Bind 9 Administrator Reference Manual
Chapter 4. Advanced Concepts
forwarders { };
allow-query { internals; };
allow-transfer { internals; }
};
zone "site2.internal" {
type slave;
file "s/site2.internal";
masters { 172.16.72.3; };
forwarders { };
allow-query { internals };
allow-transfer { internals; }
};
External (bastion host) DNS server config:
acl internals { 172.16.72.0/24; 192.168.1.0/24; };
acl externals { bastion-ips-go-here; };
options {
...
...
allow-transfer { none; }; // sample allow-
transfer (no one)
allow-query { internals; externals; }; // restrict query access
allow-recursion { internals; externals; }; // restrict recursion
...
...
};
zone "site1.example.com" { // sample slave zone
type master;
file "m/site1.foo.com";
allow-query { any; };
allow-transfer { internals; externals; };
};
zone "site2.example.com" {
type slave;
file "s/site2.foo.com";
masters { another_bastion_host_maybe; };
allow-query { any; };
allow-transfer { internals; externals; }
};
29