X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=named.conf.options;h=8c01847565887cd364a58d456b888bb360eedd1a;hb=03c4635c97c1274df603bba7e027b4fde6122858;hp=af797589324c48ba740c06054e42720c2e6af4bf;hpb=86170c5501448455d508cdca76b9a0b151974fcc;p=sysconfig%2Fbind.git

diff --git a/named.conf.options b/named.conf.options
index af79758..8c01847 100644
--- a/named.conf.options
+++ b/named.conf.options
@@ -10,11 +10,38 @@ options {
 	// Uncomment the following block, and insert the addresses replacing 
 	// the all-0's placeholder.
 
-	// forwarders {
-	// 	0.0.0.0;
-	// };
+	// ALEX DEHNERT: slightly updated 2008-12-19
+	// ALEX DEHNERT: slightly updated 2010-03-01
+	forward first;
+	forwarders {
+		18.0.71.151;
+		18.0.70.160;
+		18.0.72.3;
+	};
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	// ALEX DEHNERT: copied from old arctic version on 2008-12-19
+	//ALEX DEHNERT: Security-related stuff:
+	// Secure(ish):
+	allow-recursion	{ 18.18.208.12; 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; 18.0.0.0/8; };
+	//allow-query	{ 66.92.29.156; 66.92.29.144; 127.0.0.1; };
+	allow-transfer { none; };
+
+	// Insecure:
+	//allow-recursion	{ any; };
+	allow-query	{ any; };
+
 
 	auth-nxdomain no;    # conform to RFC1035
 	listen-on-v6 { any; };
+
+	// Decent info on DNS
+	// http://newweb.zytrax.com/books/dns/ch2/
+	// http://www.madboa.com/geek/soho-bind/
 };