makeup and optimitions

make_perms.sh

@@ -16,9 +16,8 @@ chmod 400 envs_msT.key tilde_msT.key letsencrypt_U.key
 chmod 600 Kenvs_mst.* Ktilde_mst.* Kletsencrypt_u.*
 
 chown root:bind "$BINDIR"/slave_tilde
+chmod 644 "$BINDIR"/slave_tilde
 
-test ! -d "$BINDIR"/keys && mkdir -p "$BINDIR"/keys
-test ! -d "$BINDIR"/zones && mkdir -p "$BINDIR"/zones
 test ! -d "$BINDIR"/slaves && mkdir -p "$BINDIR"/slaves
 chown -R bind:bind "$BINDIR"/zones "$BINDIR"/slaves
 chmod 755 "$BINDIR"/zones

named.conf.forward

@@ -1,7 +1,6 @@
 //
 // Forward Zones
 
-
 zone "tilde." IN {
 	type forward;
 	forward only;

named.conf.options

@@ -25,27 +25,25 @@ options {
 	//========================================================================
 	dnssec-enable yes;
 	dnssec-validation auto;
+	dnssec-lookaside auto;
 
 	key-directory "/etc/bind/keys/";
 
 	// Do not make public version of BIND
 	version none;
 
-	auth-nxdomain no; # conform to RFC1035
+	auth-nxdomain no; // conform to RFC1035
 
 	recursive-clients 4096;
 
-//	edns-udp-size 4096;
-//	max-udp-size 512;
-
-	listen-on-v6 { none; };
 	listen-on { any; };
+	listen-on-v6 { none; };
 
-
-	allow-transfer { none; };
 	allow-update { none; };
+	allow-transfer { none; };
 
 	allow-query { any; };
+
 	allow-query-cache { internals; };
 	allow-recursion { internals; };
 };

named.conf.slaves

@@ -1,6 +1,5 @@
 //
 // Slave Zones
 
-
 // Tilde Zones - ( ben@tilde.team )
 include "/etc/bind/slave_tilde";