From: Frank Brehm Date: Fri, 2 Apr 2021 18:55:56 +0000 (+0200) Subject: daily autocommit X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=4deb0cfc7e828a0f48781335359c62d21248dbd2;p=config%2Fns1%2Fetc.git daily autocommit --- diff --git a/bind/named.conf.options b/bind/named.conf.options index 4778d18..4fd5f44 100644 --- a/bind/named.conf.options +++ b/bind/named.conf.options @@ -1,24 +1,91 @@ +//############################################################### +//# Bind9-Konfigurationsdatei for general options +//# /etc/bind/named.conf.options +//# +//# Host ns1.uhu-banane.de +//# +//############################################################### + + +//############################################################### +//# Allgemeine Optionen + options { + directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 - // If your ISP provided one or more IP addresses for stable - // nameservers, you probably want to use them as forwarders. - // Uncomment the following block, and insert the addresses replacing + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; + /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ + //bindkeys-file "/etc/bind/bind.keys"; + + listen-on-v6 { any; }; + listen-on { any; }; + + allow-notify { + allow-notify; + }; + + allow-recursion { + allow-recursion; + }; + //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== + //dnssec-enable yes; dnssec-validation auto; + dnssec-lookaside auto; - listen-on-v6 { any; }; + /* + * As of bind 9.8.0: + * "If the root key provided has expired, + * named will log the expiration and validation will not work." + */ + //dnssec-validation auto; + + /* if you have problems and are behind a firewall: */ + //query-source address * port 53; + + // pid-file "/var/run/named/named.pid"; + + version "none"; + +}; + +// Managed Keys +include "/etc/bind/bind.keys"; + +key "dyn-dns-updater" { + algorithm hmac-md5; + secret "gi69Yjzo1OSPVQ/oTTgw+Q=="; }; + +//############################################################### +//# Kontrollkanäle für RNDC + +include "/etc/bind/rndc.key"; + +controls { + inet 127.0.0.1 port 953 allow { + 127.0.0.1; + ::1/128; + } keys { + "rndc-key"; + }; +}; + + +# vim: ts=4 filetype=named noai