File bind-resolvconf.conf of Package openresolv
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
options {
# For the time being, disable new BIND option "stale-answer-client-timeout"
# as it can result in unexpected server termination
stale-answer-enable no;
# The directory statement defines the name server's working directory
directory "/var/lib/named";
# enable DNSSEC validation
#
# If BIND logs error messages about the root key being expired, you
# will need to update your keys. See https://www.isc.org/bind-keys
#
# The dnssec-enable option has been obsoleted and no longer has any effect.
# DNSSEC responses are always enabled if signatures and other DNSSEC data are present.
# dnssec-validation yes (default), indicates that a resolver
# (a caching or caching-only name server) will attempt to validate
# replies from DNSSEC enabled (signed) zones. To perform this task
# the server also needs either a valid trusted-keys clause
# (containing one or more trusted-anchors) or a managed-keys clause.
# If you have problems with forwarders not returning signed responses,
# set this to "no", but be aware that this may create security issues
# so better switch to a forwarder which supports DNSSEC!
#dnssec-validation auto;
managed-keys-directory "/var/lib/named/dyn/";
# Write dump and statistics file to the log subdirectory.
dump-file "/var/log/named/dump-resolvconf.db";
statistics-file "/var/log/named/stats-resolvconf";
pid-file "/var/run/bind-resolvconf.pid";
# The forwarders record contains a list of servers to which queries
# should be forwarded. Enable this line and modify the IP address to
# your provider's name server. Up to three servers may be listed.
#forwarders { 192.0.2.1; 192.0.2.2; };
# Enable the next entry to prefer usage of the name server declared in
# the forwarders section.
#forward first;
# The listen-on record contains a list of local network interfaces to
# listen on. Optionally the port can be specified. Default is to
# listen on all interfaces found on your system. The default port is
# 53.
listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6
# interfaces. Allowed values are 'any' and 'none' or a list of
# addresses.
listen-on-v6 { ::!; };
# The next three statements may be needed if a firewall stands between
# the local server and the internet.
#query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;
# The allow-query record contains a list of networks or IP addresses
# to accept and deny queries from. The default is to allow queries
# from all hosts.
allow-query { 127.0.0.1; ::1};
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
# When ``named`` is compiled using the MaxMind GeoIP2 geolocation API, this
# specifies the directory containing GeoIP database files. By default, the
# option is set based on the prefix used to build the ``libmaxminddb`` module;
# for example, if the library is installed in ``/usr/local/lib``, then the
# default ``geoip-directory`` is ``/usr/local/share/GeoIP``.
# Use the following syntax if you want to specify a different location:
# geoip-directory "/path/to/geoip/database";
geoip-directory none;
include "/etc/bind/bind-resolvconf-resolv.conf";
};
# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
# # Log queries to a file limited to a size of 100 MB.
# channel query_logging {
# file "/var/log/named/querylog"
# versions 3 size 100M;
# print-time yes; // timestamp log entries
# };
# category queries {
# query_logging;
# };
#
# # Or log this kind alternatively to syslog.
# channel syslog_queries {
# syslog user;
# severity info;
# };
# category queries { syslog_queries; };
#
# # Log general name server errors to syslog.
# channel syslog_errors {
# syslog user;
# severity error;
# };
# category default { syslog_errors; };
#
# # Don't log lame server messages.
# category lame-servers { null; };
#};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "127.0.0.zone";
};
# Un-comment the following line if you want to limit rndc access to and from localhost only
include "/etc/named.d/rndc-access.conf";
# Un-comment the following if you still need "/etc/named.conf.include" included.
# include "/etc/named.conf.include";
# You can insert further zone records for your own domains below
# See /usr/share/doc/packages/bind/README.SUSE for more details.
include "/etc/bind/bind-resolvconf-zones.conf";
