--- bind9_acls: - name: internalnets permissions: [] # - "111.222.111.222" bind9_logging: categories: - name: "security" channels: - "security_file" channels: - name: "security_file" file: path: "/var/log/named/security.log" options: "versions 3 size 30m" severity: "dynamic" print_times: "yes" bind9_options: allow_query: [] allow_query_on: [] allow_query_cache: [] allow_query_cache_on: [] allow_recursion: - "localhost" - "localnets" - "internalnets" allow_recursion_on: [] allow_transfer: [] allow_update: [] allow_update_forwarding: [] auth_nxdomain: false blackhole: [] dnssec_validation: true forwarders: - ip: "8.8.8.8" # Google IPv4 port: "53" - ip: "8.8.4.4" # Google IPv4 port: "53" - ip: "2001:4860:4860::8888" # Google IPv6 port: "53" - ip: "2001:4860:4860::8844" # Google IPv6 port: "53" - ip: "208.67.222.222" # OpenDNS IPv4 port: "53" - ip: "208.67.220.220" # OpenDNS IPv4 port: "53" - ip: "2620:0:ccc::2" # OpenDNS IPv6 port: "53" - ip: "2620:0:ccd::2" # OpenDNS IPv6 port: "53" interface_interval: 0 listen_on_ipv4: - "127.0.0.1" listen_on_ipv6: - "::1" max_transfer_time: "60" minimal_responses: "no" notify: "yes" recursion: "yes" update_policies: [] # - action: grant # identity: keyname # ruletype: name # name: _acme-challenge.example.com. # types: # - TXT transfer_format: "many-answers" bind9_statics: enabled: true channels: - inet: "127.0.0.1" port: "8053" acls: - "localhost" bind9_tsigkeys: [] # - name: "name" # algorithm: "algorithm" # secret: "secret" bind9_views: [] # - name: external # match_clients: # - "!internalnets" # - "any" # zones: # - allow_notify: [] # allow_query: # - "any" # allow_query_on: [] # allow_update: [] # allow_update_forwarding: [] # allow_transfer: [] # file: zones/external/db.local.example # origin: "example.local." # type: master # notify: true # - name: internal # match_clients: # - "!192.168.178.1" # - "internalnets" # - "127.0.0.0/8" # zones: # - allow_notify: [] # allow_query: # - "any" # allow_query_on: [] # allow_update: [] # allow_update_forwarding: [] # allow_transfer: [] # file: zones/internal/db.local.example # origin: "example.local." # type: master # - allow_notify: [] # allow_query: [] # allow_query_on: [] # allow_update: [] # allow_update_forwarding: [] # allow_transfer: [] # forward: only # forwarders: # - 192.168.175.1 # origin: "glr.external.local." # type: forward