imgs/isp-common: improve bind configuration

This explicitly enables DNSSEC validation and adds additional option to conform to RFC1035. It also uses named.ca file shipped as part of package as root hints. We can safely left out `listen-on` as `listen-on-v6` uses dual-stack and thus listens on IPv4 as well as on IPv6. And the last but the most important change is disable of IPv6. This solves issues on IPv4 only network but IPv6 once we begin to support IPv6 we should allow disable/removal of this line.

imgs/isp-common: improve bind configuration
ac47a771 · Karel Koci · Karel Koci · a93ff988 · ac47a771
Verified Commit ac47a771 authored 4 years ago by Karel Koci Committed by Karel Koci 4 years ago
--- a/imgs/isp-common/etc/bind/named.conf
+++ b/imgs/isp-common/etc/bind/named.conf
 options {
 	directory "/var/bind";
 	recursion yes;
-	listen-on { any; };
+	dnssec-validation auto;
+	auth-nxdomain no; # conform to RFC1035
 	listen-on-v6 { any; };
 };
+
+zone "." IN {
+	type hint;
+	file "named.ca";
+};
+
+# Disable IPv6 for now
+server ::/0 { bogus yes; };