Using views to restrict recursion

This is an example of a name server that does not do recursion for hosts outside of its network, but still servers zones to the world.

// // named.conf for Red Hat caching-nameserver //

acl "cooperix" { 192.139.46.0/24; };

options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /*	 * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */	allow-recursion { "cooperix"; }; transfer-source 192.139.46.131;

// query-source address * port 53; //recursion no;               // Do not provide recursive service

};

logging { channel "eastasia_local0" { syslog local0; severity info; };

category "unmatched" { "null"; }; category "default" { "eastasia_local0"; "default_debug"; }; };

// // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; };

view "normal" {

zone "." IN { type hint; file "named.ca"; };

zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; };

zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; };

zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; };

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; };

zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; };

zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; };

// //  // Public Secondaries // include "/home/russell/DNS/public-secondary.conf"; include "/home/russell/DNS/sns.flora.ca.conf"; include "/home/mcr/DNS/public-secondary.conf"; include "/home/russell/DNS/jungle.ca-secondary.conf";

// //  // FLORA Secondaries // include "/home/russell/DNS/pns.flora.ca-secondary.conf"; include "/home/russell/DNS/team.openconcept.ca-secondary.conf"; };

include "/etc/rndc.key";

view "hesiod" HS { zone "." HS { type slave; file "hesiod.zone.bak"; masters { 192.139.46.244; // pns.flora.ca       }; };

include "/home/russell/DNS/public-hs-secondary.conf"; include "/home/russell/DNS/flora-hesiod-secondary.conf";

};