Saturday, November 22, 2025

BIND : Use View Statement

 

BIND : Use View Statement


 

This is an example to use View Statement in [named.conf].

On this example, Configure both settings for Internal Network like here and settings for External Network like here with View Statement in [named.conf].

[1]This example uses internal network [10.0.0.0/24], external network [172.16.0.80/29], domain name [srv.world], Replace them for your own environment.
( Actually, [172.16.0.80/29] is for private IP addresses, though. )
root@dlp:~# 
vi /etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
// comment out
// include "/etc/bind/named.conf.root-hints";
// add
include "/etc/bind/named.conf.internal-zones";
include "/etc/bind/named.conf.external-zones";
root@dlp:~# 
vi /etc/bind/named.conf.options
// add : set ACL entry for local network
acl internal-network {
        10.0.0.0/24;
};

options {
        directory "/var/cache/bind";

        // add local network set on [acl] section above
        // network range you allow to recieve queries from hosts
        allow-query { localhost; internal-network; };
        // network range you allow to transfer zone files to clients
        // add secondary DNS servers if it exist
        allow-transfer { localhost; };
        // add recursion range your allow recursive query
        allow-recursion { localhost; internal-network; };
        dnssec-validation auto;
        listen-on port 53 { any; };
        // if not listen IPV6, change [any] to [none]
        listen-on-v6 { any; };
};
root@dlp:~# 
vi /etc/bind/named.conf.internal-zones
view "internal" {
        // set internal network zones
        match-clients {
                localhost;
                internal-network;
        };
        zone "srv.world" {
                type primary;
                file "/etc/bind/srv.world.lan";
                allow-update { none; };
        };
        zone "0.0.10.in-addr.arpa" {
                type primary;
                file "/etc/bind/0.0.10.db";
                allow-update { none; };
        };
        include "/etc/bind/named.conf.root-hints";
};
root@dlp:~# 
vi /etc/bind/named.conf.external-zones
view "external" {
        // match all except targets defined on [match-clients] on internal section
        match-clients { any; };
        // allow all queries
        allow-query { any; };
        // not allow recursive queries
        recursion no;
        zone "srv.world" {
                type primary;
                file "/etc/bind/srv.world.wan";
                allow-update { none; };
        };
        zone "0.16.172.in-addr.arpa" {
                type primary;
                file "/etc/bind/0.16.172.db";
                allow-update { none; };
        };
};
[2]
For configuration of each Zone files set in [named.conf] above, refer to here.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)