i do this:  - that should get you started!

// *** EXTERNAL VIEW ***

view "external-in" in {

        match-clients {
                any;
        };
        recursion no;
        additional-from-auth no;
        additional-from-cache no;

// HINT
        zone "." {
                type hint;
                file "root.hints";
        };

// FORWARDS
        zone "localhost" {
                type master;
                file "ex.addr/localhost";
                allow-query{
                        any;
                };
        };
// REVERSES
        zone "0.0.127.in-addr.arpa" {
                type master;
                file "ex.rev/127.0.0";
        };
};

/////////////////////////////////////////////

// *** INTERNAL VIEW ***

view "internal-in" in {
        match-clients {
                internalnet;
        };
        recursion yes;
        additional-from-auth yes;
        additional-from-cache yes;

// HINTS
        zone "." {
                type hint;
                file "root.hints";
        };

// FORWARDS
        zone "localhost" {
                type master;
                file "in.addr/localhost";
                allow-query{
                        any;
                };
        };
        zone "home.domain.com" {
                type master;
                file "in.addr/home.domain.com";
                allow-query{
                        any;
                };
        };

// REVERSES
        zone "0.0.127.in-addr.arpa" {
                type master;
                file "in.rev/127.0.0";
        };
        zone "1.168.192.in-addr.arpa" {
                type master;
                file "in.rev/192.168.1";
                allow-query{
                        any;
                };
        };






