blob: 526d662376d38e3fafdd23e571c13d4de6294871 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
// vim: ft=named
options {
directory "/var/named";
key-directory "keys";
pid-file "/run/named/named.pid";
listen-on-v6 { any; };
tcp-clients 100;
allow-query-cache { none; };
allow-query { any; };
allow-transfer { none; };
allow-update { none; };
recursion no;
version none;
hostname none;
server-id none;
};
dnssec-policy standard {
keys {
ksk lifetime 365d algorithm ed25519;
zsk lifetime 60d algorithm ed25519;
};
publish-safety 1d;
retire-safety 1d;
};
parental-agents "com" {
192.5.6.30; // a.gtld-servers.net.
192.33.14.30; // b.gtld-servers.net.
192.26.92.30; // c.gtld-servers.net.
};
parental-agents "foo" {
216.239.32.105; // ns-tld1.charlestonroadregistry.com.
216.239.34.105; // ns-tld2.charlestonroadregistry.com.
216.239.36.105; // ns-tld3.charlestonroadregistry.com.
};
parental-agents "kitchen" {
65.22.32.17; // v0n0.nic.kitchen.
65.22.35.17; // v2n0.nic.kitchen.
};
zone "kyriasis.com" IN {
type master;
file "dns/kyriasis.com.zone";
allow-transfer {
178.79.157.58; // lucifer
2a01:7e00::f03c:91ff:fe69:1787; // lucifer
};
inline-signing yes;
dnssec-policy standard;
parental-agents { "com"; };
};
zone "pie-in-the-sky.kitchen" IN {
type master;
file "dns/pie-in-the-sky.kitchen.zone";
allow-transfer {
178.79.157.58; // lucifer
2a01:7e00::f03c:91ff:fe69:1787; // lucifer
};
inline-signing yes;
dnssec-policy standard;
parental-agents { "kitchen"; };
};
zone "remmy.foo" IN {
type master;
file "dns/remmy.foo.zone";
allow-transfer {
178.79.157.58; // lucifer
2a01:7e00::f03c:91ff:fe69:1787; // lucifer
};
inline-signing yes;
dnssec-policy standard;
parental-agents { "foo"; };
};
logging {
channel dnssec-log {
file "/var/named/log/dnssec" versions 3 size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity debug 1;
};
channel xfer-log {
file "/var/named/log/zone_transfers" versions 3 size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
category dnssec { dnssec-log; };
category xfer-in { xfer-log; };
category xfer-out { xfer-log; };
category notify { xfer-log; };
};
|