1# $NetBSD: named.conf,v 1.10 2020/10/11 22:14:55 jnemeth Exp $ 2 3# boot file for secondary name server 4# Note that there should be one primary entry for each SOA record. 5# If you cannot get DNSSEC to work, and you see the following message: 6# DNSKEY: verify failed due to bad signature (keyid=19036): \ 7# RRSIG validity period has not begun 8# Fix your clock. You can comment out the dnssec entries temporarily to 9# get to an ntp server. 10 11options { 12 directory "/etc/namedb"; 13 dnssec-enable yes; 14 dnssec-validation auto; 15 managed-keys-directory "keys"; 16 bindkeys-file "bind.keys"; 17 allow-recursion { localhost; localnets; }; 18 max-udp-size 1220; 19 edns-udp-size 1220; 20 21 # 22 # This forces all queries to come from port 53; might be 23 # needed for firewall traversals but should be avoided if 24 # at all possible because of the risk of spoofing attacks. 25 # 26 #query-source address * port 53; 27}; 28 29zone "." { 30 type hint; 31 file "root.cache"; 32}; 33 34zone "localhost" { 35 type master; 36 file "localhost"; 37}; 38 39zone "127.IN-ADDR.ARPA" { 40 type master; 41 file "127"; 42}; 43 44zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { 45 type master; 46 file "loopback.v6"; 47}; 48 49# example secondary server config: 50# 51# zone "Berkeley.EDU" { 52# type slave; 53# file "berkeley.edu.cache"; 54# masters { 55# 128.32.130.11; 56# 128.32.133.1; 57# }; 58# }; 59 60# zone "32.128.IN-ADDR.ARPA" { 61# type slave; 62# file "128.32.cache"; 63# masters { 64# 128.32.130.11; 65# 128.32.133.1; 66# }; 67# }; 68 69# example primary server config: 70# 71# zone "Berkeley.EDU" { 72# type master; 73# file "berkeley.edu"; 74# }; 75 76# zone "32.128.IN-ADDR.ARPA" { 77# type master; 78# file "128.32"; 79# }; 80