View Split Config
From;
Authoritative
// VIEW BASED AUTHORITATIVE ONLY NAME SERVER FOR EXAMPLE, INC.
// MAINTAINED BY: ME MYSELF ALONE
// CHANGELOG:
// 1. 9 july 2003 - DID SOMETHING
// 2. 16 july 2003 - DID SOMETHING ELSE
// 3. 23 july 2003 - DID SOMETHING MORE
//
// GLOBAL OPTIONS
options
{
directory "/var/named";
// VERSION STATEMENT - INHIBITED FOR SECURITY
// (AVOIDS HACKING ANY KNOWN WEAKNESSES)
version "not currently available";
};
//
// LOG TO /var/log/example.log ALL EVENTS
// FROM INFO UP IN SEVERITY (NO DEBUG)
// DEFAULTS TO USE 3 FILES IN ROTATION
// BIND 8.x LOGGING MUST COME FIRST IN THIS FILE
// BIND 9.X PARSES THE WHOLE FILE BEFORE USING THE LOG
// FAILURE MESSAGES UP TO THIS POINT ARE IN (syslog)
// TYPICALLY /var/log/messages
//
logging
{
channel example_log
{
file "/var/log/named/example.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default
{
example_log;
};
};
// PROVIDE RECURSIVE QUERIES AND CACHING FOR INTERNAL USERS
view "goodguys"
{
match-clients { 192.168.0.0/24; }; // OUR NETWORK
recursion yes;
// REQUIRED ZONE FOR RECURSIVE QUERIES
zone "."
{
type hint;
file "root.servers";
};
zone "example.com"
{
type master;
// PRIVATE ZONE FILE INCLUDING LOCAL HOSTS
file "view/master.example.com.internal";
};
// REQUIRED LOCAL HOST DOMAIN
zone "localhost" in
{
type master;
file "master.localhost";
allow-update{ none; };
};
// LOCALHOST REVERSE MAP
zone "0.0.127.in-addr.arpa" in
{
type master;
file "localhost.rev";
allow-update{ none; };
};
}; // END VIEW
// EXTERNAL HOSTS VIEW
view "badguys"
{
match-clients { "any"; }; // ALL OTHER HOSTS
// recursion not supported
recursion no;
zone "example.com"
{
type master;
// ONLY PUBLIC HOSTS
file "view/master.example.com.external";
};
}; // END VIEW
Split Horizon View
// VIEW BASED GEOGRAPHIC DNS SERVER FOR EXAMPLE, INC.
// MAINTAINED BY: ME MYSELF ALONE
// CHANGELOG:
// 1. 9 july 2009 - DID SOMETHING
// 2. 16 july 2009 - DID SOMETHING ELSE
// 3. 23 july 2009 - DID SOMETHING MORE
//
// GLOBAL OPTIONS
options
{
directory "/var/named";
// VERSION STATEMENT - INHIBITED FOR SECURITY
// (AVOIDS HACKING ANY KNOWN WEAKNESSES)
version "Name is Bind, James Bind";
// AUTHORS NOTE: No IDEA WHO CAME UP WITH THE CLEVER TEXT BUT IF YOU EMAIL
// WE'D BE MORE THAN HAPPY TO CREDIT IT YOU - YOU DESERVE IT
allow-update{ none; }; // DEFAULTED IF NOT PRESENT
recursion no; // AUTHORITATIVE ONLY
};
//
// LOG TO /var/log/example.log ALL EVENTS
// FROM INFO UP IN SEVERITY (NO DEBUG)
// DEFAULTS TO USE 3 FILES IN ROTATION
// BIND 9.x PARSES THE WHOLE FILE BEFORE USING THE LOG
// FAILURE MESSAGES UP TO THIS POINT ARE IN (SYSLOG)
// TYPICALLY /var/log/messages
//
logging
{
channel example_log
{
file "/var/log/named/example.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default
{
example_log;
};
};
// MAP SERVICE TO GEOGRAPHIC ORIGINATION
view "gondor"
{
match-clients { 172.15/16; 172.14/16; }; // ORIGINATE IN GONDOR
zone "example.com"
{
type master;
// ZONE FILE WILL RETURN www.example.com = 172.15.1.1
file "view/master.example.com.gondor";
};
}; // END VIEW
view "mordor"
{
match-clients { 172.16/16; }; // ORIGINATE IN MORDOR
zone "example.com"
{
type master;
// ZONE FILE WILL RETURN www.example.com = 172.16.1.1
file "view/master.example.com.mordor";
};
}; // END VIEW
// DEFAULT FOR EVERYTHING ELSE LIES IN A DEFAULT VIEW
view "default"
{
match-clients { "any"; }; // MUST BE IN THE LAST CLAUSE
zone "example.com"
{
type master;
// ZONE FILE WILL RETURN www.example.com WITH DEFAULT (WORLDWIDE) IP
file "view/master.example.com.default";
};
};