101 lines
2.7 KiB
Django/Jinja
101 lines
2.7 KiB
Django/Jinja
/*
|
|
* Refer to the named.conf(5) and named(8) man pages, and the documentation
|
|
* in /usr/share/doc/bind-9 for more details.
|
|
* Online versions of the documentation can be found here:
|
|
* http://www.isc.org/software/bind/documentation
|
|
*
|
|
* If you are going to set up an authoritative server, make sure you
|
|
* understand the hairy details of how DNS works. Even with simple mistakes,
|
|
* you can break connectivity for affected parties, or cause huge amounts of
|
|
* useless Internet traffic.
|
|
*/
|
|
|
|
acl "xfer" {
|
|
/* Deny transfers by default except for the listed hosts.
|
|
* If we have other name servers, place them here.
|
|
*/
|
|
none;
|
|
};
|
|
|
|
/*
|
|
* You might put in here some ips which are allowed to use the cache or
|
|
* recursive queries
|
|
*/
|
|
acl "trusted" {
|
|
192.168.4.11;
|
|
192.168.4.12;
|
|
192.168.4.15;
|
|
192.168.4.0/24;
|
|
localhost;
|
|
localnets;
|
|
};
|
|
|
|
//statistics-channels {
|
|
// inet * port 8053 allow { any; };
|
|
//};
|
|
|
|
options {
|
|
directory "/var/cache/bind";
|
|
|
|
// If there is a firewall between you and nameservers you want
|
|
// to talk to, you may need to fix the firewall to allow multiple
|
|
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
|
|
|
|
// If your ISP provided one or more IP addresses for stable
|
|
// nameservers, you probably want to use them as forwarders.
|
|
// Uncomment the following block, and insert the addresses replacing
|
|
// the all-0's placeholder.
|
|
|
|
forward first;
|
|
forwarders {
|
|
// 207.164.234.129; // Your ISP NS
|
|
// 207.164.234.193; // Your ISP NS
|
|
// 4.2.2.1; // Level3 Public DNS
|
|
// 4.2.2.2; // Level3 Public DNS
|
|
// 8.8.8.8; // Google Open DNS
|
|
// 8.8.4.4; // Google Open DNS
|
|
149.112.121.20 // https://www.cira.ca/en/canadian-shield/configure/home-router/
|
|
149.112.122.20 // https://www.cira.ca/en/canadian-shield/configure/home-router/
|
|
};
|
|
|
|
//========================================================================
|
|
// If BIND logs error messages about the root key being expired,
|
|
// you will need to update your keys. See https://www.isc.org/bind-keys
|
|
//========================================================================
|
|
dnssec-validation auto; //auto?
|
|
//dnssec-validation no; //auto?
|
|
|
|
//auth-nxdomain no; # conform to RFC1035
|
|
listen-on-v6 { any; };
|
|
|
|
allow-recursion { trusted; };
|
|
//listen-on { any; };
|
|
//query-source address *;
|
|
//allow-query { trusted; };
|
|
|
|
//querylog no;
|
|
|
|
};
|
|
|
|
|
|
|
|
logging {
|
|
|
|
// channel default_log {
|
|
// file "/var/log/named/named.log" versions 3 size 5M;
|
|
// severity notice;
|
|
// print-time yes;
|
|
// print-severity yes;
|
|
// print-category yes;
|
|
// };
|
|
//
|
|
// category default { default_log; };
|
|
// category general { default_log; };
|
|
};
|
|
|
|
|
|
//include "etc/bind/rndc.key";
|
|
//controls {
|
|
// inet 127.0.0.1 port 953 allow { 127.0.0.1; ::1; } keys { "rndc-key"; };
|
|
//};
|