// generated by named-bootconf.pl

options {
	directory "/var/named";
	/*
	 * If there is a firewall between you and nameservers you want
	 * to talk to, you might need to uncomment the query-source
	 * directive below.  Previous versions of BIND always asked
	 * questions using port 53, but BIND 8.1 uses an unprivileged
	 * port by default.
	 */
	// query-source address * port 53;

	forwarders{
		ns1.yourisp.com;
		ns2.yourisp.com;
	};
	allow-transfer{
		none;
	};
        allow-query {
                192.168.3/24;
                localhost;
        };
	listen-on {
		127.0.0.1;
		192.168.3.1;
	};
};

// 
// a caching only nameserver config
// 
controls {
	inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
	type hint;
	file "named.ca";
};

zone "localhost" IN {
	type master;
	file "localhost.zone";
	allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
	type master;
	file "named.local";
	allow-update { none; };
};

zone "ventura.c" IN {
	type master;
	file "slaves/ventura.c.db";
	allow-update { localhost; key rndckey; };
};

zone "3.168.192.in-addr.arpa" in {
	type master;
	file "slaves/192.168.3.db";
	allow-update { localhost; key rndckey; };
};

include "/etc/rndc.key";

logging {
  category dnssec { security_log; };
  category update { security_log; };
  category security { security_log; };

  channel security_log {
	file "data/dns_security.log" versions 4 size 10m;
	print-time yes;
	print-category yes;
	print-severity yes;
	severity info;
  };
};