/* * Refer to the named.conf(5) and named(8) man pages, and the documentation * in /usr/share/doc/bind-9 for more details. * Online versions of the documentation can be found here: * http://www.isc.org/software/bind/documentation * * If you are going to set up an authoritative server, make sure you * understand the hairy details of how DNS works. Even with simple mistakes, * you can break connectivity for affected parties, or cause huge amounts of * useless Internet traffic. */ acl "xfer" { /* Deny transfers by default except for the listed hosts. * If we have other name servers, place them here. */ none; }; /* * You might put in here some ips which are allowed to use the cache or * recursive queries */ acl "trusted" { 192.168.4.11; 192.168.4.12; 192.168.4.15; 192.168.4.0/24; localhost; localnets; }; //statistics-channels { // inet * port 8053 allow { any; }; //}; options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forward first; forwarders { // 207.164.234.129; // Your ISP NS // 207.164.234.193; // Your ISP NS // 4.2.2.1; // Level3 Public DNS // 4.2.2.2; // Level3 Public DNS // 8.8.8.8; // Google Open DNS // 8.8.4.4; // Google Open DNS 149.112.121.20 // https://www.cira.ca/en/canadian-shield/configure/home-router/ 149.112.122.20 // https://www.cira.ca/en/canadian-shield/configure/home-router/ }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; //auto? //dnssec-validation no; //auto? //auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; //allow-recursion { trusted; }; //listen-on { any; }; //query-source address *; //allow-query { trusted; }; //querylog no; }; logging { // channel default_log { // file "/var/log/named/named.log" versions 3 size 5M; // severity notice; // print-time yes; // print-severity yes; // print-category yes; // }; // // category default { default_log; }; // category general { default_log; }; }; //include "etc/bind/rndc.key"; //controls { // inet 127.0.0.1 port 953 allow { 127.0.0.1; ::1; } keys { "rndc-key"; }; //};