blob: 90386ec0498866654ab8f02d82a415aecb5774a2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
// vim: ft=named
options {
directory "/var/named";
key-directory "keys";
pid-file "/run/named/named.pid";
listen-on-v6 { any; };
tcp-clients 100;
allow-query-cache { none; };
allow-query { any; };
allow-transfer { none; };
allow-update { none; };
recursion no;
version none;
hostname none;
server-id none;
};
dnssec-policy standard {
keys {
ksk lifetime 365d algorithm ed25519;
zsk lifetime 60d algorithm ed25519;
};
publish-safety 7d;
retire-safety 7d;
};
parental-agents "com" {
192.5.6.30; // a.gtld-servers.net.
192.33.14.30; // b.gtld-servers.net.
192.26.92.30; // c.gtld-servers.net.
};
parental-agents "foo" {
216.239.32.105; // ns-tld1.charlestonroadregistry.com.
216.239.34.105; // ns-tld2.charlestonroadregistry.com.
216.239.36.105; // ns-tld3.charlestonroadregistry.com.
};
parental-agents "io" {
65.22.160.17; // a0.nic.io.
65.22.161.17; // b0.nic.io.
65.22.162.17; // c0.nic.io.
};
parental-agents "kitchen" {
65.22.32.17; // v0n0.nic.kitchen.
65.22.35.17; // v2n0.nic.kitchen.
};
zone "kyriasis.com" IN {
type master;
file "dns/kyriasis.com.zone";
allow-transfer {
178.79.157.58; // lucifer
2a01:7e00::f03c:91ff:fe69:1787; // lucifer
};
inline-signing yes;
dnssec-policy standard;
parental-agents { "com"; };
};
zone "pie-in-the-sky.kitchen" IN {
type master;
file "dns/pie-in-the-sky.kitchen.zone";
allow-transfer {
178.79.157.58; // lucifer
2a01:7e00::f03c:91ff:fe69:1787; // lucifer
};
inline-signing yes;
dnssec-policy standard;
parental-agents { "kitchen"; };
};
zone "remmy.foo" IN {
type master;
file "dns/remmy.foo.zone";
allow-transfer {
178.79.157.58; // lucifer
2a01:7e00::f03c:91ff:fe69:1787; // lucifer
};
inline-signing yes;
dnssec-policy standard;
parental-agents { "foo"; };
};
zone "remmy.io" IN {
type master;
file "dns/remmy.io.zone";
allow-transfer {
178.79.157.58; // lucifer
2a01:7e00::f03c:91ff:fe69:1787; // lucifer
};
inline-signing yes;
dnssec-policy standard;
parental-agents { "io"; };
};
logging {
channel dnssec-log {
file "/var/named/log/dnssec" versions 3 size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity debug 1;
};
channel xfer-log {
file "/var/named/log/zone_transfers" versions 3 size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
category dnssec { dnssec-log; };
category xfer-in { xfer-log; };
category xfer-out { xfer-log; };
category notify { xfer-log; };
};
|