108 lines
2.4 KiB
Plaintext
108 lines
2.4 KiB
Plaintext
# Relevant: https://kb.isc.org/docs/aa-00711
|
|
|
|
options {
|
|
// Krey: Set directory for bind
|
|
directory "/bedrock/strata/exherbo/var/bind";
|
|
|
|
// Krey: Sets Random Device
|
|
random-device "/dev/random";
|
|
|
|
key-directory "/bedrock/strata/exherbo/var/cache/bind/keys";
|
|
|
|
// uncomment the following lines to turn on DNS forwarding,
|
|
// and change the forwarding ip address(es) :
|
|
//forward first;
|
|
//forwarders {
|
|
// 123.123.123.123;
|
|
// 123.123.123.123;
|
|
//};
|
|
|
|
listen-on port 53 { any; };
|
|
|
|
listen-on-v6 { none; };
|
|
listen-on { 127.0.0.1; };
|
|
|
|
// to allow only specific hosts to use the DNS server:
|
|
//allow-query {
|
|
// 127.0.0.1;
|
|
//};
|
|
|
|
// if you have problems and are behind a firewall:
|
|
//query-source address * port 53;
|
|
pid-file "/bedrock/strata/exherbo/run/named/named.pid";
|
|
};
|
|
|
|
#controls {
|
|
# inet 127.0.0.1 port 953
|
|
# allow { 127.0.0.1; } keys { "/etc/bind/rndc.key"; };
|
|
#};
|
|
|
|
logging {
|
|
channel named_log{
|
|
file "/var/log/named/bind.log" versions 3 size 2m;
|
|
severity info;
|
|
print-severity yes;
|
|
print-time yes;
|
|
print-category yes;
|
|
};
|
|
category default {
|
|
named_log;
|
|
};
|
|
category lame-servers {
|
|
null;
|
|
};
|
|
};
|
|
|
|
|
|
// Briefly, a zone which has been declared delegation-only will be effectively
|
|
// limited to containing NS RRs for subdomains, but no actual data beyond its
|
|
// own apex (for example, its SOA RR and apex NS RRset). This can be used to
|
|
// filter out "wildcard" or "synthesized" data from NAT boxes or from
|
|
// authoritative name servers whose undelegated (in-zone) data is of no
|
|
// interest.
|
|
// See http://www.isc.org/products/BIND/delegation-only.html for more info
|
|
|
|
zone "rixotstudio.cz" {
|
|
type master;
|
|
file "/bedrock/strata/exherbo/etc/bind/master/rixotstudio.cz";
|
|
update-policy {
|
|
grant ddns-key zonesub ANY;
|
|
};
|
|
allow-transfer {
|
|
// Current Server IP
|
|
213.220.230.81;
|
|
// Wedos - Secondary DNS
|
|
46.28.104.67;
|
|
};
|
|
#allow-update { 213.220.230.81; };
|
|
inline-signing yes;
|
|
# Only sign DNSKEY with KSK
|
|
dnssec-dnskey-kskonly yes;
|
|
# expiration time 21d, refresh period 16d
|
|
sig-validity-interval 21 16;
|
|
auto-dnssec maintain;
|
|
serial-update-method unixtime;
|
|
};
|
|
|
|
zone "COM" { type delegation-only; };
|
|
zone "NET" { type delegation-only; };
|
|
|
|
zone "." IN {
|
|
type hint;
|
|
file "named.cache";
|
|
};
|
|
|
|
zone "localhost" IN {
|
|
type master;
|
|
file "pri/localhost.zone";
|
|
allow-update { none; };
|
|
notify no;
|
|
};
|
|
|
|
zone "127.in-addr.arpa" IN {
|
|
type master;
|
|
file "pri/127.zone";
|
|
allow-update { none; };
|
|
notify no;
|
|
};
|