From 83a713faada4a0d7b93a67d4a777bed66844c2d4 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Tue, 5 Feb 2013 12:29:42 +0100
Subject: [PATCH] Current state after configuration and starting Bind

---
 bind/named-log.conf     | 72 +++++++++++++++++++++++++++++++++++++++++
 bind/named.conf         | 42 +++++++++++++++---------
 logrotate.d/named       | 28 ++++++++++++++++
 resolv.conf             |  1 +
 runlevels/default/named |  1 +
 5 files changed, 129 insertions(+), 15 deletions(-)
 create mode 100644 bind/named-log.conf
 create mode 100644 logrotate.d/named
 create mode 120000 runlevels/default/named
diff --git a/bind/named-log.conf b/bind/named-log.conf
new file mode 100644
index 00000000..d5875a6f
--- /dev/null
+++ b/bind/named-log.conf
@@ -0,0 +1,72 @@
+//###############################################################
+//# Bind9-Konfigurationsdatei Logging
+//# /etc/bind/named-log.conf
+//#
+//# $Header: /etc/bind/.rcs/named-log.conf,v 1.3 2010/05/26 20:23:00 root Exp $
+//#
+//# Host Helga
+//#
+//# Generiert am: 26.05.2010
+//#          von: frank@brehm-online.com
+//#
+//###############################################################
+
+//###############################################################
+//# Angaben zum Logging
+
+logging {
+
+    // Kategorien
+
+    category default {
+        default_debug;
+        logtofile;
+    };
+    category general {
+        logtofile;
+        syslog-warning;
+    };
+    category lame-servers {
+        null;
+    };
+    category queries {
+        query_logging;
+    };
+
+    // KanÃ¤le
+
+    channel complete_debug {
+        file "/var/log/named/complete-debug.log";
+        print-category yes;
+        print-severity yes;
+        print-time yes;
+        severity debug 99;
+    };
+    channel logtofile {
+        file "/var/log/named/named.log";
+        print-category yes;
+        print-severity yes;
+        print-time yes;
+        severity info;
+    };
+    channel moderate_debug {
+        file "/var/log/named/debug.log";
+        print-category yes;
+        print-severity yes;
+        print-time yes;
+        severity debug 1;
+    };
+    channel query_logging {
+        file "/var/log/named/query.log";
+        print-time yes;
+    };
+    channel syslog-warning {
+        syslog daemon;
+        severity warning;
+    };
+
+};
+
+
+
+# vim: ts=4 filetype=named noai
diff --git a/bind/named.conf b/bind/named.conf
index aab639f5..b7cc8d3f 100644
--- a/bind/named.conf
+++ b/bind/named.conf
@@ -26,6 +26,21 @@ acl "trusted" {
 	::1/128;
 };
 
+acl "local_ips" {
+	127.0.0.0/8;
+	10.0.0.0/8;
+	192.168.0.0/16;
+	172.16.0.0/12;
+	::1/128;
+	fe80::/10;
+};
+
+acl "private_ips" {
+	2001:6f8:1db7::1/64;
+	2001:6f8:1c00:365::2/64;
+	2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+};
+
 options {
 	directory "/var/bind";
 	pid-file "/var/run/named/named.pid";
@@ -33,8 +48,8 @@ options {
 	/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
 	//bindkeys-file "/etc/bind/bind.keys";
 
-	listen-on-v6 { ::1; };
-	listen-on { 127.0.0.1; };
+	listen-on-v6 { any; };
+	listen-on { any; };
 
 	allow-query {
 		/*
@@ -44,16 +59,22 @@ options {
 		 * to the masses.
 		 */
 		trusted;
+		local_ips;
+		private_ips;
 	};
 
 	allow-query-cache {
 		/* Use the cache for the "trusted" ACL. */
 		trusted;
+		local_ips;
+		private_ips;
 	};
 
 	allow-recursion {
 		/* Only trusted addresses are allowed to use recursion. */
 		trusted;
+		local_ips;
+		private_ips;
 	};
 
 	allow-transfer {
@@ -101,19 +122,8 @@ options {
 	//query-source address * port 53;
 };
 
-/*
-logging {
-	channel default_log {
-		file "/var/log/named/named.log" versions 5 size 50M;
-		print-time yes;
-		print-severity yes;
-		print-category yes;
-	};
-
-	category default { default_log; };
-	category general { default_log; };
-};
-*/
+// Logging
+include "/etc/bind/named-log.conf";
 
 include "/etc/bind/rndc.key";
 controls {
@@ -170,3 +180,5 @@ zone "127.in-addr.arpa" IN {
 //	allow-notify { <MASTER>; };
 //	notify no;
 //};
+
+# vim: ts=4 filetype=named noai
diff --git a/logrotate.d/named b/logrotate.d/named
new file mode 100644
index 00000000..845d7084
--- /dev/null
+++ b/logrotate.d/named
@@ -0,0 +1,28 @@
+# Logrotate configuration for bind ....
+
+script named-reload
+    /etc/init.d/named restart >/dev/null || true
+endscript
+
+/var/log/named/complete-debug.log /var/log/named/debug.log /var/log/named/query.log {
+    daily
+    olddir /var/log/named/%Y-%m
+    size 4M
+    maxage 6m
+    notifempty
+    missingok
+    postrotate named-reload
+}
+
+/var/log/named/named.log {
+    daily
+    olddir /var/log/named/%Y-%m
+    size 1M
+    maxage 2y
+    notifempty
+    missingok
+    postrotate named-reload
+}
+
+
+# vim: ts=4 filetype=conf
diff --git a/resolv.conf b/resolv.conf
index 8eaeb8c0..6cb14a14 100644
--- a/resolv.conf
+++ b/resolv.conf
@@ -2,4 +2,5 @@
 domain brehm-online.com
 search home.brehm-online.com home.hennig-berlin.org brehm-online.com hennig-berlin.org uhu-banane.de
 #nameserver 10.12.11.1
+nameserver 127.0.0.1
 nameserver 8.8.8.8
diff --git a/runlevels/default/named b/runlevels/default/named
new file mode 120000
index 00000000..52094d3c
--- /dev/null
+++ b/runlevels/default/named
@@ -0,0 +1 @@
+/etc/init.d/named
\ No newline at end of file
-- 
2.39.5

