diff options
| author | Dan Theisen <djt@hxx.in> | 2018-07-06 00:13:54 -0700 |
|---|---|---|
| committer | Dan Theisen <djt@hxx.in> | 2018-07-06 02:34:42 -0700 |
| commit | df1a5e501763e44127dc660b01fd036de5b94112 (patch) | |
| tree | 1a52ba11a2f6872c17f25dea1fc6265538eb0f43 /user/bind/named.conf.authoritative | |
| parent | 5b7b4d541766dcaa27db11fc82a5114790828deb (diff) | |
| download | packages-df1a5e501763e44127dc660b01fd036de5b94112.tar.gz packages-df1a5e501763e44127dc660b01fd036de5b94112.tar.bz2 packages-df1a5e501763e44127dc660b01fd036de5b94112.tar.xz packages-df1a5e501763e44127dc660b01fd036de5b94112.zip | |
user/bind: import, take, clean up, update root zone
Diffstat (limited to 'user/bind/named.conf.authoritative')
| -rw-r--r-- | user/bind/named.conf.authoritative | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/user/bind/named.conf.authoritative b/user/bind/named.conf.authoritative new file mode 100644 index 000000000..71e98ddc7 --- /dev/null +++ b/user/bind/named.conf.authoritative @@ -0,0 +1,56 @@ +// Copy this file to /etc/bind/named.conf if you want to run bind as an +// authoritative nameserver. If you want to run a recursive DNS resolver +// instead, see /etc/bind/named.conf.recursive. +// +// BIND supports using the same daemon as both authoritative nameserver and +// recursive resolver; it supports this because it is the oldest and original +// nameserver and so was designed before it was realized that combining these +// functions is inadvisable. +// +// In actual fact, combining these functions is a very bad idea. It is thus +// recommended that you run a given instance of BIND as either an authoritative +// nameserver or recursive resolver, not both. The example configuration herein +// provides a secure starting point for running an authoritative nameserver. + +options { + directory "/var/bind"; + + // Configure the IPs to listen on here. + listen-on { 127.0.0.1; }; + listen-on-v6 { none; }; + + // If you want to allow only specific hosts to use the DNS server: + //allow-query { + // 127.0.0.1; + //}; + + // Specify a list of IPs/masks to allow zone transfers to here. + // + // You can override this on a per-zone basis by specifying this inside a zone + // block. + // + // Warning: Removing this block will cause BIND to revert to its default + // behaviour of allowing zone transfers to any host (!). + allow-transfer { + none; + }; + + // If you have problems and are behind a firewall: + //query-source address * port 53; + + pid-file "/var/run/named/named.pid"; + + // Changing this is NOT RECOMMENDED; see the notes above and in + // named.conf.recursive. + allow-recursion { none; }; + recursion no; +}; + +// Example of how to configure a zone for which this server is the master: +//zone "example.com" IN { +// type master; +// file "/etc/bind/master/example.com"; +//}; + +// You can include files: +//include "/etc/bind/example.conf"; |