// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
- // forwarders {
- // 0.0.0.0;
- // };
+ // ALEX DEHNERT: slightly updated 2008-12-19
+ // ALEX DEHNERT: slightly updated 2010-03-01
+ forward first;
+ forwarders {
+ 18.71.0.151;
+ 18.70.0.160;
+ 18.72.0.3;
+ };
+
+ //========================================================================
+ // If BIND logs error messages about the root key being expired,
+ // you will need to update your keys. See https://www.isc.org/bind-keys
+ //========================================================================
+ dnssec-validation auto;
+
+ // ALEX DEHNERT: copied from old arctic version on 2008-12-19
+ //ALEX DEHNERT: Security-related stuff:
+ // Secure(ish):
+ allow-recursion { 18.18.208.12; 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; 18.0.0.0/8; };
+ //allow-query { 66.92.29.156; 66.92.29.144; 127.0.0.1; };
+ allow-transfer { none; };
+
+ // Insecure:
+ //allow-recursion { any; };
+ allow-query { any; };
+
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
+
+ // Decent info on DNS
+ // http://newweb.zytrax.com/books/dns/ch2/
+ // http://www.madboa.com/geek/soho-bind/
};