daily autocommit

diff --git a/bind/named.conf.options b/bind/named.conf.options
index 4778d1855c82e0040e5073def224a466a9650bfa..4fd5f44bf6f228b5147130acb5e35d8ffb8c9e13 100644 (file)
--- a/bind/named.conf.options
+++ b/bind/named.conf.options
@@ -1,24 +1,91 @@
+//###############################################################
+//# Bind9-Konfigurationsdatei for general options
+//# /etc/bind/named.conf.options
+//#
+//# Host ns1.uhu-banane.de
+//#
+//###############################################################
+
+
+//###############################################################
+//# Allgemeine Optionen
+
 options {
+
        directory "/var/cache/bind";
 
        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
 
-       // If your ISP provided one or more IP addresses for stable 
-       // nameservers, you probably want to use them as forwarders.  
-       // Uncomment the following block, and insert the addresses replacing 
+       // If your ISP provided one or more IP addresses for stable
+       // nameservers, you probably want to use them as forwarders.
+       // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
 
        // forwarders {
        //      0.0.0.0;
        // };
 
+       /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+       //bindkeys-file "/etc/bind/bind.keys";
+
+       listen-on-v6 { any; };
+       listen-on { any; };
+
+       allow-notify {
+               allow-notify;
+       };
+
+       allow-recursion {
+               allow-recursion;
+       };
+
        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
+       //dnssec-enable yes;
        dnssec-validation auto;
+       dnssec-lookaside auto;
 
-       listen-on-v6 { any; };
+       /*
+        * As of bind 9.8.0:
+        * "If the root key provided has expired,
+        * named will log the expiration and validation will not work."
+        */
+       //dnssec-validation auto;
+
+       /* if you have problems and are behind a firewall: */
+       //query-source address * port 53;
+
+       // pid-file "/var/run/named/named.pid";
+
+       version "none";
+
+};
+
+// Managed Keys
+include "/etc/bind/bind.keys";
+
+key "dyn-dns-updater" {
+       algorithm hmac-md5;
+       secret "gi69Yjzo1OSPVQ/oTTgw+Q==";
 };
+
+//###############################################################
+//# Kontrollkanäle für RNDC
+
+include "/etc/bind/rndc.key";
+
+controls {
+       inet 127.0.0.1 port 953 allow {
+               127.0.0.1;
+               ::1/128;
+       } keys {
+               "rndc-key";
+       };
+};
+
+
+# vim: ts=4 filetype=named noai