68 lines
1.2 KiB
Text
68 lines
1.2 KiB
Text
# Only define the known VLAN subnets as trusted
|
|
acl "trusted" {
|
|
10.1.0.0/24; # LAN
|
|
10.1.1.0/24; # SERVERS
|
|
10.1.2.0/24; # TRUSTED
|
|
10.1.3.0/24; # IOT
|
|
10.1.4.0/24; # VIDEO
|
|
192.168.2.0/24; # GUEST
|
|
10.0.11.0/24; # WIREGUARD
|
|
10.5.0.0/24; # CONTAINERS
|
|
};
|
|
|
|
options {
|
|
directory "/var/cache/bind";
|
|
listen-on { 127.0.0.1; 10.5.0.3; };
|
|
|
|
allow-recursion {
|
|
trusted;
|
|
};
|
|
allow-transfer {
|
|
none;
|
|
};
|
|
allow-update {
|
|
none;
|
|
};
|
|
};
|
|
|
|
logging {
|
|
channel stdout {
|
|
stderr;
|
|
severity info;
|
|
print-category yes;
|
|
print-severity yes;
|
|
print-time yes;
|
|
};
|
|
category security { stdout; };
|
|
category dnssec { stdout; };
|
|
category default { stdout; };
|
|
};
|
|
|
|
include "/etc/bind/rndc.key";
|
|
include "/etc/bind/externaldns.key";
|
|
|
|
controls {
|
|
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
|
|
};
|
|
|
|
zone "unifi." {
|
|
type master;
|
|
file "/etc/bind/zones/db.unifi";
|
|
};
|
|
|
|
zone "jahanson.tech." {
|
|
type master;
|
|
file "/etc/bind/zones/db.jahanson.tech";
|
|
journal "/var/cache/bind/db.jahanson.tech.jnl";
|
|
allow-transfer {
|
|
key "externaldns";
|
|
};
|
|
update-policy {
|
|
grant externaldns zonesub ANY;
|
|
};
|
|
};
|
|
|
|
zone "1.10.in-addr.arpa." {
|
|
type master;
|
|
file "/etc/bind/zones/db.1.10.in-addr.arpa";
|
|
};
|