Difference between revisions of "BIND"
Jump to navigation
Jump to search
| Line 21: | Line 21: | ||
// dnssec-validation auto; | // dnssec-validation auto; | ||
dnssec-validation yes; | dnssec-validation yes; | ||
| + | ``` | ||
| + | |||
| + | # /etc/bind/named.conf.options | ||
| + | ``` | ||
| + | options { | ||
| + | directory "/var/cache/bind"; | ||
| + | dnssec-validation yes; | ||
| + | |||
| + | listen-on-v6 { any; }; | ||
| + | |||
| + | recursion yes; | ||
| + | # allow-recursion { 127.0.0.1; 192.168.0.0/24; 10.10.10.0/24; }; | ||
| + | allow-transfer { none; }; | ||
| + | allow-recursion { any; }; | ||
| + | # allow-query { any; }; | ||
| + | # allow-query-cache { any; }; | ||
| + | forwarders { | ||
| + | 10.250.5.2; | ||
| + | }; | ||
| + | forward only; | ||
| + | querylog yes; | ||
| + | version "not currently available"; | ||
| + | |||
| + | # dnssec-enable yes; | ||
| + | # dnssec-validation yes; | ||
| + | }; | ||
``` | ``` | ||
Revision as of 00:53, 23 August 2020
ISC BIND for DNS
https://www.isc.org/downloads/bind/
Education Resources
http://www.zytrax.com/books/dns/
http://www.zytrax.com/books/dns/ch6/
BIND9
Issues
tail -f /var/log/syslog managed-keys-zone: DNSKEY set for zone '.' could not be verified with current keys
named.conf.options - https://gitlab.isc.org/isc-projects/bind9/-/issues/492
// dnssec-validation auto;
dnssec-validation yes;
/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation yes;
listen-on-v6 { any; };
recursion yes;
# allow-recursion { 127.0.0.1; 192.168.0.0/24; 10.10.10.0/24; };
allow-transfer { none; };
allow-recursion { any; };
# allow-query { any; };
# allow-query-cache { any; };
forwarders {
10.250.5.2;
};
forward only;
querylog yes;
version "not currently available";
# dnssec-enable yes;
# dnssec-validation yes;
};