1 1.14 kim # $NetBSD: named.conf,v 1.14 2025/08/06 02:03:59 kim Exp $ 2 1.1 tron 3 1.1 tron # boot file for secondary name server 4 1.1 tron # Note that there should be one primary entry for each SOA record. 5 1.7 christos # If you cannot get DNSSEC to work, and you see the following message: 6 1.7 christos # DNSKEY: verify failed due to bad signature (keyid=19036): \ 7 1.7 christos # RRSIG validity period has not begun 8 1.7 christos # Fix your clock. You can comment out the dnssec entries temporarily to 9 1.7 christos # get to an ntp server. 10 1.1 tron 11 1.1 tron options { 12 1.1 tron directory "/etc/namedb"; 13 1.7 christos dnssec-validation auto; 14 1.6 christos managed-keys-directory "keys"; 15 1.7 christos bindkeys-file "bind.keys"; 16 1.4 itojun allow-recursion { localhost; localnets; }; 17 1.12 kim 18 1.14 kim # 19 1.14 kim # An EDNS buffer size of 1232 bytes will avoid fragmentation on 20 1.14 kim # nearly all current networks. This is based on an MTU of 1280, 21 1.14 kim # which is required by the IPv6 specification, minus 48 bytes for 22 1.14 kim # the IPv6 and UDP headers and the aforementioned research. 23 1.14 kim # 24 1.12 kim # https://www.dnsflagday.net/2020/ 25 1.14 kim # 26 1.12 kim max-udp-size 1232; 27 1.12 kim edns-udp-size 1232; 28 1.5 dholland 29 1.13 kim # RFC 8482 30 1.13 kim minimal-any yes; 31 1.13 kim minimal-responses yes; 32 1.13 kim 33 1.5 dholland # 34 1.5 dholland # This forces all queries to come from port 53; might be 35 1.5 dholland # needed for firewall traversals but should be avoided if 36 1.5 dholland # at all possible because of the risk of spoofing attacks. 37 1.5 dholland # 38 1.5 dholland #query-source address * port 53; 39 1.1 tron }; 40 1.1 tron 41 1.1 tron zone "." { 42 1.1 tron type hint; 43 1.1 tron file "root.cache"; 44 1.1 tron }; 45 1.1 tron 46 1.1 tron zone "localhost" { 47 1.1 tron type master; 48 1.1 tron file "localhost"; 49 1.1 tron }; 50 1.1 tron 51 1.1 tron zone "127.IN-ADDR.ARPA" { 52 1.1 tron type master; 53 1.1 tron file "127"; 54 1.1 tron }; 55 1.1 tron 56 1.1 tron zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { 57 1.1 tron type master; 58 1.1 tron file "loopback.v6"; 59 1.1 tron }; 60 1.1 tron 61 1.1 tron # example secondary server config: 62 1.1 tron # 63 1.1 tron # zone "Berkeley.EDU" { 64 1.1 tron # type slave; 65 1.1 tron # file "berkeley.edu.cache"; 66 1.1 tron # masters { 67 1.1 tron # 128.32.130.11; 68 1.1 tron # 128.32.133.1; 69 1.1 tron # }; 70 1.1 tron # }; 71 1.1 tron 72 1.1 tron # zone "32.128.IN-ADDR.ARPA" { 73 1.1 tron # type slave; 74 1.1 tron # file "128.32.cache"; 75 1.1 tron # masters { 76 1.1 tron # 128.32.130.11; 77 1.1 tron # 128.32.133.1; 78 1.1 tron # }; 79 1.1 tron # }; 80 1.1 tron 81 1.1 tron # example primary server config: 82 1.1 tron # 83 1.1 tron # zone "Berkeley.EDU" { 84 1.1 tron # type master; 85 1.1 tron # file "berkeley.edu"; 86 1.1 tron # }; 87 1.1 tron 88 1.1 tron # zone "32.128.IN-ADDR.ARPA" { 89 1.1 tron # type master; 90 1.1 tron # file "128.32"; 91 1.1 tron # }; 92
Indexes created Tue Oct 14 15:09:51 GMT 2025