X-Git-Url: https://git.phdru.name/?a=blobdiff_plain;f=playbooks%2Fdebian%2Froles%2Fnamed%2Ffiles%2Fnamed.conf.options;fp=playbooks%2Fdebian%2Froles%2Fnamed%2Ffiles%2Fnamed.conf.options;h=69409260359b9442908f3df0c5d21dfa52f0519d;hb=f85d72f8ccbb74da7626fd2381878f7816d73e63;hp=0000000000000000000000000000000000000000;hpb=2874ed02fa96232145a03cba8e1acfcc44ddb34d;p=ansible.git

diff --git a/playbooks/debian/roles/named/files/named.conf.options b/playbooks/debian/roles/named/files/named.conf.options
new file mode 100644
index 0000000..6940926
--- /dev/null
+++ b/playbooks/debian/roles/named/files/named.conf.options
@@ -0,0 +1,31 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	// dnssec-validation auto;
+	dnssec-enable no;
+	dnssec-validation no;
+
+	auth-nxdomain no;    # conform to RFC1035
+	// listen-on-v6 { any; };
+
+	// allow-transfer { trusted; };
+	allow-query { localhost; 192.168.0.0/16; 10.0.0.0/8; };
+	allow-recursion { localhost; 192.168.0.0/16; 10.0.0.0/8; };
+};