directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
- // to talk to, you might need to uncomment the query-source
- // directive below. Previous versions of BIND always asked
- // questions using port 53, but BIND 8.1 and later use an unprivileged
- // port by default.
-
- // query-source address * port 53;
+ // to talk to, you may need to fix the firewall to allow multiple
+ // ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
18.72.0.3;
};
+ //========================================================================
+ // If BIND logs error messages about the root key being expired,
+ // you will need to update your keys. See https://www.isc.org/bind-keys
+ //========================================================================
+ dnssec-validation auto;
+
// ALEX DEHNERT: copied from old arctic version on 2008-12-19
//ALEX DEHNERT: Security-related stuff:
// Secure(ish):
- allow-recursion { 18.208.0.204; 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; };
+ allow-recursion { 18.18.208.12; 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; 18.0.0.0/8; };
//allow-query { 66.92.29.156; 66.92.29.144; 127.0.0.1; };
allow-transfer { none; };