BIND : Use View Statement2024/04/29 |
This is an example to use View Statement in [named.conf]. On this example, Configure both settings for Internal Network like here and settings for External Network like here with View Statement in [named.conf]. |
|
[1] | This example uses internal network [10.0.0.0/24], external network [172.16.0.80/29], domain name [srv.world], Replace them for your own environment. ( Actually, [172.16.0.80/29] is for private IP addresses, though. ) |
root@dlp:~#
vi /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; // comment out //include "/etc/bind/named.conf.default-zones"; // add include "/etc/bind/named.conf.internal-zones"; include "/etc/bind/named.conf.external-zones";
root@dlp:~#
vi /etc/bind/named.conf.options // add : set ACL entry for local network acl internal-network { 10.0.0.0/24; }; options { directory "/var/cache/bind"; ..... ..... // add local network set on [acl] section above // network range you allow to recieve queries from hosts allow-query { localhost; internal-network; }; // network range you allow to transfer zone files to clients // add secondary DNS servers if it exist allow-transfer { localhost; }; // add recursion range your allow recursive query allow-recursion { localhost; internal-network; }; //======================================================================= // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================= dnssec-validation auto; // if not listen IPV6, change [any] to [none] listen-on-v6 { any; }; };
root@dlp:~#
vi /etc/bind/named.conf.internal-zones
view "internal" {
// set internal network zones
match-clients {
localhost;
internal-network;
};
zone "srv.world" {
type primary;
file "/etc/bind/srv.world.lan";
allow-update { none; };
};
zone "0.0.10.in-addr.arpa" {
type primary;
file "/etc/bind/0.0.10.db";
allow-update { none; };
};
include "/etc/bind/named.conf.default-zones";
};
root@dlp:~#
vi /etc/bind/named.conf.external-zones view "external" { // match all except targets defined on [match-clients] on internal section match-clients { any; }; // allow all queries allow-query { any; }; // not allow recursive queries recursion no; zone "srv.world" { type primary; file "/etc/bind/srv.world.wan"; allow-update { none; }; }; zone "80.0.16.172.in-addr.arpa" { type primary; file "/etc/bind/80.0.16.172.db"; allow-update { none; }; }; }; |
[2] |
For configuration of each Zone files set in [named.conf] above, refer to here. |
Sponsored Link |