mirror of
https://github.com/dockersrc/scripts
synced 2024-11-23 11:23:07 -05:00
78 lines
3.2 KiB
Plaintext
78 lines
3.2 KiB
Plaintext
# default options - https://bind9.readthedocs.io/en/latest/chapter3.html
|
|
options {
|
|
version "9";
|
|
listen-on { any; };
|
|
listen-on-v6 { any; };
|
|
zone-statistics yes;
|
|
max-cache-size 60m;
|
|
interface-interval 60;
|
|
max-ncache-ttl 10800;
|
|
max-udp-size 4096;
|
|
forwarders { 1.1.1.1; 8.8.8.8; 8.8.4.4; };
|
|
notify yes;
|
|
allow-transfer { trusted; };
|
|
transfer-format many-answers;
|
|
allow-query { any; };
|
|
allow-recursion { any; };
|
|
allow-query-cache { any; };
|
|
auth-nxdomain no;
|
|
dnssec-validation auto;
|
|
directory "/var/bind";
|
|
managed-keys-directory "/etc/bind/keys";
|
|
pid-file "/run/named/named.pid";
|
|
dump-file "/data/logs/named/dump.db";
|
|
statistics-file "/data/logs/named/named.stats";
|
|
memstatistics-file "/data/logs/named/mem.stats";
|
|
};
|
|
#####################################################################
|
|
# access settings
|
|
acl "all" { 0.0.0.0/0; ::/0; };
|
|
acl "trusted" { 10.0.0.0/8; 127.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
|
|
#####################################################################
|
|
# named logging options
|
|
logging {
|
|
channel xfer-in { stderr; severity info; print-category yes; print-severity yes; print-time yes; };
|
|
channel xfer-out { stderr; severity info; print-category yes; print-severity yes; print-time yes; };
|
|
channel update { stderr; severity info; print-category yes; print-severity yes; print-time yes; };
|
|
channel notify { stderr; severity info; print-category yes; print-severity yes; print-time yes; };
|
|
channel querylog { stderr; severity info; print-time yes; };
|
|
channel security { file "/data/logs/named/security.log"; severity dynamic; print-severity yes; print-time yes; };
|
|
channel default { file "/data/logs/named/default.log"; severity debug; print-category yes; print-severity yes; print-time yes; };
|
|
channel debug { file "/data/logs/named/debug.log"; severity debug; };
|
|
category lame-servers { default; debug; };
|
|
category dispatch { default; debug; };
|
|
category queries { querylog; debug; };
|
|
category update { default; update; debug; };
|
|
category network { default; debug; };
|
|
category unmatched { default; debug; };
|
|
category client { default; debug; };
|
|
category notify { notify; debug; };
|
|
category xfer-out { xfer-out; debug; };
|
|
category xfer-in { xfer-in; debug; };
|
|
category resolver { default; debug; };
|
|
category config { default; debug; };
|
|
category security { security; debug; };
|
|
category database { default; debug; };
|
|
category general { default; debug; };
|
|
category default { default; };
|
|
category dnssec { security; debug; };
|
|
};
|
|
#####################################################################
|
|
# rndc keys
|
|
key "certbot." { algorithm hmac-sha256; secret "REPLACE_KEY_CERTBOT"; };
|
|
key "rndc-key" { algorithm hmac-sha256; secret "REPLACE_KEY_RNDC"; };
|
|
key "dhcp-key" { algorithm hmac-sha256; secret "REPLACE_KEY_DHCP"; };
|
|
key "backup-key" { algorithm hmac-sha256; secret "REPLACE_KEY_BACKUP"; };
|
|
#####################################################################
|
|
# rndc settings
|
|
controls { inet 127.0.0.1 allow { trusted; } keys { "rndc-key"; }; };
|
|
#####################################################################
|
|
# ********** begin root info **********
|
|
zone "." {
|
|
type hint;
|
|
file "/var/bind/root.cache";
|
|
};
|
|
# ********** end root info **********
|
|
# end
|
|
#####################################################################
|