directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
- // to talk to, you may need to fix the firewall to allow multiple
- // ports to talk. See http://www.kb.cert.org/vuls/id/800113
+ // to talk to, you might need to uncomment the query-source
+ // directive below. Previous versions of BIND always asked
+ // questions using port 53, but BIND 8.1 and later use an unprivileged
+ // port by default.
+
+ // query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
- // forwarders {
- // 0.0.0.0;
- // };
+ // ALEX DEHNERT: slightly updated 2008-12-19
+ // ALEX DEHNERT: slightly updated 2010-03-01
+ forward first;
+ forwarders {
+ 18.71.0.151;
+ 18.70.0.160;
+ 18.72.0.3;
+ };
+
+ // ALEX DEHNERT: copied from old arctic version on 2008-12-19
+ //ALEX DEHNERT: Security-related stuff:
+ // Secure(ish):
+ allow-recursion { 18.208.0.204; 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; };
+ //allow-query { 66.92.29.156; 66.92.29.144; 127.0.0.1; };
+ allow-transfer { none; };
+
+ // Insecure:
+ //allow-recursion { any; };
+ allow-query { any; };
+
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
+
+ // Decent info on DNS
+ // http://newweb.zytrax.com/books/dns/ch2/
+ // http://www.madboa.com/geek/soho-bind/
};