BIND9 - named.conf.options

From wiki.1001solutions.net


This is the /etc/bind/named.conf.options files.


options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

	// forwarders {
	// 	0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { none; };
        listen-on { 127.0.0.1; 10.42.111.1; 10.42.123.1; 10.42.222.1; };
	
	// Allow queries for LANs
        allow-query { 127.0.0.1/8; 10.42.111.0/24; 10.42.123.0/24; 10.42.222.0/24; };

        // Allow recursive queries for LANs
        allow-recursion { 127.0.0.1/8; 10.42.111.0/24; 10.42.123.0/24; 10.42.222.0/24; };

        // Don't expose Bind9 version.
        version none;


};