diff --git a/make_perms.sh b/make_perms.sh index 4effe92..22daf95 100755 --- a/make_perms.sh +++ b/make_perms.sh @@ -16,9 +16,8 @@ chmod 400 envs_msT.key tilde_msT.key letsencrypt_U.key chmod 600 Kenvs_mst.* Ktilde_mst.* Kletsencrypt_u.* chown root:bind "$BINDIR"/slave_tilde +chmod 644 "$BINDIR"/slave_tilde -test ! -d "$BINDIR"/keys && mkdir -p "$BINDIR"/keys -test ! -d "$BINDIR"/zones && mkdir -p "$BINDIR"/zones test ! -d "$BINDIR"/slaves && mkdir -p "$BINDIR"/slaves chown -R bind:bind "$BINDIR"/zones "$BINDIR"/slaves chmod 755 "$BINDIR"/zones diff --git a/named.conf.forward b/named.conf.forward index fd58aba..e5d6d58 100644 --- a/named.conf.forward +++ b/named.conf.forward @@ -1,7 +1,6 @@ // // Forward Zones - zone "tilde." IN { type forward; forward only; diff --git a/named.conf.options b/named.conf.options index 2543287..ee12c76 100644 --- a/named.conf.options +++ b/named.conf.options @@ -2,7 +2,7 @@ options { directory "/var/cache/bind"; managed-keys-directory "/var/cache/bind"; - dump-file "/var/cache/bind/cache_dump.db"; + dump-file "/var/cache/bind/cache_dump.db"; statistics-file "/var/cache/bind/bind_stats.txt"; memstatistics-file "/var/cache/bind/bind_mem_stats.txt"; @@ -21,31 +21,29 @@ options { //======================================================================== // If BIND logs error messages about the root key being expired, - // you will need to update your keys. See https://www.isc.org/bind-keys + // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-enable yes; dnssec-validation auto; + dnssec-lookaside auto; key-directory "/etc/bind/keys/"; // Do not make public version of BIND version none; - auth-nxdomain no; # conform to RFC1035 + auth-nxdomain no; // conform to RFC1035 recursive-clients 4096; -// edns-udp-size 4096; -// max-udp-size 512; - - listen-on-v6 { none; }; listen-on { any; }; + listen-on-v6 { none; }; - - allow-transfer { none; }; allow-update { none; }; + allow-transfer { none; }; allow-query { any; }; + allow-query-cache { internals; }; allow-recursion { internals; }; }; diff --git a/named.conf.slaves b/named.conf.slaves index ae28cea..96cc890 100644 --- a/named.conf.slaves +++ b/named.conf.slaves @@ -1,6 +1,5 @@ // // Slave Zones - // Tilde Zones - ( ben@tilde.team ) include "/etc/bind/slave_tilde";