Our (modest) initial goal was to set up a couple of name servers, with a very basic configuration, and get them to do their job, without caring much about security, logging or advanced features like delegation, dynamic update or views. Since we have examined configuration and zone data files one piece at a time, you may find it useful to have a look at them as a whole.
options {
directory "/";
};
zone "kernel-panic.it" {
type master;
file "master/db.kernel-panic.it";
};
zone "240.16.172.in-addr.arpa" {
type master;
file "master/db.172.16.240";
};
zone "250.16.172.in-addr.arpa" {
type master;
file "master/db.172.16.250";
};
zone "3.2.1.in-addr.arpa" {
type master;
file "master/db.1.2.3";
};
# Loopback address
zone "localhost" {
type master;
file "master/db.localhost";
};
zone "127.in-addr.arpa" {
type master;
file "master/db.127";
};
# Special zones
zone "255.in-addr.arpa" {
type master;
file "master/db.255";
};
zone "0.in-addr.arpa" {
type master;
file "master/db.0";
};
# Root zone
zone "." {
type hint;
file "master/root.hint";
};
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Mail exchangers
IN MX 0 mail.kernel-panic.it.
IN MX 10 mail.provider.com.
; Addresses for the canonical names
mail IN A 172.16.240.150
proxy IN A 172.16.240.151
www1 IN A 172.16.240.152
www2 IN A 172.16.240.153
dns1 IN A 172.16.240.154
dns2 IN A 172.16.240.155
mickey IN A 172.16.0.200
IN A 172.16.240.200
minnie IN A 172.16.0.201
IN A 172.16.240.201
donald IN A 172.16.240.100
IN A 172.16.250.100
daisy IN A 172.16.240.101
IN A 172.16.250.101
fw-int IN A 172.16.0.202
IN A 172.16.240.202
fw-ext IN A 172.16.240.102
IN A 172.16.250.102
router IN A 172.16.250.1
IN A 1.2.3.4
; Aliases
mk IN CNAME mickey
mn IN CNAME minnie
dn IN CNAME donald
ds IN CNAME daisy
fw1 IN CNAME fw-int
fw2 IN CNAME fw-ext
; Interface specific names
mk-lan IN A 172.16.0.200
mk-dmz IN A 172.16.240.200
mn-lan IN A 172.16.0.201
mn-dmz IN A 172.16.240.201
dn-dmz IN A 172.16.240.100
dn-ext IN A 172.16.250.100
ds-dmz IN A 172.16.240.101
ds-ext IN A 172.16.250.101
fw1-lan IN A 172.16.0.202
fw1-dmz IN A 172.16.240.202
fw2-dmz IN A 172.16.240.102
fw2-ext IN A 172.16.250.102
router-int IN A 172.16.250.1
router-ext IN A 1.2.3.4
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses (pointing to canonical names)
