blob: ac0e4b652dd17f7a4c86f5f01867aaf92c5cdfa6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
// vim: ft=named
options {
directory "/var/named";
key-directory "keys";
pid-file "/run/named/named.pid";
listen-on-v6 { any; };
tcp-clients 100;
allow-query-cache { none; };
allow-query { any; };
allow-transfer { none; };
allow-update { none; };
recursion no;
version none;
hostname none;
server-id none;
};
dnssec-policy standard {
keys {
ksk lifetime 365d algorithm ed25519;
zsk lifetime 60d algorithm ed25519;
};
};
parental-agents "com" {
192.5.6.30; // a.gtld-servers.net.
192.33.14.30; // b.gtld-servers.net.
192.26.92.30; // c.gtld-servers.net.
};
parental-agents "io" {
65.22.160.17; // a0.nic.io.
65.22.161.17; // b0.nic.io.
65.22.162.17; // c0.nic.io.
};
zone "kyriasis.com" IN {
type master;
file "dns/kyriasis.com.zone";
allow-transfer {
178.79.157.58; // lucifer
2a01:7e00::f03c:91ff:fe69:1787; // lucifer
};
inline-signing yes;
dnssec-policy standard;
parental-agents { "com"; };
};
zone "remmy.io" IN {
type master;
file "dns/remmy.io.zone";
allow-transfer {
178.79.157.58; // lucifer
2a01:7e00::f03c:91ff:fe69:1787; // lucifer
};
inline-signing yes;
dnssec-policy standard;
parental-agents { "io"; };
};
logging {
channel dnssec-log {
file "/var/named/log/dnssec" versions 3 size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity debug 1;
};
channel xfer-log {
file "/var/named/log/zone_transfers" versions 3 size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
category dnssec { dnssec-log; };
category xfer-in { xfer-log; };
category xfer-out { xfer-log; };
category notify { xfer-log; };
};
|