X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=named.conf.options;fp=named.conf.options;h=eeedc298e0b8ec7f0f46f6ef153a62e2b6087982;hb=6351ccb1853e565aba2da733c5de0e3382541fb1;hp=af797589324c48ba740c06054e42720c2e6af4bf;hpb=86170c5501448455d508cdca76b9a0b151974fcc;p=sysconfig%2Fbind.git

diff --git a/named.conf.options b/named.conf.options
index af79758..eeedc29 100644
--- a/named.conf.options
+++ b/named.conf.options
@@ -2,19 +2,44 @@ options {
 	directory "/var/cache/bind";
 
 	// If there is a firewall between you and nameservers you want
-	// to talk to, you may need to fix the firewall to allow multiple
-	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+	// to talk to, you might need to uncomment the query-source
+	// directive below.  Previous versions of BIND always asked
+	// questions using port 53, but BIND 8.1 and later use an unprivileged
+	// port by default.
+
+	// query-source address * port 53;
 
 	// If your ISP provided one or more IP addresses for stable 
 	// nameservers, you probably want to use them as forwarders.  
 	// Uncomment the following block, and insert the addresses replacing 
 	// the all-0's placeholder.
 
-	// forwarders {
-	// 	0.0.0.0;
-	// };
+	// ALEX DEHNERT: slightly updated 2008-12-19
+	// ALEX DEHNERT: slightly updated 2010-03-01
+	forward first;
+	forwarders {
+		18.71.0.151;
+		18.70.0.160;
+		18.72.0.3;
+	};
+
+	// ALEX DEHNERT: copied from old arctic version on 2008-12-19
+	//ALEX DEHNERT: Security-related stuff:
+	// Secure(ish):
+	allow-recursion	{ 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; };
+	//allow-query	{ 66.92.29.156; 66.92.29.144; 127.0.0.1; };
+	allow-transfer { none; };
+
+	// Insecure:
+	//allow-recursion	{ any; };
+	allow-query	{ any; };
+
 
 	auth-nxdomain no;    # conform to RFC1035
 	listen-on-v6 { any; };
+
+	// Decent info on DNS
+	// http://newweb.zytrax.com/books/dns/ch2/
+	// http://www.madboa.com/geek/soho-bind/
 };