100 IN PTR donald.kernel-panic.it.
101 IN PTR daisy.kernel-panic.it.
102 IN PTR fw-ext.kernel-panic.it.
150 IN PTR mail.kernel-panic.it.
151 IN PTR proxy.kernel-panic.it.
152 IN PTR www1.kernel-panic.it.
153 IN PTR www2.kernel-panic.it.
154 IN PTR dns1.kernel-panic.it.
155 IN PTR dns2.kernel-panic.it.
200 IN PTR mickey.kernel-panic.it.
201 IN PTR minnie.kernel-panic.it.
202 IN PTR fw-int.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses (pointing to canonical names)
1 IN PTR router.kernel-panic.it.
100 IN PTR donald.kernel-panic.it.
101 IN PTR daisy.kernel-panic.it.
102 IN PTR fw-ext.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses (pointing to canonical names)
4 IN PTR router.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses for the canonical names
IN A 127.0.0.1
IN AAAA ::1
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses (pointing to canonical names)
1.0.0 IN PTR localhost.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; formerly NS.INTERNIC.NET . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 ; FORMERLY NS1.ISI.EDU . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 ; FORMERLY C.PSI.NET . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; FORMERLY TERP.UMD.EDU . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D ; FORMERLY NS.NASA.GOV . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; FORMERLY NS.ISC.ORG . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F ; FORMERLY NS.NIC.DDN.MIL . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; FORMERLY AOS.ARL.ARMY.MIL . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 ; FORMERLY NIC.NORDU.NET . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 ; OPERATED BY VERISIGN, INC. . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 ; OPERATED BY RIPE NCC . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 ; OPERATED BY ICANN . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; OPERATED BY WIDE . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
options {
directory "/";
};
zone "kernel-panic.it" {
type slave;
masters { 172.16.240.154; };
file "slave/bak.kernel-panic.it";
};
zone "240.16.172.in-addr.arpa" {
type slave;
masters { 172.16.240.154; };
file "slave/bak.172.16.240";
};
zone "250.16.172.in-addr.arpa" {
type slave;
masters { 172.16.240.154; };
file "slave/bak.172.16.250";
};
zone "3.2.1.in-addr.arpa" {
type slave;
masters { 172.16.240.154; };
file "slave/bak.1.2.3";
};
# Loopback address
zone "localhost" {
type master;
file "master/db.localhost";
};
zone "127.in-addr.arpa" {
type master;
file "master/db.127";
};
# Special zones
zone "255.in-addr.arpa" {
type master;
file "master/db.255";
};
zone "0.in-addr.arpa" {
type master;
file "master/db.0";
};
# Root zone
zone "." {
type hint;
file "master/root.hint";
};
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses for the canonical names
IN A 127.0.0.1
IN AAAA ::1
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses (pointing to canonical names)
1.0.0 IN PTR localhost.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
;formerly NS.INTERNIC.NET . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; formerly NS1.ISI.EDU . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 ; formerly C.PSI.NET . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; formerly TERP.UMD.EDU . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 ; formerly NS.NASA.GOV . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; formerly NS.ISC.ORG . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 ; formerly NS.NIC.DDN.MIL . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; formerly AOS.ARL.ARMY.MIL . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 ; formerly NIC.NORDU.NET . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 ; operated by VeriSign, Inc. . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 ; operated by RIPE NCC . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 ; operated by ICANN . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12 ; operated by WIDE . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
Once we had our name servers working, we decided to get into the serious stuff and configure some of Bind's most useful features, like delegation, views, logging, dynamic update and TSIG. Below are the complete configuration and zone data files.
/******************************************************************************
* This is the primary master name server for the "kernel-panic.it" zone. *
* It accepts queries from both external and DMZ hosts, but uses different *
* namespaces. It accepts zone transfer requests only from the ISP's name *
* servers, the DMZ secondary master and the LAN name servers. *
******************************************************************************/
/* TSIG keys ******************************************************************/
key dns1-dns2.kernel-panic.it. {
algorithm hmac-md5;
secret "7U86ip+B+SRYirLGm4lxfg==";
};
key dns1-dns1.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "bvVFyHOWV/YjIdBbpAJZWQ==";
};
key dns1-dns2.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "1sMX8Xs5zEhpekJDyyNTDA==";
};
/* ACLs ***********************************************************************/
acl "dmz" {
127/8; 172.16.240/24;
};
acl "isp-ns" {
1.2.3.5; 1.2.3.6;
};
acl "dmz-slaves" {
key dns1-dns2.kernel-panic.it.;
};
acl "lan-slaves" {
key dns1-dns1.lan.kernel-panic.it.;
key dns1-dns2.lan.kernel-panic.it.;
};
/* rndc configuration *********************************************************/
key "rndc-key" {
algorithm hmac-md5;
secret "Hp3cRzIhGLuzdPw53M2pHw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { "rndc-key"; };
};
/* Options ********************************************************************/
options {
directory "/";
version "Go hack yourself!";
};
/* Logging ********************************************************************/
logging {
channel security_channel {
file "log/security.log";
severity debug;
print-time yes;
print-category yes;
print-severity yes;
};
channel default {
syslog local0;
severity info;
print-category yes;
print-severity yes;
}
category security {
security_channel;
default;
};
category lame-servers { null; };
category default { default; };
};
/* Authoritative zones ********************************************************/
view "dmz" {
match-clients { "dmz"; };
allow-transfer { "dmz-slaves"; "lan-slaves"; };
recursion yes;
zone "kernel-panic.it" {
type master;
file "master/db.kernel-panic.it";
};
zone "240.16.172.in-addr.arpa" {
type master;
file "master/db.172.16.240";
};
zone "250.16.172.in-addr.arpa" {
type master;
file "master/db.172.16.250";
};
zone "3.2.1.in-addr.arpa" {
type master;
file "master/db.1.2.3";
};
# Loopback address
zone "localhost" {
type master;
file "master/db.localhost";
};
zone "127.in-addr.arpa" {
type master;
file "master/db.127";
};
# Special zones
zone "255.in-addr.arpa" {
type master;
file "master/db.255";
};
zone "0.in-addr.arpa" {
type master;
file "master/db.0";
};
# Root zone
zone "." {
type hint;
file "master/root.hint";
};
};
view "internet" {
match-clients { any; };
allow-transfer { "isp-ns"; };
recursion no;
zone "kernel-panic.it" {
type master;
file "master/db.kernel-panic.it.shadow";
};
zone "3.2.1.in-addr.arpa" {
type master;
file "master/db.1.2.3.shadow";
};
};
options {
default-server localhost;
default-port 953;
default-key "rndc-key";
};
server localhost {
key "rndc-key";
};
key "rndc-key" {
algorithm hmac-md5;
secret "Hp3cRzIhGLuzdPw53M2pHw==";
};
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Mail exchangers
IN MX 0 mail.kernel-panic.it.
