# Only define the known VLAN subnets as trusted acl "trusted" { 10.1.0.0/24; # LAN 10.1.1.0/24; # SERVERS 10.1.2.0/24; # TRUSTED 10.1.3.0/24; # IOT 10.1.4.0/24; # VIDEO 192.168.2.0/24; # GUEST 10.0.11.0/24; # WIREGUARD 10.5.0.0/24; # CONTAINERS }; options { directory "/var/cache/bind"; listen-on { 127.0.0.1; 10.5.0.3; }; allow-recursion { trusted; }; allow-transfer { none; }; allow-update { none; }; }; logging { channel stdout { stderr; severity info; print-category yes; print-severity yes; print-time yes; }; category security { stdout; }; category dnssec { stdout; }; category default { stdout; }; }; include "/etc/bind/rndc.key"; include "/etc/bind/externaldns.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; zone "unifi." { type master; file "/etc/bind/zones/db.unifi"; }; zone "jahanson.tech." { type master; file "/etc/bind/zones/db.jahanson.tech"; }; zone "hsn.dev." { type master; file "/etc/bind/zones/db.hsn.dev"; journal "/var/cache/bind/db.hsn.dev.jnl"; allow-transfer { key "externaldns"; }; update-policy { grant externaldns zonesub ANY; }; }; zone "1.10.in-addr.arpa." { type master; file "/etc/bind/zones/db.1.10.in-addr.arpa"; };