From df1a5e501763e44127dc660b01fd036de5b94112 Mon Sep 17 00:00:00 2001 From: Dan Theisen Date: Fri, 6 Jul 2018 00:13:54 -0700 Subject: user/bind: import, take, clean up, update root zone --- user/bind/named.conf.authoritative | 56 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 user/bind/named.conf.authoritative (limited to 'user/bind/named.conf.authoritative') diff --git a/user/bind/named.conf.authoritative b/user/bind/named.conf.authoritative new file mode 100644 index 000000000..71e98ddc7 --- /dev/null +++ b/user/bind/named.conf.authoritative @@ -0,0 +1,56 @@ +// Copy this file to /etc/bind/named.conf if you want to run bind as an +// authoritative nameserver. If you want to run a recursive DNS resolver +// instead, see /etc/bind/named.conf.recursive. +// +// BIND supports using the same daemon as both authoritative nameserver and +// recursive resolver; it supports this because it is the oldest and original +// nameserver and so was designed before it was realized that combining these +// functions is inadvisable. +// +// In actual fact, combining these functions is a very bad idea. It is thus +// recommended that you run a given instance of BIND as either an authoritative +// nameserver or recursive resolver, not both. The example configuration herein +// provides a secure starting point for running an authoritative nameserver. + +options { + directory "/var/bind"; + + // Configure the IPs to listen on here. + listen-on { 127.0.0.1; }; + listen-on-v6 { none; }; + + // If you want to allow only specific hosts to use the DNS server: + //allow-query { + // 127.0.0.1; + //}; + + // Specify a list of IPs/masks to allow zone transfers to here. + // + // You can override this on a per-zone basis by specifying this inside a zone + // block. + // + // Warning: Removing this block will cause BIND to revert to its default + // behaviour of allowing zone transfers to any host (!). + allow-transfer { + none; + }; + + // If you have problems and are behind a firewall: + //query-source address * port 53; + + pid-file "/var/run/named/named.pid"; + + // Changing this is NOT RECOMMENDED; see the notes above and in + // named.conf.recursive. + allow-recursion { none; }; + recursion no; +}; + +// Example of how to configure a zone for which this server is the master: +//zone "example.com" IN { +// type master; +// file "/etc/bind/master/example.com"; +//}; + +// You can include files: +//include "/etc/bind/example.conf"; -- cgit v1.2.3-60-g2f50