DNS Views Config
Authoritative
// VIEW BASED AUTHORITATIVE ONLY NAME SERVER for EXAMPLE, INC.
// maintained by: me myself alone
// CHANGELOG:
// 1. 9 july 2003 - did something
// 2. 16 july 2003 - did something else
// 3. 23 july 2003 - did something more
//
// global options
options
{
directory "/var/named";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "not currently available";
};
Logging
// log to /var/log/example.log all events
// from info UP in severity (no debug)
// defaults to use 3 files in rotation
// BIND 8.x logging MUST COME FIRST in this file
// BIND 9.x parses the whole file before using the log
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
logging
{
channel example_log
{
file "/var/log/named/example.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default{
example_log;
};
};
// provide recursive queries and caching for internal users
view "goodguys"
{
match-clients { 192.168.0.0/24; }; // our network
recursion yes;
// required zone for recursive queries
zone "."
{
type hint;
file "root.servers";
};
zone "example.com"
{
type master;
// private zone file including local hosts
file "view/master.example.com.internal";
};
// required local host domain
zone "localhost" in
{
type master;
file "master.localhost";
allow-update{none;};
};
// localhost reverse map
zone "0.0.127.in-addr.arpa" in
{
type master;
file "localhost.rev";
allow-update{none;};
};
}; // end view
Bad Guys
// external hosts view
view "badguys"
{
match-clients {"any"; }; // all other hosts
// recursion not supported
recursion no;
zone "example.com"
{
type master;
// only public hosts
file "view/master.example.com.external";
};
}; // end view
Split Horizon View
// VIEW BASED GEOGRAPHIC DNS SERVER for EXAMPLE, INC.
// maintained by: me myself alone
// CHANGELOG:
// 1. 9 july 2009 - did something
// 2. 16 july 2009 - did something else
// 3. 23 july 2009 - did something more
//
// global options
options
{
directory "/var/named";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "Name is Bind, James Bind";
// authors note: No idea who came up with the clever text but if you email
// we'd be more than happy to credit it you - you deserve it
allow-update{none;}; // defaulted if not present
recursion no; // authoritative only
};
// log to /var/log/example.log all events
// from info UP in severity (no debug)
// defaults to use 3 files in rotation
// BIND 9.x parses the whole file before using the log
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
logging
{
channel example_log
{
file "/var/log/named/example.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default
{
example_log;
};
};
// map service to geographic origination
view "gondor"
{
match-clients { 172.15/16; 172.14/16; }; // originate in gondor
zone "example.com"
{
type master;
// zone file will return www.example.com = 172.15.1.1
file "view/master.example.com.gondor";
};
}; // end view
view "mordor"
{
match-clients { 172.16/16; }; // originate in mordor
zone "example.com" {
type master;
// zone file will return www.example.com = 172.16.1.1
file "view/master.example.com.mordor";
};
}; // end view
// default for everything else lies in a default view
view "default"
{
match-clients { "any"; }; // must be in the last clause
zone "example.com"
{
type master;
// zone file will return www.example.com with default (worldwide) IP
file "view/master.example.com.default";
};
};