NetBSD/etc/named.conf
christos 9f57c06d41 - read the root keys from our file
- explain what happens if we get clock skew
2013-04-25 20:28:05 +00:00

79 lines
1.6 KiB
Plaintext

# $NetBSD: named.conf,v 1.7 2013/04/25 20:28:05 christos Exp $
# boot file for secondary name server
# Note that there should be one primary entry for each SOA record.
# If you cannot get DNSSEC to work, and you see the following message:
# DNSKEY: verify failed due to bad signature (keyid=19036): \
# RRSIG validity period has not begun
# Fix your clock. You can comment out the dnssec entries temporarily to
# get to an ntp server.
options {
directory "/etc/namedb";
dnssec-enable yes;
dnssec-validation auto;
dnssec-lookaside auto;
managed-keys-directory "keys";
bindkeys-file "bind.keys";
allow-recursion { localhost; localnets; };
#
# This forces all queries to come from port 53; might be
# needed for firewall traversals but should be avoided if
# at all possible because of the risk of spoofing attacks.
#
#query-source address * port 53;
};
zone "." {
type hint;
file "root.cache";
};
zone "localhost" {
type master;
file "localhost";
};
zone "127.IN-ADDR.ARPA" {
type master;
file "127";
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "loopback.v6";
};
# example secondary server config:
#
# zone "Berkeley.EDU" {
# type slave;
# file "berkeley.edu.cache";
# masters {
# 128.32.130.11;
# 128.32.133.1;
# };
# };
# zone "32.128.IN-ADDR.ARPA" {
# type slave;
# file "128.32.cache";
# masters {
# 128.32.130.11;
# 128.32.133.1;
# };
# };
# example primary server config:
#
# zone "Berkeley.EDU" {
# type master;
# file "berkeley.edu";
# };
# zone "32.128.IN-ADDR.ARPA" {
# type master;
# file "128.32";
# };