IN MX 10 mail.provider.com.
; Delegated zone
lan IN NS dns1.lan.kernel-panic.it.
IN NS dns2.lan.kernel-panic.it.
dns1.lan IN A 172.16.0.161
dns2.lan IN A 172.16.0.162
; Addresses for the canonical names
mail IN A 172.16.240.150
proxy IN A 172.16.240.151
www1 IN A 172.16.240.152
www2 IN A 172.16.240.153
dns1 IN A 172.16.240.154
dns2 IN A 172.16.240.155
mickey IN A 172.16.0.200
IN A 172.16.240.200
minnie IN A 172.16.0.201
IN A 172.16.240.201
donald IN A 172.16.240.100
IN A 172.16.250.100
daisy IN A 172.16.240.101
IN A 172.16.250.101
fw-int IN A 172.16.0.202
IN A 172.16.240.202
fw-ext IN A 172.16.240.102
IN A 172.16.250.102
router IN A 172.16.250.1
IN A 1.2.3.4
; Aliases
mk IN CNAME mickey
mn IN CNAME minnie
dn IN CNAME donald
ds IN CNAME daisy
fw1 IN CNAME fw-int
fw2 IN CNAME fw-ext
; Interface specific names
mk-lan IN A 172.16.0.200
mk-dmz IN A 172.16.240.200
mn-lan IN A 172.16.0.201
mn-dmz IN A 172.16.240.201
dn-dmz IN A 172.16.240.100
dn-ext IN A 172.16.250.100
ds-dmz IN A 172.16.240.101
ds-ext IN A 172.16.250.101
fw1-lan IN A 172.16.0.202
fw1-dmz IN A 172.16.240.202
fw2-dmz IN A 172.16.240.102
fw2-ext IN A 172.16.250.102
router-int IN A 172.16.250.1
router-ext IN A 1.2.3.4
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses (pointing to canonical names)
100 IN PTR donald.kernel-panic.it.
101 IN PTR daisy.kernel-panic.it.
102 IN PTR fw-ext.kernel-panic.it.
150 IN PTR mail.kernel-panic.it.
151 IN PTR proxy.kernel-panic.it.
152 IN PTR www1.kernel-panic.it.
153 IN PTR www2.kernel-panic.it.
154 IN PTR dns1.kernel-panic.it.
155 IN PTR dns2.kernel-panic.it.
200 IN PTR mickey.kernel-panic.it.
201 IN PTR minnie.kernel-panic.it.
202 IN PTR fw-int.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses (pointing to canonical names)
1 IN PTR router.kernel-panic.it.
100 IN PTR donald.kernel-panic.it.
101 IN PTR daisy.kernel-panic.it.
102 IN PTR fw-ext.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Mail exchangers
IN MX 0 mail.kernel-panic.it.
IN MX 10 mail.provider.com.
; Addresses (pointing to canonical names)
4 IN PTR router.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses for the canonical names
IN A 127.0.0.1
IN AAAA ::1
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses (pointing to canonical names)
1.0.0 IN PTR localhost.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
$TTL 1d
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns.kernel-panic.it.
