summaryrefslogtreecommitdiff
path: root/user/bind/named.conf.authoritative
diff options
context:
space:
mode:
authorDan Theisen <djt@hxx.in>2018-07-06 00:13:54 -0700
committerDan Theisen <djt@hxx.in>2018-07-06 02:34:42 -0700
commitdf1a5e501763e44127dc660b01fd036de5b94112 (patch)
tree1a52ba11a2f6872c17f25dea1fc6265538eb0f43 /user/bind/named.conf.authoritative
parent5b7b4d541766dcaa27db11fc82a5114790828deb (diff)
downloadpackages-df1a5e501763e44127dc660b01fd036de5b94112.tar.gz
packages-df1a5e501763e44127dc660b01fd036de5b94112.tar.bz2
packages-df1a5e501763e44127dc660b01fd036de5b94112.tar.xz
packages-df1a5e501763e44127dc660b01fd036de5b94112.zip
user/bind: import, take, clean up, update root zone
Diffstat (limited to 'user/bind/named.conf.authoritative')
-rw-r--r--user/bind/named.conf.authoritative56
1 files changed, 56 insertions, 0 deletions
diff --git a/user/bind/named.conf.authoritative b/user/bind/named.conf.authoritative
new file mode 100644
index 000000000..71e98ddc7
--- /dev/null
+++ b/user/bind/named.conf.authoritative
@@ -0,0 +1,56 @@
+// Copy this file to /etc/bind/named.conf if you want to run bind as an
+// authoritative nameserver. If you want to run a recursive DNS resolver
+// instead, see /etc/bind/named.conf.recursive.
+//
+// BIND supports using the same daemon as both authoritative nameserver and
+// recursive resolver; it supports this because it is the oldest and original
+// nameserver and so was designed before it was realized that combining these
+// functions is inadvisable.
+//
+// In actual fact, combining these functions is a very bad idea. It is thus
+// recommended that you run a given instance of BIND as either an authoritative
+// nameserver or recursive resolver, not both. The example configuration herein
+// provides a secure starting point for running an authoritative nameserver.
+
+options {
+ directory "/var/bind";
+
+ // Configure the IPs to listen on here.
+ listen-on { 127.0.0.1; };
+ listen-on-v6 { none; };
+
+ // If you want to allow only specific hosts to use the DNS server:
+ //allow-query {
+ // 127.0.0.1;
+ //};
+
+ // Specify a list of IPs/masks to allow zone transfers to here.
+ //
+ // You can override this on a per-zone basis by specifying this inside a zone
+ // block.
+ //
+ // Warning: Removing this block will cause BIND to revert to its default
+ // behaviour of allowing zone transfers to any host (!).
+ allow-transfer {
+ none;
+ };
+
+ // If you have problems and are behind a firewall:
+ //query-source address * port 53;
+
+ pid-file "/var/run/named/named.pid";
+
+ // Changing this is NOT RECOMMENDED; see the notes above and in
+ // named.conf.recursive.
+ allow-recursion { none; };
+ recursion no;
+};
+
+// Example of how to configure a zone for which this server is the master:
+//zone "example.com" IN {
+// type master;
+// file "/etc/bind/master/example.com";
+//};
+
+// You can include files:
+//include "/etc/bind/example.conf";