summaryrefslogtreecommitdiffstats
path: root/named.conf
blob: 8e1f8254e77f67eb1f1286a27f51b59b086cb645 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
// vim: ft=named

options {
	directory "/var/named";
	key-directory "keys";
	pid-file "/run/named/named.pid";

	listen-on-v6 { any; };

	tcp-clients 100;

	allow-query-cache { none; };
	allow-query { any; };
	allow-transfer { none; };
	allow-update { none; };

	recursion no;

	version none;
	hostname none;
	server-id none;
};

dnssec-policy standard {
	keys {
		ksk lifetime 365d algorithm ed25519;
		zsk lifetime 60d algorithm ed25519;
	};
	publish-safety 7d;
	retire-safety 7d;
};

parental-agents "com" {
	192.5.6.30; // a.gtld-servers.net.
	192.33.14.30; // b.gtld-servers.net.
	192.26.92.30; // c.gtld-servers.net.
};

parental-agents "foo" {
	216.239.32.105; // ns-tld1.charlestonroadregistry.com.
	216.239.34.105; // ns-tld2.charlestonroadregistry.com.
	216.239.36.105; // ns-tld3.charlestonroadregistry.com.
};

parental-agents "io" {
	65.22.160.17; // a0.nic.io.
	65.22.161.17; // b0.nic.io.
	65.22.162.17; // c0.nic.io.
};

zone "kyriasis.com" IN {
	type master;
	file "dns/kyriasis.com.zone";

	allow-transfer {
		178.79.157.58; // lucifer
		2a01:7e00::f03c:91ff:fe69:1787; // lucifer
	};

	inline-signing yes;
	dnssec-policy standard;
	parental-agents { "com"; };
};

zone "remmy.foo" IN {
	type master;
	file "dns/remmy.foo.zone";

	allow-transfer {
		178.79.157.58; // lucifer
		2a01:7e00::f03c:91ff:fe69:1787; // lucifer
	};

	inline-signing yes;
	dnssec-policy standard;
	parental-agents { "foo"; };
};

zone "remmy.io" IN {
	type master;
	file "dns/remmy.io.zone";

	allow-transfer {
		178.79.157.58; // lucifer
		2a01:7e00::f03c:91ff:fe69:1787; // lucifer
	};

	inline-signing yes;
	dnssec-policy standard;
	parental-agents { "io"; };
};

logging {
	channel dnssec-log {
		file "/var/named/log/dnssec" versions 3 size 20m;
		print-time yes;
		print-category yes;
		print-severity yes;
		severity debug 1;
	};

	channel xfer-log {
		file "/var/named/log/zone_transfers" versions 3 size 20m;
		print-time yes;
		print-category yes;
		print-severity yes;
		severity info;
	};

	category dnssec { dnssec-log; };

	category xfer-in { xfer-log; };
	category xfer-out { xfer-log; };
	category notify { xfer-log; };
};