IN NS dns.provider.com.
; Mail exchangers
IN MX 0 mail.kernel-panic.it.
IN MX 10 mail.provider.com.
; Addresses for the canonical names
IN A 1.2.3.4
; Aliases
www IN CNAME kernel-panic.it.
mail IN CNAME kernel-panic.it.
dns IN CNAME kernel-panic.it.
; Deault mail exchangers
* IN MX 0 mail.kernel-panic.it.
IN MX 10 mail.provider.com.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns.provider.com.
; Addresses (pointing to canonical names)
4 IN PTR kernel-panic.it.
/******************************************************************************
* This is the secondary master name server for the "kernel-panic.it" zone. *
* It accepts queries only from DMZ hosts and zone transfer requests from the *
* ISP's name servers and the LAN name servers. *
******************************************************************************/
/* TSIG keys ******************************************************************/
key dns1-dns2.kernel-panic.it. {
algorithm hmac-md5;
secret "7U86ip+B+SRYirLGm4lxfg==";
};
key dns2-dns1.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "uyUkoNVWKxah/Zr+Xcd8vQ==";
};
key dns2-dns2.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "Y2hqf7mCvqnQf8UFOJ2CyA==";
};
server 172.16.240.154 {
keys { dns1-dns2.kernel-panic.it.; };
};
/* ACLs ***********************************************************************/
acl "dmz" {
127/8; 172.16.240/24;
};
acl "isp-ns" {
1.2.3.5; 1.2.3.6;
};
acl "lan-slaves" {
key dns2-dns1.lan.kernel-panic.it.;
key dns2-dns2.lan.kernel-panic.it.;
};
/* rndc configuration *********************************************************/
key "rndc-key" {
algorithm hmac-md5;
secret "3F5oVjZ2fRE/7x2NPy8rZA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { "rndc-key"; };
};
/* Options ********************************************************************/
options {
directory "/";
version "Go hack yourself!";
allow-query { "dmz"; };
allow-transfer { "isp-ns"; "lan-slaves"; };
recursion yes;
};
/* Logging ********************************************************************/
logging {
channel security_channel {
file "log/security.log";
severity debug;
print-time yes;
print-category yes;
print-severity yes;
};
channel default {
syslog local0;
severity info;
print-category yes;
print-severity yes;
}
category security {
security_channel;
default;
};
category lame-servers { null; };
category default { default; };
};
/* Authoritative zones ********************************************************/
zone "kernel-panic.it" {
type slave;
masters { 172.16.240.154; };
file "slave/bak.kernel-panic.it";
};
zone "240.16.172.in-addr.arpa" {
type slave;
masters { 172.16.240.154; };
file "slave/bak.172.16.240";
};
zone "250.16.172.in-addr.arpa" {
type slave;
masters { 172.16.240.154; };
file "slave/bak.172.16.250";
};
zone "3.2.1.in-addr.arpa" {
type slave;
masters { 172.16.240.154; };
file "slave/bak.1.2.3";
};
# Loopback address
zone "localhost" {
type master;
file "master/db.localhost";
};
zone "127.in-addr.arpa" {
type master;
file "master/db.127";
};
# Special zones
zone "255.in-addr.arpa" {
type master;
file "master/db.255";
};
zone "0.in-addr.arpa" {
type master;
file "master/db.0";
};
# Root zone
zone "." {
type hint;
file "master/root.hint";
};
options {
default-server localhost;
default-port 953;
default-key "rndc-key";
};
server localhost {
key "rndc-key";
};
key "rndc-key" {
algorithm hmac-md5;
secret "3F5oVjZ2fRE/7x2NPy8rZA==";
};
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses for the canonical names
IN A 127.0.0.1
IN AAAA ::1
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses (pointing to canonical names)
1.0.0 IN PTR localhost.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
/******************************************************************************
* This is the primary master name server for the "lan.kernel-panic.it" zone *
* and a secondary master name server for the "kernel-panic.it" zone. *
* It accepts queries from internal hosts and zone transfers requests only *
* from the LAN secondary master. The DHCP server can dynamically update *
