acl root_ip4 { 172.18.1.4/30; }; acl root_ip6 { fd00::4/126; }; acl jp_ip4 { 172.18.1.8/30; }; acl jp_ip6 { fd00::8/126; }; acl com_ip4 { 172.18.1.12/30; }; acl com_ip6 { fd00::c/126; }; acl test-co-jp_ip4 { 172.18.1.16/30; }; acl test-co-jp_ip6 { fd00::10/126; }; acl test-com_master_ip4 { 172.18.1.20/32; }; acl test-com_relay_ip4 { 172.18.1.21/32; }; acl test-com_slave1_ip4 { 172.18.1.22/32; }; acl test-com_slave2_ip4 { 172.18.1.23/32; }; acl test-com_slave1_ip6 { fd00::16/128; }; acl test-com_slave2_ip6 { fd00::17/128; }; key "tsig-key" { algorithm hmac-sha256; secret "gWQl0C01ZKgNQLafAhUvWBb7B+8BBfEDc7XxdTzDwqc="; }; masters relay-with-key { 172.18.1.21 key tsig-key; }; options { listen-on port 53 { // any; 127.0.0.1; root_ip4; jp_ip4; com_ip4; test-co-jp_ip4; test-com_master_ip4; test-com_slave1_ip4; test-com_slave2_ip4; }; listen-on-v6 port 53 { // any; ::1; root_ip6; jp_ip6; com_ip6; test-co-jp_ip6; test-com_slave1_ip6; test-com_slave2_ip6; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursion no; allow-query { any; }; allow-recursion { none; }; allow-query-cache { none; }; dnssec-enable yes; dnssec-validation yes; allow-transfer { none; }; allow-update { none; }; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; view "ROOT" { match-clients { any; }; match-destinations { root_ip4; root_ip6; }; zone "." IN { // type hint; type master; // file "named.ca"; // file "root.zone"; file "root.zone.signed"; }; include "/etc/named.rfc1912.zones"; }; view "JP" { match-clients { any; }; match-destinations { jp_ip4; jp_ip6; }; zone "jp" IN { type master; // file "jp.zone"; file "jp.zone.signed"; }; include "/etc/named.rfc1912.zones"; }; view "COM" { match-clients { any; }; match-destinations { com_ip4; com_ip6; }; zone "com" IN { type master; // file "com.zone"; file "com.zone.signed"; }; include "/etc/named.rfc1912.zones"; }; view "TEST.CO.JP" { match-clients { any; }; match-destinations { test-co-jp_ip4; test-co-jp_ip6; }; zone "test.co.jp" IN { type master; // file "test.co.jp.zone"; file "test.co.jp.zone.signed"; }; include "/etc/named.rfc1912.zones"; }; view "TEST.COM-MASTER" { match-clients { test-com_relay_ip4; }; match-destinations { test-com_master_ip4; }; dnssec-enable no; dnssec-validation no; zone "test.com" IN { type master; // allow-transfer { 172.18.1.21; }; allow-transfer { key tsig-key; }; notify explicit; // also-notify { 172.18.1.21; }; also-notify { relay-with-key; }; notify-source 172.18.1.20; file "test.com.zone"; }; include "/etc/named.rfc1912.zones"; // include "/etc/named.root.key"; }; view "TEST.COM-SLAVE1" { match-clients { any; }; match-destinations { test-com_slave1_ip4; test-com_slave1_ip6; }; dnssec-enable no; dnssec-validation no; zone "test.com" IN { type slave; // masters { 172.18.1.21; }; masters { relay-with-key; }; // allow-notify { 172.18.1.21; }; allow-notify { key tsig-key; }; transfer-source 172.18.1.22; masterfile-format text; file "slaves/test.com.zone1"; }; include "/etc/named.rfc1912.zones"; // include "/etc/named.root.key"; }; view "TEST.COM-SLAVE2" { match-clients { any; }; match-destinations { test-com_slave2_ip4; test-com_slave2_ip6; }; dnssec-enable no; dnssec-validation no; zone "test.com" IN { type slave; // masters { 172.18.1.21; }; masters { relay-with-key; }; // allow-notify { 172.18.1.21; }; allow-notify { key tsig-key; }; transfer-source 172.18.1.23; masterfile-format text; file "slaves/test.com.zone2"; }; include "/etc/named.rfc1912.zones"; // include "/etc/named.root.key"; };