# $NetBSD: named.conf,v 1.11 2024/03/07 14:21:03 christos Exp $ # boot file for secondary name server # Note that there should be one primary entry for each SOA record. # If you cannot get DNSSEC to work, and you see the following message: # DNSKEY: verify failed due to bad signature (keyid=19036): \ # RRSIG validity period has not begun # Fix your clock. You can comment out the dnssec entries temporarily to # get to an ntp server. options { directory "/etc/namedb"; dnssec-validation auto; managed-keys-directory "keys"; bindkeys-file "bind.keys"; allow-recursion { localhost; localnets; }; max-udp-size 1220; edns-udp-size 1220; # # This forces all queries to come from port 53; might be # needed for firewall traversals but should be avoided if # at all possible because of the risk of spoofing attacks. # #query-source address * port 53; }; zone "." { type hint; file "root.cache"; }; zone "localhost" { type master; file "localhost"; }; zone "127.IN-ADDR.ARPA" { type master; file "127"; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { type master; file "loopback.v6"; }; # example secondary server config: # # zone "Berkeley.EDU" { # type slave; # file "berkeley.edu.cache"; # masters { # 128.32.130.11; # 128.32.133.1; # }; # }; # zone "32.128.IN-ADDR.ARPA" { # type slave; # file "128.32.cache"; # masters { # 128.32.130.11; # 128.32.133.1; # }; # }; # example primary server config: # # zone "Berkeley.EDU" { # type master; # file "berkeley.edu"; # }; # zone "32.128.IN-ADDR.ARPA" { # type master; # file "128.32"; # };