//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

view "demil" {
	match-clients {
		10.11.13.0/24;
	};
	
	allow-query {
		10.11.13.0/24;
	};
};

view "tunel" {

	match-clients {
		10.11.12.0/24;
	};
	
	allow-query {
		10.11.12.0/24;
	};

	zone "pokrok.local" {
		type master;
		file "pokrok.local-tun";
	};

};

view "vnitrni-sit" {
	match-clients {
		192.168.1.0/24;
		192.168.0.0/24;
		192.168.101.0/24;
		192.168.102.0/24;
		192.168.100.0/24;
	};
	allow-query {
//		127.0.0.1;
		192.168.1.0/24;
		192.168.0.0/24;
		192.168.101.0/24;
		192.168.102.0/24;
		192.168.100.0/24;
	
	};
	recursion yes;
// prime the server with knowledge of the root servers

zone "." {
	type hint;
	file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};

zone "1.168.192.in-addr.arpa" {
	type slave;
	file "/etc/bind/db.1.168.192";
	masters { 192.168.1.250; };
};

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
//  Because many of our users are uncomfortable receiving undelegated answers
//  from root or top level domains, other than a few for whom that behaviour
//  has been trusted and expected for quite some length of time, we have now
//  introduced the "root-delegations-only" feature which applies delegation-only
//  logic to all top level domains, and to the root domain.  An exception list
//  should be specified, including "MUSEUM" and "DE", and any other top level
//  domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

	zone "pokrok.cz" {
		type master;
		file "pokrok.local.zone";
	};

	zone "pokrok.local" {
		type slave;
		file "pokrok.local";
		masters { 192.168.1.250; };
	};

//	zone "test.pokrok.cz" {
//		type master;
//		file "test.pokrok.local.zone";
//	};

};

view "internet" {
	match-clients { any; };
// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
//  Because many of our users are uncomfortable receiving undelegated answers
//  from root or top level domains, other than a few for whom that behaviour
//  has been trusted and expected for quite some length of time, we have now
//  introduced the "root-delegations-only" feature which applies delegation-only
//  logic to all top level domains, and to the root domain.  An exception list
//  should be specified, including "MUSEUM" and "DE", and any other top level
//  domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };
	
	zone "pokrok.cz" {
		type master;
		file "pokrok.zone";
		allow-update { key mykey; };
	};
	
//	zone "test.pokrok.cz" {
//		type master;
//		file "test.pokrok.zone";
//		allow-update { key mykey; };
//	};
};