options {
    directory "/var/cache/bind";
    statistics-file "/var/cache/bind/named.stats.txt";
    session-keyfile "/var/cache/bind/session.key";
    pid-file "/var/cache/bind/named.pid";
    lock-file "/var/cache/bind/named.lock";

    listen-on { 127.0.0.1; };    
    listen-on-v6 { ::1; };
    allow-recursion { 127.0.0.1; ::1; };

	dnssec-validation yes;
};

logging {
    channel "dnssec" {
        file "/var/log/named/dnssec.log";
        print-category yes;
        print-severity yes;
        print-time iso8601-utc;
    };
    channel "security" {
        file "/var/log/named/security.log";
        print-category yes;
        print-severity yes;
        print-time iso8601-utc;
    };
    channel "xfr-in" {
        file "/var/log/named/xfr-in.log";
        print-category yes;
        print-severity yes;
        print-time iso8601-utc;
    };
    channel "xfr-out" {
        file "/var/log/named/xfr-out.log";
        print-category yes;
        print-severity yes;
        print-time iso8601-utc;
    };
    channel "default" {
        file "/var/log/named/named.log";
        print-category yes;
        print-severity yes;
        print-time iso8601-utc;
    };
    category dnssec { dnssec; };
    category security { security; };
    category xfer-in { xfr-in; };
    category xfer-out { xfr-out; };
    category general { default; };
    category config { default; };
    category notify { xfr-out; };
    category zoneload { default; };
};

key "rndc-key" {
 	algorithm hmac-sha256;
 	secret "Divr3QQ1G6qBBuRAx1QPiE4hFwnC6of6z3o82PYf7TY=";
};
 
controls {
 	inet 127.0.0.1 port 953
 	allow { 127.0.0.1; } keys { "rndc-key"; };
};

include "/etc/bind/keys/zeke-tornado.keys";
include "/etc/bind/keys/zeke-ogud.keys";
include "/etc/bind/keys/named_hxr_us.keys";
include "/etc/bind/keys/named_knitbot_org.keys";

dnssec-policy "custom" {
    dnskey-ttl 7200;
    keys {
        csk lifetime unlimited algorithm ed25519;
    };
    nsec3param iterations 0 optout no salt-length 0;
};

include "/etc/bind/named.zones.conf";