* clients resource records. *
******************************************************************************/
/* TSIG keys ******************************************************************/
key dns1-dns1.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "bvVFyHOWV/YjIdBbpAJZWQ==";
};
key dns2-dns1.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "uyUkoNVWKxah/Zr+Xcd8vQ==";
};
key dns1.lan-dns2.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "Cn0Xj2v6u7CGNeRSIfS1JQ==";
};
key dns1.lan-dhcp.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "9+MU2qJwwl9nk7ptG84kpQ==";
};
server 172.16.240.154 {
keys { dns1-dns1.lan.kernel-panic.it.; };
};
server 172.16.240.155 {
keys { dns2-dns1.lan.kernel-panic.it.; };
};
/* ACLs ***********************************************************************/
acl "dmz" {
172.16.240/24;
};
acl "lan" {
127/8; 172.16.0/24;
};
acl "lan-slaves" {
key dns1.lan-dns2.lan.kernel-panic.it.;
};
/* rndc configuration *********************************************************/
key "rndc-key" {
algorithm hmac-md5;
secret "D6P3H5E+cWyeuSVEMZH5+Q==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { "rndc-key"; };
};
/* Options ********************************************************************/
options {
directory "/";
version "Go hack yourself!";
allow-query { "dmz"; "lan"; };
allow-transfer { "lan-slaves"; };
recursion no;
};
/* Logging ********************************************************************/
logging {
channel security_channel {
file "log/security.log";
severity debug;
print-time yes;
print-category yes;
print-severity yes;
};
channel default {
syslog local0;
severity info;
print-category yes;
print-severity yes;
}
category security {
security_channel;
default;
};
category lame-servers { null; };
category default { default; };
};
/* Authoritative zones ********************************************************/
zone "lan.kernel-panic.it" {
type master;
file "master/db.lan.kernel-panic.it";
update-policy { grant dns1.lan-dhcp.lan.kernel-panic.it.
subdomain lan.kernel-panic.it. A; };
notify yes;
};
zone "0.16.172.in-addr.arpa" {
type master;
file "master/db.172.16.0";
};
zone "kernel-panic.it" {
type slave;
masters { 172.16.240.154; 172.16.240.155; };
file "slave/bak.kernel-panic.it";
};
zone "240.16.172.in-addr.arpa" {
type slave;
masters { 172.16.240.154; 172.16.240.155; };
file "slave/bak.172.16.240";
};
zone "250.16.172.in-addr.arpa" {
type slave;
masters { 172.16.240.154; 172.16.240.155; };
file "slave/bak.172.16.250";
};
zone "3.2.1.in-addr.arpa" {
type slave;
masters { 172.16.240.154; 172.16.240.155; };
file "slave/bak.1.2.3";
};
# Loopback address
zone "localhost" {
type master;
file "master/db.localhost";
};
zone "127.in-addr.arpa" {
type master;
file "master/db.127";
};
# Special zones
zone "255.in-addr.arpa" {
type master;
file "master/db.255";
};
zone "0.in-addr.arpa" {
type master;
file "master/db.0";
};
options {
default-server localhost;
default-port 953;
default-key "rndc-key";
};
server localhost {
key "rndc-key";
};
key "rndc-key" {
algorithm hmac-md5;
secret "D6P3H5E+cWyeuSVEMZH5+Q==";
};
$TTL 3h
@ IN SOA dns1.lan.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.lan.kernel-panic.it.
IN NS dns2.lan.kernel-panic.it.
; Mail exchangers
IN MX 0 mail.kernel-panic.it.
IN MX 10 mail.provider.com.
; Addresses for the canonical names
file IN A 172.16.0.160
dns1 IN A 172.16.0.161
dns2 IN A 172.16.0.162
dhcp IN A 172.16.0.163
$TTL 3h
@ IN SOA dns1.lan.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.lan.kernel-panic.it.
IN NS dns2.lan.kernel-panic.it.
; Addresses (pointing to canonical names)
160 IN PTR file.lan.kernel-panic.it.
161 IN PTR dns1.lan.kernel-panic.it.
162 IN PTR dns2.lan.kernel-panic.it.
163 IN PTR dhcp.lan.kernel-panic.it.
200 IN PTR mickey.kernel-panic.it.
201 IN PTR minnie.kernel-panic.it.
202 IN PTR fw-int.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses for the canonical names
IN A 127.0.0.1
IN AAAA ::1
$TTL 3h
@ IN SOA dns1.lan.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.lan.kernel-panic.it.
