106 lines
3.6 KiB
Plaintext
106 lines
3.6 KiB
Plaintext
options {
|
|
directory "/var/cache/bind";
|
|
|
|
// Remove (hide) our bind version - no reason to disclose it
|
|
version "";
|
|
|
|
// Configure the IPs to listen on here.
|
|
listen-on { any; };
|
|
listen-on-v6 { none; };
|
|
|
|
// QUERY SOURCE - Useful for caching servers behind a firewall
|
|
// Default: address * port *
|
|
// Values : The IP address and port to use as the source of queries to other servers
|
|
// If you have problems and are behind a firewall, uncomment:
|
|
//query-source address * port *;
|
|
|
|
pid-file "/var/run/named/named.pid";
|
|
|
|
// statistics-file "/var/cache/bind/named.stats";
|
|
// zone-statistics yes;
|
|
|
|
// If you want to allow only specific hosts to use the DNS server:
|
|
allow-query { 127.0.0.1; };
|
|
|
|
// Specify a list of IPs/masks to allow zone transfers to here.
|
|
//
|
|
// You can override this on a per-zone basis by specifying this inside a zone
|
|
// block.
|
|
//
|
|
// Warning: Removing this block will cause BIND to revert to its default
|
|
// behaviour of allowing zone transfers to any host (!).
|
|
allow-transfer { none; };
|
|
|
|
|
|
// If there is a firewall between you and nameservers you want
|
|
// to talk to, you may need to fix the firewall to allow multiple
|
|
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
|
|
|
|
// RECURSION - Required for caching servers
|
|
// Default: yes
|
|
// Values : yes, no
|
|
//
|
|
// yes: Attempt to resolve requests we are not authoritative for
|
|
// no : Do not resolve requests we are not authoritative for
|
|
//
|
|
// NOTE: Commented out because specified in each zone/view
|
|
recursion yes;
|
|
//recursion no;
|
|
|
|
|
|
// ALLOW-RECURSION - Who may use our caching server?
|
|
// Default: any;
|
|
// Values : any, none, (addresslist)
|
|
//
|
|
// any : anybody may use the caching server
|
|
// none : noone may use the caching server
|
|
// address: List of IP addresses that may use the caching server.
|
|
// allow-recursion { localhost; localnets; };
|
|
//
|
|
// NOTE: Commented out because specified in each zone/view
|
|
// allow-recursion { clients; servers; lan; };
|
|
//allow-recursion { none; };
|
|
allow-recursion { 127.0.0.1; };
|
|
|
|
// If your ISP provided one or more IP addresses for stable
|
|
// nameservers, you probably want to use them as forwarders.
|
|
// Uncomment the following block, and insert the addresses replacing
|
|
// the all-0's placeholder.
|
|
|
|
forwarders {
|
|
8.8.8.8;
|
|
8.8.4.4;
|
|
};
|
|
|
|
// FORWARD - Recommended for caching servers
|
|
// Default: first
|
|
// Values : first, only
|
|
//
|
|
// first: Query "forwarders" first, then resolve request ourself
|
|
// only : Only query the "forwarders" to resolve requests
|
|
//
|
|
forward first;
|
|
|
|
|
|
// NOTIFY - Relevant to authoritative servers
|
|
// Default: yes
|
|
// Values : yes, explicit, no
|
|
//
|
|
// yes : Send DNS NOTIFY messages to slave servers in zone NS records when zone changes
|
|
// explicit: Only send DNS NOTIFY messages to "also-notify" hosts
|
|
// no : Never automatically send DNS NOTIFY messages
|
|
//
|
|
notify yes;
|
|
|
|
// Need this for SRV records
|
|
check-names master ignore;
|
|
|
|
//========================================================================
|
|
// If BIND logs error messages about the root key being expired,
|
|
// you will need to update your keys. See https://www.isc.org/bind-keys
|
|
//========================================================================
|
|
dnssec-validation auto;
|
|
|
|
auth-nxdomain no; # conform to RFC1035
|
|
};
|