DNS/named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

// ACL

acl internals {
	127.0.0.1; 192.168.1.0/24;
};


// KEY
include "/etc/bind/envs_msT.key";
include "/etc/bind/tilde_msT.key";
include "/etc/bind/letsencrypt_U.key";


// SERVER
//server 89.163.145.170 { keys { envs_msT; }; }; // ns1.envs.net
server 46.4.121.41 { keys { envs_msT; }; };   // ns2.envs.net
server 157.90.196.48 { keys { tilde_msT; }; };   // ns1.tildeverse.net

// TILDE INTRA-NET
//server 149.56.184.112  // ns1.tildenic.org
//server 213.239.234.117 // ns2.tildenic.org


// ZONES

zone "envs.net" {
	type master;
	file "/etc/bind/zones/db.envs.net";
	auto-dnssec maintain;
	inline-signing yes;
	serial-update-method increment;
	notify explicit;
	also-notify { 46.4.121.41; 157.90.196.48; };
	allow-transfer { 127.0.0.1; key envs_msT; key tilde_msT; };
	update-policy { grant letsencrypt_U name _acme-challenge.envs.net. txt; };
};

zone "envs.sh" {
	type master;
	file "/etc/bind/zones/db.envs.sh";
	auto-dnssec maintain;
	inline-signing yes;
	serial-update-method increment;
	notify explicit;
	also-notify { 46.4.121.41; 157.90.196.48; };
	allow-transfer { 127.0.0.1; key envs_msT; key tilde_msT; };
	update-policy { grant letsencrypt_U name _acme-challenge.envs.sh. txt; };
};

// TILDE INTRA-NET
zone "envs.tilde" {
	type master;
	file "/etc/bind/zones/db.envs.tilde";
	//auto-dnssec maintain;
	//inline-signing yes;
	notify explicit;
	also-notify { 46.4.121.41; 157.90.196.48; 188.40.73.235; };
	allow-transfer { 127.0.0.1; key envs_msT; key tilde_msT; 188.40.73.235; };
	update-policy { grant letsencrypt_U name _acme-challenge.envs.tilde. txt; };
};