IN NS dns2.lan.kernel-panic.it.
; Addresses (pointing to canonical names)
1.0.0 IN PTR localhost.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
/******************************************************************************
* This is a secondary master name server for the "lan.kernel-panic.it" and *
* "kernel-panic.it" zones. It accepts queries only from internal hosts. *
******************************************************************************/
/* TSIG keys ******************************************************************/
key dns1-dns2.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "1sMX8Xs5zEhpekJDyyNTDA==";
};
key dns2-dns2.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "Y2hqf7mCvqnQf8UFOJ2CyA==";
};
key dns1.lan-dns2.lan.kernel-panic.it. {
algorithm hmac-md5;
secret "Cn0Xj2v6u7CGNeRSIfS1JQ==";
};
server 172.16.240.154 {
keys { dns1-dns2.lan.kernel-panic.it.; };
};
server 172.16.240.155 {
keys { dns2-dns2.lan.kernel-panic.it.; };
};
server 172.16.0.161 {
keys { dns1.lan-dns2.lan.kernel-panic.it.; };
};
/* ACLs ***********************************************************************/
acl "dmz" {
172.16.240/24;
};
acl "lan" {
127/8; 172.16.0/24;
};
/* rndc configuration *********************************************************/
key "rndc-key" {
algorithm hmac-md5;
secret "vb5zPXhAfsJx+5zl4cC5Xg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { "rndc-key"; };
};
/* Options ********************************************************************/
options {
directory "/";
version "Go hack yourself!";
allow-query { "dmz"; "lan"; };
allow-transfer { none; };
recursion no;
};
/* Logging ********************************************************************/
logging {
channel security_channel {
file "log/security.log";
severity debug;
print-time yes;
print-category yes;
print-severity yes;
};
channel default {
syslog local0;
severity info;
print-category yes;
print-severity yes;
}
category security {
security_channel;
default;
};
category lame-servers { null; };
category default { default; };
};
/* Authoritative zones ********************************************************/
zone "lan.kernel-panic.it" {
type slave;
masters { 172.16.0.161; };
file "slave/bak.lan.kernel-panic.it";
};
zone "0.16.172.in-addr.arpa" {
type slave;
masters { 172.16.0.161; };
file "slave/bak.172.16.0";
};
zone "kernel-panic.it" {
type slave;
masters { 172.16.240.154; 172.16.240.155; };
file "slave/bak.kernel-panic.it";
};
zone "240.16.172.in-addr.arpa" {
type slave;
masters { 172.16.240.154; 172.16.240.155; };
file "slave/bak.172.16.240";
};
zone "250.16.172.in-addr.arpa" {
type slave;
masters { 172.16.240.154; 172.16.240.155; };
file "slave/bak.172.16.250";
};
zone "3.2.1.in-addr.arpa" {
type slave;
masters { 172.16.240.154; 172.16.240.155; };
file "slave/bak.1.2.3";
};
# Loopback address
zone "localhost" {
type master;
file "master/db.localhost";
};
zone "127.in-addr.arpa" {
type master;
file "master/db.127";
};
# Special zones
zone "255.in-addr.arpa" {
type master;
file "master/db.255";
};
zone "0.in-addr.arpa" {
type master;
file "master/db.0";
};
options {
default-server localhost;
default-port 953;
default-key "rndc-key";
};
server localhost {
key "rndc-key";
};
key "rndc-key" {
algorithm hmac-md5;
secret "vb5zPXhAfsJx+5zl4cC5Xg==";
};
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
; Addresses for the canonical names
IN A 127.0.0.1
IN AAAA ::1
$TTL 3h
@ IN SOA dns1.lan.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.lan.kernel-panic.it.
IN NS dns2.lan.kernel-panic.it.
; Addresses (pointing to canonical names)
1.0.0 IN PTR localhost.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.
$TTL 3h
@ IN SOA dns1.kernel-panic.it. danix.kernel-panic.it. (
2007020601 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL of 1 hour
; Name servers
IN NS dns1.kernel-panic.it.
IN NS dns2.kernel-panic.it.