diff options
Diffstat (limited to 'contrib/bind/bin/named/named.conf')
-rw-r--r-- | contrib/bind/bin/named/named.conf | 41 |
1 files changed, 34 insertions, 7 deletions
diff --git a/contrib/bind/bin/named/named.conf b/contrib/bind/bin/named/named.conf index ab96666..d423b34 100644 --- a/contrib/bind/bin/named/named.conf +++ b/contrib/bind/bin/named/named.conf @@ -42,6 +42,9 @@ options { // notify on a zone-by-zone // basis in the "zone" statement // see (below) + max-serial-queries 4; // number of parallel SOA queries + // we can have outstanding for master + // zone change testing purposes auth-nxdomain yes; // always set AA on NXDOMAIN. // don't set this to 'no' unless // you know what you're doing -- older @@ -153,6 +156,20 @@ options { // every 'interface-interval' minutes statistics-interval 60; // log statistics every // 'statistics-interval' minutes + /* + * IXFR options + */ + maintain-ixfr-base no; // If yes, keep transaction log file for IXFR + max-ixfr-log-size 20; // Not implemented, maximum size the + // IXFR transaction log file to grow +}; + +/* + * Control listeners, for "ndc". Every nameserver needs at least one. + */ +controls { + inet * port 52 allow { any; }; // a bad idea + unix "/var/run/ndc" perm 0600 owner 0 group 0; // the default }; zone "master.demo.zone" { @@ -174,6 +191,7 @@ zone "master.demo.zone" { zone "slave.demo.zone" { type slave; // what used to be called "secondary" file "slave.demo.zone"; + ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file masters { 1.2.3.4; // where to zone transfer from 5.6.7.8; @@ -208,8 +226,14 @@ zone "stub.demo.zone" { zone "." { type hint; // used to be specified w/ "cache" file "cache.db"; + pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; }; +trusted-keys { + . 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; +}; + + acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0 // is disallowed; rest are OK acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed @@ -226,16 +250,18 @@ zone "non-default-acl.demo.zone" { }; }; -key sample_key { // for TSIG; supported by parser - algorithm hmac-md5; // but not yet implemented in the - secret "your secret here"; // rest of the server +key sample_key { // for TSIG + algorithm hmac-md5; // hmac-md5 is the supported algorithm + secret "abcdefgh"; // base 64 encoded secret }; key key2 { algorithm hmac-md5; - secret "ereh terces rouy"; + secret "87654321"; }; +acl key_acl { key sample_key; }; // a request signed with sample_key + server 1.2.3.4 { bogus no; // if yes, we won't query or listen // to this server @@ -245,9 +271,10 @@ server 1.2.3.4 { // if not specified, the global option // will be used transfers 0; // not implemented - keys { sample_key; key2; }; // for TSIG; supported by the parser - // but not yet implemented in the - // rest of the server + keys { sample_key; key2; }; // for TSIG; sign requests to this + // server with this key + support-ixfr yes; // for IXFR supported by server + // if yes, the listed server talks IXFR }; logging { |