db"; allow-update { none; }; }; }; |
[2] |
Sponsored Link |