docker_bind/cfg/named.conf

options {
    directory "/var/cache/bind";
    statistics-file "/var/cache/bind/named.stats.txt";
    session-keyfile "/var/cache/bind/session.key";
    pid-file "/var/cache/bind/named.pid";
    lock-file "/var/cache/bind/named.lock";

    listen-on { 127.0.0.1; };    
    listen-on-v6 { ::1; };
    allow-recursion { 127.0.0.1; ::1; };

	dnssec-validation yes;
};

logging {
    channel "dnssec" {
        file "/var/log/named/dnssec.log";
        print-category yes;
        print-severity yes;
        print-time iso8601-utc;
    };
    channel "security" {
        file "/var/log/named/security.log";
        print-category yes;
        print-severity yes;
        print-time iso8601-utc;
    };
    channel "xfr-in" {
        file "/var/log/named/xfr-in.log";
        print-category yes;
        print-severity yes;
        print-time iso8601-utc;
    };
    channel "xfr-out" {
        file "/var/log/named/xfr-out.log";
        print-category yes;
        print-severity yes;
        print-time iso8601-utc;
    };
    channel "default" {
        file "/var/log/named/named.log";
        print-category yes;
        print-severity yes;
        print-time iso8601-utc;
    };
    category dnssec { dnssec; };
    category security { security; };
    category xfer-in { xfr-in; };
    category xfer-out { xfr-out; };
    category general { default; };
    category config { default; };
    category notify { xfr-out; };
    category zoneload { default; };
};

key "rndc-key" {
 	algorithm hmac-sha256;
 	secret "Divr3QQ1G6qBBuRAx1QPiE4hFwnC6of6z3o82PYf7TY=";
};
 
controls {
 	inet 127.0.0.1 port 953
 	allow { 127.0.0.1; } keys { "rndc-key"; };
};

include "/etc/bind/keys/zeke-tornado.keys";
include "/etc/bind/keys/zeke-ogud.keys";
include "/etc/bind/keys/named_hxr_us.keys";
include "/etc/bind/keys/named_knitbot_org.keys";

dnssec-policy "custom" {
    dnskey-ttl 7200;
    keys {
        csk lifetime unlimited algorithm ed25519;
    };
    nsec3param iterations 0 optout no salt-length 0;
};

include "/etc/bind/named.zones.conf";
initial commit, without tsig keys 2023-02-24 14:12:21 +00:00			`options {`
			`directory "/var/cache/bind";`
			`statistics-file "/var/cache/bind/named.stats.txt";`
			`session-keyfile "/var/cache/bind/session.key";`
			`pid-file "/var/cache/bind/named.pid";`
			`lock-file "/var/cache/bind/named.lock";`

			`listen-on { 127.0.0.1; };`
			`listen-on-v6 { ::1; };`
			`allow-recursion { 127.0.0.1; ::1; };`

			`dnssec-validation yes;`
			`};`

			`logging {`
			`channel "dnssec" {`
			`file "/var/log/named/dnssec.log";`
			`print-category yes;`
			`print-severity yes;`
			`print-time iso8601-utc;`
			`};`
			`channel "security" {`
			`file "/var/log/named/security.log";`
			`print-category yes;`
			`print-severity yes;`
			`print-time iso8601-utc;`
			`};`
			`channel "xfr-in" {`
			`file "/var/log/named/xfr-in.log";`
			`print-category yes;`
			`print-severity yes;`
			`print-time iso8601-utc;`
			`};`
			`channel "xfr-out" {`
			`file "/var/log/named/xfr-out.log";`
			`print-category yes;`
			`print-severity yes;`
			`print-time iso8601-utc;`
			`};`
			`channel "default" {`
			`file "/var/log/named/named.log";`
			`print-category yes;`
			`print-severity yes;`
			`print-time iso8601-utc;`
			`};`
			`category dnssec { dnssec; };`
			`category security { security; };`
			`category xfer-in { xfr-in; };`
			`category xfer-out { xfr-out; };`
			`category general { default; };`
			`category config { default; };`
			`category notify { xfr-out; };`
			`category zoneload { default; };`
			`};`

			`key "rndc-key" {`
			`algorithm hmac-sha256;`
			`secret "Divr3QQ1G6qBBuRAx1QPiE4hFwnC6of6z3o82PYf7TY=";`
			`};`

			`controls {`
			`inet 127.0.0.1 port 953`
			`allow { 127.0.0.1; } keys { "rndc-key"; };`
			`};`

			`include "/etc/bind/keys/zeke-tornado.keys";`
			`include "/etc/bind/keys/zeke-ogud.keys";`
			`include "/etc/bind/keys/named_hxr_us.keys";`
			`include "/etc/bind/keys/named_knitbot_org.keys";`

			`dnssec-policy "custom" {`
			`dnskey-ttl 7200;`
			`keys {`
			`csk lifetime unlimited algorithm ed25519;`
			`};`
			`nsec3param iterations 0 optout no salt-length 0;`
			`};`

			`include "/etc/bind/named.zones.conf";`