James wrote:
> Thanks Marc, this worked.
>  
> Now I need to setup acl sets for the internal and external network.
>  
>  
> On Thu, Jul 3, 2008 at 10:46 AM, Marc Skinner <marc at e-skinner.net 
> <mailto:marc at e-skinner.net>> wrote:
>
>     Might want to try this:
>
>     acl bogusnets {   0.0.0.0/8 <http://0.0.0.0/8>;
>       169.254.0.0/16 <http://169.254.0.0/16>;
>       224.0.0.0/3 <http://224.0.0.0/3>;
>     };
>
>     acl internalnet {
>           127.0.0.1 <http://127.0.0.1/>;
>           192.168.1.0/24 <http://192.168.1.0/24>;
>           };
>
>     acl mynet {
>           127.0.0.1 <http://127.0.0.1/>;
>           192.168.1.0/24 <http://192.168.1.0/24>;
>           };
>
>     acl thisdns {
>            127.0.0.1 <http://127.0.0.1/>;
>            192.168.1.whaever your DNS server is;
>           };
>
>
>
>     in options section:
>
>
>           allow-notify {
>                   mynet;
>           };
>           allow-query {
>                   mynet;
>           };
>           allow-recursion {
>                   mynet;
>           };
>           blackhole {
>                   bogusnets;
>           };
>           listen-on {
>                   thisdns;
>           };
>           listen-on-v6 {
>                   none;
>           };
>           query-source address * port 53;
>           version "!BIND!";
>
>
>
>
>
>
>
>
>
>
>     James wrote:
>
>         Howdy,
>          I have Fedora 9 installed and would like to use it as the DNS
>         system in the house.
>          The setup is as follows
>          options {
>                listen-on port 53 { 127.0.0.1 <http://127.0.0.1/>
>         <http://127.0.0.1 <http://127.0.0.1/>>; };
>
>                listen-on-v6 port 53 { ::1; };
>                directory       "/var/named";
>                dump-file       "/var/named/data/cache_dump.db";
>                statistics-file "/var/named/data/named_stats.txt";
>                memstatistics-file "/var/named/data/named_mem_stats.txt";
>                allow-query     { localhost; };
>                recursion yes;
>                forwarders {
>                        68.87.77.130 <http://68.87.77.130/>
>         <http://68.87.77.130 <http://68.87.77.130/>>;
>                        68.87.72.130 <http://68.87.72.130/>
>         <http://68.87.72.130 <http://68.87.72.130/>>;
>
>                        };
>         };
>         logging {
>                channel default_debug {
>                        file "data/named.run";
>                        severity dynamic;
>                };
>         };
>         zone "." IN {
>                type hint;
>                file "named.ca <http://named.ca/> <http://named.ca
>         <http://named.ca/>>";
>
>         };
>
>         include "/etc/named.rfc1912.zones";
>          zone "home.local" {
>                type master;
>                file "/var/named/home.local.hosts";
>                };
>
>         zone "1.168.192.in-addr.arpa" {
>                type master;
>                file "1.168.192.in-addr.arpa.zone";
>                allow-update { key "rndckey"; };
>                notify yes;
>          I have the files in /var/named setup and configured. From the
>         DNS system I can type
>         nslookup 43p and get the following
>         [root at fc9 named]# vi /etc/named.conf
>         [root at fc9 named]# nslookup 43p
>         Server:         127.0.0.1 <http://127.0.0.1/>
>         <http://127.0.0.1 <http://127.0.0.1/>>
>         Address:        127.0.0.1#53 <http://127.0.0.1/#53>
>         <http://127.0.0.1#53 <http://127.0.0.1/#53>>
>         Name:   43p.home.local
>         Address: 192.168.1.52 <http://192.168.1.52/>
>         <http://192.168.1.52 <http://192.168.1.52/>>
>
>          From a windows system I get the following
>         C:\Users\dalan>nslookup 43p
>         Server:  UnKnown
>         Address:  192.168.1.50:53 <http://192.168.1.50:53/>
>         <http://192.168.1.50:53 <http://192.168.1.50:53/>>
>
>         *** UnKnown can't find 43p: Query refused
>          From the AIX system I get
>         (43p-aix) [dalan] nslookup 43p
>         *** Can't find server name for address 192.168.1.50:Query refused
>         *** Default servers are not available
>         (43p-aix) [dalan]
>         I have shut off the firewall and SE-Linux on the Fedora
>         system. I'm not sure why the fedora system is
>         blocking/refusing the request coming from another system.
>         I even put the following entries in iptables.
>         SERVER_IP="192.168.1.50 <http://192.168.1.50/>
>         <http://192.168.1.50 <http://192.168.1.50/>>"
>
>         iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d
>         $SERVER_IP --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
>         iptables -A OUTPUT -p udp -s $SERVER_IP --sport 53 -d 0/0
>         --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
>         iptables -A INPUT -p udp -s 0/0 --sport 53 -d $SERVER_IP
>         --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
>         iptables -A OUTPUT -p udp -s $SERVER_IP --sport 53 -d 0/0
>         --dport 53 -m state --state ESTABLISHED -j ACCEPT
>         iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d
>         $SERVER_IP --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
>         iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 53 -d 0/0
>         --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
>         iptables -A INPUT -p tcp -s 0/0 --sport 53 -d $SERVER_IP
>         --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
>         iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 53 -d 0/0
>         --dport 53 -m state --state ESTABLISHED -j ACCEPT
>          I still have the same effect.
>          Running the following shows that the system is refusing the
>         connection.
>         /usr/sbin/tcpdump -X port 53
>
>         [root at fc9 named]# /usr/sbin/tcpdump -X port 53
>         tcpdump: verbose output suppressed, use -v or -vv for full
>         protocol decode
>         listening on eth0, link-type EN10MB (Ethernet), capture size
>         96 bytes
>         21:39:38.512926 IP aix.sparish.local.52686 >
>         fc9.sparish.local.domain: 46304+ PTR?
>         50.1.168.192.in-addr.arpa. (43)
>                0x0000:  4500 0047 ac22 0000 1e11 6ccd c0a8 0134
>          E..G."....l....4
>                0x0010:  c0a8 0132 cdce 0035 0033 7c2c b4e0 0100
>          ...2...5.3|,....
>                0x0020:  0001 0000 0000 0000 0235 3001 3103 3136
>          .........50.1.16
>                0x0030:  3803 3139 3207 696e 2d61 6464 7204 6172
>          8.192.in-addr.ar <http://8.192.in-addr.ar/>
>         <http://8.192.in-addr.ar <http://8.192.in-addr.ar/>>
>
>                0x0040:  7061 0000 0c00 01                        pa.....
>         21:39:38.519048 IP fc9.sparish.local.domain >
>         aix.sparish.local.52686: 46304 Refused- 0/0/0 (43)
>                0x0000:  4500 0047 0000 4000 4011 b6ef c0a8 0132
>          E..G.. at .@......2 <mailto:E..G..@ <mailto:E..G..@>. at ......2>
>
>                0x0010:  c0a8 0134 0035 cdce 0033 fc26 b4e0 8105
>          ...4.5...3.&....
>                0x0020:  0001 0000 0000 0000 0235 3001 3103 3136
>          .........50.1.16
>                0x0030:  3803 3139 3207 696e 2d61 6464 7204 6172
>          8.192.in-addr.ar <http://8.192.in-addr.ar/>
>         <http://8.192.in-addr.ar <http://8.192.in-addr.ar/>>
>
>                0x0040:  7061 0000 0c00 01                        pa.....
>          Any help would be welcome
>          Thanks
>         ------------------------------------------------------------------------
>
>
>
>         _______________________________________________
>         TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>         tclug-list at mn-linux.org <mailto:tclug-list at mn-linux.org>
>         http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>          
>
>
>