bind/named.conf

// BIND Configuration for Hidden Primary Server

options {
    directory "/var/named";
    pid-file "/var/run/named/named.pid";
    
    // Hide version information
    version "DNS Server";
    
    // Listen on all IPv4 interfaces on port 8053
    listen-on port 8053 { any; };
    listen-on-v6 { none; };
    
    // Allow queries from anywhere (read-only)
    allow-query { any; };
    
    // Disable recursion (authoritative only)
    recursion no;
    
    // Transfer settings
    also-notify {
        213.239.242.238;
        213.133.100.103;
        193.47.99.3;
    };
    
    // Default transfer restrictions
    allow-transfer { none; };
};

// TSIG Key for secure transfers (loaded from separate file)
include "/etc/named/keys/transfer-key.conf";

// ACL for secondary servers
acl "secondaries" {
    key transfer-key;
    213.239.242.238;
    213.133.100.103;
    193.47.99.3;
};

// Template for standard zones
zone-template "standard-zone" {
    type master;
    allow-transfer { secondaries; };
    notify yes;
    also-notify {
        213.239.242.238;
        213.133.100.103;
        193.47.99.3;
    };
};

// Zone configurations using template
zone "whiskeylimahotel.de" using-template "standard-zone" {
    file "whiskeylimahotel.de.zone";
};

// Logging configuration
logging {
    channel default_log {
        file "/var/log/named/named.log" versions 3 size 5m;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    
    channel transfer_log {
        file "/var/log/named/transfers.log" versions 3 size 5m;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    
    category default { default_log; };
    category xfer-in { transfer_log; };
    category xfer-out { transfer_log; };
    category notify { transfer_log; };
};