1# $NetBSD: named.conf,v 1.11 2024/03/07 14:21:03 christos Exp $ 2 3# boot file for secondary name server 4# Note that there should be one primary entry for each SOA record. 5# If you cannot get DNSSEC to work, and you see the following message: 6# DNSKEY: verify failed due to bad signature (keyid=19036): \ 7# RRSIG validity period has not begun 8# Fix your clock. You can comment out the dnssec entries temporarily to 9# get to an ntp server. 10 11options { 12 directory "/etc/namedb"; 13 dnssec-validation auto; 14 managed-keys-directory "keys"; 15 bindkeys-file "bind.keys"; 16 allow-recursion { localhost; localnets; }; 17 max-udp-size 1220; 18 edns-udp-size 1220; 19 20 # 21 # This forces all queries to come from port 53; might be 22 # needed for firewall traversals but should be avoided if 23 # at all possible because of the risk of spoofing attacks. 24 # 25 #query-source address * port 53; 26}; 27 28zone "." { 29 type hint; 30 file "root.cache"; 31}; 32 33zone "localhost" { 34 type master; 35 file "localhost"; 36}; 37 38zone "127.IN-ADDR.ARPA" { 39 type master; 40 file "127"; 41}; 42 43zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { 44 type master; 45 file "loopback.v6"; 46}; 47 48# example secondary server config: 49# 50# zone "Berkeley.EDU" { 51# type slave; 52# file "berkeley.edu.cache"; 53# masters { 54# 128.32.130.11; 55# 128.32.133.1; 56# }; 57# }; 58 59# zone "32.128.IN-ADDR.ARPA" { 60# type slave; 61# file "128.32.cache"; 62# masters { 63# 128.32.130.11; 64# 128.32.133.1; 65# }; 66# }; 67 68# example primary server config: 69# 70# zone "Berkeley.EDU" { 71# type master; 72# file "berkeley.edu"; 73# }; 74 75# zone "32.128.IN-ADDR.ARPA" { 76# type master; 77# file "128.32"; 78# }; 79