named.conf.local

   1 //
   2 // Do any local configuration here
   3 //
   4
   5 // Consider adding the 1918 zones here, if they are not used in your
   6 // organization
   7 //include "/etc/bind/zones.rfc1918";
   8
   9 # zone "debuntu.foo" {
  10 #        type master;
  11 #        file "debuntu.foo.db";
  12 #        notify no;
  13 #};
  14
  15 // Unfortunately, AFAICT we need to list the Linode IPs as an ACL (so they
  16 // can make the requests) *and* as masters (so they get the notify).
  17 acl "linode" {
  18     // Linode
  19     // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
  20     104.237.137.10;
  21     45.79.109.10;
  22     74.207.225.10;
  23     207.192.70.10;
  24     109.74.194.10;
  25     2600:3c00::a;
  26     2600:3c01::a;
  27     2600:3c02::a;
  28     2600:3c03::a;
  29     2a01:7e00::a;
  30     // Import
  31     // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#import-a-dns-zone
  32     96.126.114.97;
  33     96.126.114.98;
  34     2600:3c00::5e;
  35     2600:3c00::5f;
  36 };
  37
  38 masters "linode" {
  39     // Linode
  40     // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
  41     104.237.137.10;
  42     45.79.109.10;
  43     74.207.225.10;
  44     207.192.70.10;
  45     109.74.194.10;
  46     2600:3c00::a;
  47     2600:3c01::a;
  48     2600:3c02::a;
  49     2600:3c03::a;
  50     2a01:7e00::a;
  51     // Import
  52     // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#import-a-dns-zone
  53     96.126.114.97;
  54     96.126.114.98;
  55     2600:3c00::5e;
  56     2600:3c00::5f;
  57 };
  58
  59 // The actual ACL building blocks
  60 acl "transfer-allowed" {
  61     localhost;
  62     207.29.250.54;  // ???
  63     18.4.60.36;     // charon
  64     18.49.3.1;      // charon4
  65     18.25.131.1;    // charon4
  66     74.207.246.137; // arctic
  67     66.92.29.156;   // copan
  68     18.18.208.12;   // olinda
  69     18.25.129.162;  // adehnert3.xvm
  70     130.44.166.3;   // DD
  71     18.18.208.22;   // chankillo
  72     "linode";
  73 };
  74
  75 masters "primary-ns" {
  76     18.18.208.22;   // chankillo
  77 };
  78
  79 masters "secondary-ns" {
  80     18.25.129.162;  // adehnert3.xvm
  81     18.18.208.12;   // olinda
  82     linode;
  83 };
  84
  85 include "/etc/bind/named.conf.per-host";
  86
  87 zone "dynamic.dehnert.arctic.org" IN {
  88         // DNAME to the real, dynamic.dehnerts.com, zone
  89         type master;
  90         file "/etc/bind/pri/arctic-dynamic.zone";
  91         allow-update { none; };
  92         allow-transfer { "transfer-allowed"; };
  93         allow-query { any; };
  94         //notify no;
  95 };
  96
  97 zone "dehnert.arctic.org" IN {
  98         type master;
  99         file "/etc/bind/pri/combined-dehnerts.zone";
 100         allow-update { none; };
 101         allow-transfer { "transfer-allowed"; };
 102         allow-query { any; };
 103         //notify no;
 104 };
 105 zone "dehnerts.com" IN {
 106         type master;
 107         file "/etc/bind/pri/combined-dehnerts.zone";
 108         #update-policy { grant * selfsub * A TXT;};
 109         allow-update { none; };
 110         allow-transfer { "transfer-allowed"; };
 111         allow-query { any; };
 112         also-notify { "secondary-ns"; };
 113 };
 114
 115 logging {
 116     channel query.log {
 117         file "/var/log/named/query.log" versions 10 size 100M;
 118         // Set the severity to dynamic to see all the debug messages.
 119         severity debug 3;
 120         print-category yes;
 121         print-severity yes;
 122         print-time yes;
 123     };
 124
 125     category queries { query.log; };
 126 };