Verified Commit ac47a771 authored by Karel Koci's avatar Karel Koci 🤘 Committed by Karel Koci
Browse files

imgs/isp-common: improve bind configuration

This explicitly enables DNSSEC validation and adds additional option to
conform to RFC1035.
It also uses named.ca file shipped as part of package as root hints.
We can safely left out `listen-on` as `listen-on-v6` uses dual-stack and
thus listens on IPv4 as well as on IPv6.

And the last but the most important change is disable of IPv6. This
solves issues on IPv4 only network but IPv6 once we begin to support
IPv6 we should allow disable/removal of this line.
parent a93ff988
options {
directory "/var/bind";
recursion yes;
listen-on { any; };
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
zone "." IN {
type hint;
file "named.ca";
};
# Disable IPv6 for now
server ::/0 { bogus yes; };
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment