Forum Discussion
JRahm
Jun 17, 2010Admin
This is the configuration I used when setting up something similar. x.x.x.x, x.x.x.y, x.x.x.z need to be swapped out with your nameserver IPs. Also, the 10/8 is internal space from standard rfc1918, but your IP space might be different, so you'll need to alter that as well.
restrict rndc access to local machines use the key in the default place: /config/rndc.key controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; }; }; logging { channel logfile { syslog daemon; severity error; print-category yes; print-severity yes; print-time yes; }; category default { logfile; }; category config { logfile; }; category notify { logfile; }; }; options { listen-on port 53 { 127.0.0.1; "zrd-acl-000-000"; }; forward only; forwarders { x.x.x.x; x.x.x.y; x.x.x.z; }; allow-query { localhost; internal; }; listen-on-v6 port 53 { ::1; }; directory "/config/namedb"; allow-transfer { localhost; }; recursion yes; }; acl "zrd-acl-000-000" { 127.10.0.0; }; acl internal { 10/8; };