directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
- // to talk to, you might need to uncomment the query-source
- // directive below. Previous versions of BIND always asked
- // questions using port 53, but BIND 8.1 and later use an unprivileged
- // port by default.
-
- // query-source address * port 53;
+ // to talk to, you may need to fix the firewall to allow multiple
+ // ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// ALEX DEHNERT: slightly updated 2010-03-01
forward first;
forwarders {
- 18.71.0.151;
- 18.70.0.160;
- 18.72.0.3;
+ 18.0.71.151;
+ 18.0.70.160;
+ 18.0.72.3;
};
+ //========================================================================
+ // If BIND logs error messages about the root key being expired,
+ // you will need to update your keys. See https://www.isc.org/bind-keys
+ //========================================================================
+ dnssec-validation auto;
+
// ALEX DEHNERT: copied from old arctic version on 2008-12-19
//ALEX DEHNERT: Security-related stuff:
// Secure(ish):
- allow-recursion { 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; };
+ allow-recursion { 18.18.208.12; 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; 18.0.0.0/8; };
//allow-query { 66.92.29.156; 66.92.29.144; 127.0.0.1; };
allow-transfer { none; };
projects / sysconfig / bind.git / blobdiff