X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=machine_specific%2Fbk%2Ffilesystem%2Fetc%2Fbind%2Fnamed.conf.options;fp=machine_specific%2Fbk%2Ffilesystem%2Fetc%2Fbind%2Fnamed.conf.options;h=42f1a3e8ccd794294468be61ae6227a75816c9d7;hb=da085f71e5ae00a9f78ed903be6ae675f66eacfa;hp=0000000000000000000000000000000000000000;hpb=2a1cee2e73d9291dde9af831bbe9e996199b7cbc;p=distro-setup

diff --git a/machine_specific/bk/filesystem/etc/bind/named.conf.options b/machine_specific/bk/filesystem/etc/bind/named.conf.options
new file mode 100644
index 0000000..42f1a3e
--- /dev/null
+++ b/machine_specific/bk/filesystem/etc/bind/named.conf.options
@@ -0,0 +1,31 @@
+// this is the default for t10, plus my commented additions
+options {
+        directory "/var/cache/bind";
+
+        // If there is a firewall between you and nameservers you want
+        // to talk to, you may need to fix the firewall to allow multiple
+        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+        // If your ISP provided one or more IP addresses for stable
+        // nameservers, you probably want to use them as forwarders.
+        // Uncomment the following block, and insert the addresses replacing
+        // the all-0's placeholder.
+
+        // forwarders {
+        //      0.0.0.0;
+        // };
+
+        //========================================================================
+        // If BIND logs error messages about the root key being expired,
+        // you will need to update your keys.  See https://www.isc.org/bind-keys
+        //========================================================================
+        dnssec-validation auto;
+
+        // iank: only listen on our public addresses, lets use unbound for
+        // local process resolution, like we do at fsf, so debugging issues
+        // works for both.
+        listen-on { 85.119.83.50; };
+        listen-on-v6 { 2001:ba8:1f1:f0c9::2; };
+
+// end options
+};