28 lines
676 B
Plaintext
28 lines
676 B
Plaintext
|
# TODO TSIG keys
|
||
|
# TODO DNSSEC
|
||
|
# TODO also-notify our secondary servers
|
||
|
|
||
|
options {
|
||
|
directory "/var/cache/bind";
|
||
|
|
||
|
//========================================================================
|
||
|
// If BIND logs error messages about the root key being expired,
|
||
|
// you will need to update your keys. See https://www.isc.org/bind-keys
|
||
|
//========================================================================
|
||
|
dnssec-validation auto;
|
||
|
|
||
|
listen-on-v6 { any; };
|
||
|
|
||
|
recursion no;
|
||
|
|
||
|
{% if secondary is defined %}
|
||
|
catalog-zones {
|
||
|
in-memory no;
|
||
|
zone-directory /etc/bind/peers;
|
||
|
{% for ns in secondary %}
|
||
|
zone "{{ ns }}.catalog";
|
||
|
{% endfor %}
|
||
|
}
|
||
|
{% endif %}
|
||
|
};
|