#/etc/named/named.conf

# predefined access control lists (acl):
# "any"         allows all hosts
# "none"        denies all hosts
# "localhost"   allows the IP adresses of all interfaces of the system
# "localnets"   allows any host on a network of the local interfaces
#
# defining an additional ACL:
acl "trusted" {
  127.0.0.1/32;
  192.168.0.0/16;
};

#never allow requests from these hosts
acl "bogon" {
  0.0.0.0/8;
  1.0.0.0/8;      #IANA reserved
  2.0.0.0/8;      #IANA reserved
  192.0.2.0/24;   #test addresses
  224.0.0.0/3;    #multicast addresses
  10.0.0.0/8;     #here not used private network
  172.16.0.0/12;  #here not used private network
};

options {
  directory "/etc/named";
  # the default is to fail, if the master file is not correct
  #check-names master ignore;

  pid-file "/var/run/named.pid";

  # the default is to ask the forwarders and if they fail
  # try to find the answer yourself, this will only ask the forwarders
  # forward only;
  # list of DNS servers to ask
  # forward first;
  forwarders {
    #T-Online
    194.25.0.125;
    194.25.2.129;
    194.25.2.130;
    194.25.2.131;
    #Nexgo
    145.253.2.11;
    145.253.2.75;
    #TUB
    130.149.17.5;
    130.149.17.13;
    #Arcor???
    #212.185.151.9;
  };
  # the default is to listen on port 53 on all available interfaces
  # you can also give a detailed list:
  listen-on port 5353 {
    127.0.0.1;
    192.168.0.1;
    192.168.1.1;
  };

  #allow only queries from trusted hosts
  allow-query {
    "trusted";
  };

  allow-recursion {
    "trusted";
  };

  allow-transfer {
    "trusted";
  };

  blackhole {
    bogon;        #ignore requests from these hosts
  };
};

#log every query in "/var/log/named"
logging {
  channel mychannel {
    file "/var/log/named";
    severity info;
    print-time yes;
  };

  category security {
    mychannel;
  };

  category queries {
    mychannel;
  };
};

#definitions of the zones, the ".", "localhost", and "0.0.127.in-addr.arpa" zones has to be defined everytime
#note the reverse notation of the network addresses
zone "." {
  type hint;
  file "root.hint";
};

zone "0.0.127.in-addr.arpa" {
  type master;
  file "pz/127.0.0";
};

#assign every name an ip number
zone "laas.priv" {
  type master;
  file "pz/laas.priv";
};

#and twice versa (reverse dns)
zone "0.168.192.in-addr.arpa" {
  type master;
  file "pz/192.168.0";
};

zone "1.168.192.in-addr.arpa" {
  type master;
  file "pz/192.168.1";
};