/*
 * Refer to the named.conf(5) and named(8) man pages, and the documentation
 * in /usr/share/doc/bind-9 for more details.
 * Online versions of the documentation can be found here:
 * http://www.isc.org/software/bind/documentation
 *
 * If you are going to set up an authoritative server, make sure you
 * understand the hairy details of how DNS works. Even with simple mistakes,
 * you can break connectivity for affected parties, or cause huge amounts of
 * useless Internet traffic.
 */

acl "xfer" {
    /* Deny transfers by default except for the listed hosts.
     * If we have other name servers, place them here.
     */
    none;
};

/*
 * You might put in here some ips which are allowed to use the cache or
 * recursive queries
 */
acl "trusted" {
    127.0.0.0/8;
    192.168.2.0/24;
    ::1/128;
};

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forward first;
        forwarders {
        //	207.164.234.129;	// Your ISP NS
        //	207.164.234.193;	// Your ISP NS
        //	4.2.2.1;		// Level3 Public DNS
        //	4.2.2.2;		// Level3 Public DNS
            8.8.8.8;		// Google Open DNS
            8.8.4.4;		// Google Open DNS
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};



logging {
    channel default_log {
        file "/var/log/named/named.log" versions 3 size 5M;
        severity notice;
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    category default { default_log; };
    category general { default_log; };
};


include "/etc/bind/rndc.key";
controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1/24; ::1/128; } keys { "rndc-key"; };
};