/* LinuxLightHouse
 named.conf BIND DNS server 'named' configuration file
 for the Red Hat BIND distribution.  */

/*

acl internals {
    10.0.0.0/24;
    127.0.0.0/8;
    localhost; 
};

*/

acl internals {
    127.0.0.0/8;
    10.0.0.0/24;
};

acl slaves {
    108.220.213.121/29;  // ws, a ghost so far..
    108.220.213.122/29;  // ws2, a ghost so far..
};

options
{
	// Put files that named is allowed to write in the data/ directory:
	directory 		"/var/named";		// "Working" directory
	dump-file 		"data/cache_dump.db";
        statistics-file 	"data/named_stats.txt";
        memstatistics-file 	"data/named_mem_stats.txt";
	secroots-file		"data/named.secroots";
	recursing-file		"data/named.recursing";

        listen-on port 53	{ 127.0.0.1; 10.0.0.1; 108.220.213.121; };
       #listen-on-v6 port 53	{ any; };

       allow-query     { localhost; 10.0.0.1; 108.220.213.121; };
       #allow-query     { localhost; 108.220.213.0/24; };
       #allow-transfer  { 108.220.213.120/29; };
       #allow-update    {  none; };

        /* allow-recursion { 10.0.0.0/24; };
        allow-recursion { any; };
         */

	/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
	/* Enable serving of DNSSEC related data - enable on both authoritative
 	   and recursive servers DNSSEC aware servers */
	dnssec-enable yes;

	/* Enable DNSSEC validation on recursive servers */
        dnssec-validation auto;

	/* In Fedora we use /run/named instead of default /var/run/named
	   so we have to configure paths properly. */
	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
	managed-keys-directory "/var/named/dynamic";

        /* In Fedora we use system-wide Crypto Policy */
        /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
        include "/etc/crypto-policies/back-ends/bind.config";

        /* use querylog all the time rndc */
        querylog yes;
};

include "/etc/rndc.key";

controls {
      inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

logging {
    channel default_file {
        file "/var/log/named/default.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel general_file {
        file "/var/log/named/general.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel database_file {
        file "/var/log/named/database.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel security_file {
        file "/var/log/named/security.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel config_file {
        file "/var/log/named/config.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel resolver_file {
        file "/var/log/named/resolver.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-in_file {
        file "/var/log/named/xfer-in.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-out_file {
        file "/var/log/named/xfer-out.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel notify_file {
        file "/var/log/named/notify.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel client_file {
        file "/var/log/named/client.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel unmatched_file {
        file "/var/log/named/unmatched.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel queries_file {
        file "/var/log/named/queries.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel network_file {
        file "/var/log/named/network.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel update_file {
        file "/var/log/named/update.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dispatch_file {
        file "/var/log/named/dispatch.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dnssec_file {
        file "/var/log/named/dnssec.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel lame-servers_file {
        file "/var/log/named/lame-servers.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };

    category default { default_file; };
    category general { general_file; };
    category database { database_file; };
    category security { security_file; };
    category config { config_file; };
    category resolver { resolver_file; };
    category xfer-in { xfer-in_file; };
    category xfer-out { xfer-out_file; };
    category notify { notify_file; };
    category client { client_file; };
    category unmatched { unmatched_file; };
    category queries { queries_file; };
    category network { network_file; };
    category update { update_file; };
    category dispatch { dispatch_file; };
    category dnssec { dnssec_file; };
    category lame-servers { lame-servers_file; };
};

view "wan-view"
{
	zone "linuxlighthouse.com" {
           type master;
           file "/var/named/linuxlighthouse.com.db";
           allow-update { none; };
	};

        zone "213.220.108.in-addr.arpa" {
           type master;
           file "/var/named/213.220.108.in-addr.arpa";
           allow-update { none; };
        };
};