bind/named.conf

// BIND Configuration for Hidden Primary Server

options {
    directory "/etc/named/zones";
    pid-file "/var/run/named/named.pid";
    
    // Hide version information
    version "DNS Server";
    
    // Listen on all IPv4 interfaces on port 8053
    listen-on port 8053 { any; };
    listen-on-v6 { none; };
    
    // Allow queries from anywhere (read-only)
    allow-query { any; };
    
    // Disable recursion (authoritative only)
    recursion no;
    
    // Enable query logging
    querylog yes;
    
    // Global notification and transfer settings
    notify yes;
    also-notify {
        213.239.242.238;
        213.133.100.103;
        193.47.99.3;
    };
    
    // Default transfer to secondary servers only
    allow-transfer { secondaries; };
};

// TSIG Key for secure transfers (loaded from separate file)
include "/etc/named/keys/transfer-key.conf";

// ACL for secondary servers (key-based only)
acl "secondaries" {
    key transfer-key;
};

// Standard zone settings are defined per zone in zones.conf

// Zone configurations (loaded from separate file)
include "/etc/named/zones/zones.conf";

// Logging configuration
logging {
    channel default_log {
        file "/var/log/named/named.log" versions 3 size 5m;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    
    channel transfer_log {
        file "/var/log/named/transfers.log" versions 3 size 5m;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    
    channel query_log {
        file "/var/log/named/queries.log" versions 3 size 10m;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    
    category default { default_log; };
    category queries { query_log; };
    category xfer-in { transfer_log; };
    category xfer-out { transfer_log; };
    category notify { transfer_log; };
};