/*% default configuration */ static char defaultconf[] = "\ options {\n\ # blackhole {none;};\n" #ifndef WIN32 " coresize default;\n\ datasize default;\n\ files unlimited;\n\ stacksize default;\n" #endif "# session-keyfile \"" NS_LOCALSTATEDIR "/run/named/session.key\";\n\ session-keyname local-ddns;\n\ session-keyalg hmac-sha256;\n\ deallocate-on-exit true;\n\ # directory \n\ dump-file \"named_dump.db\";\n\ fake-iquery no;\n\ has-old-clients false;\n\ heartbeat-interval 60;\n\ host-statistics no;\n\ interface-interval 60;\n\ listen-on {any;};\n\ listen-on-v6 {none;};\n\ match-mapped-addresses no;\n\ max-rsa-exponent-size 0; /* no limit */\n\ memstatistics-file \"named.memstats\";\n\ multiple-cnames no;\n\ # named-xfer ;\n\ # pid-file \"" NS_LOCALSTATEDIR "/run/named/named.pid\"; /* or /lwresd.pid */\n\ bindkeys-file \"" NS_SYSCONFDIR "/bind.keys\";\n\ port 53;\n\ recursing-file \"named.recursing\";\n\ secroots-file \"named.secroots\";\n\ " #ifdef PATH_RANDOMDEV "\ random-device \"" PATH_RANDOMDEV "\";\n\ " #endif "\ recursive-clients 1000;\n\ resolver-query-timeout 10;\n\ rrset-order { order random; };\n\ serial-queries 20;\n\ serial-query-rate 20;\n\ server-id none;\n\ statistics-file \"named.stats\";\n\ statistics-interval 60;\n\ tcp-clients 100;\n\ tcp-listen-queue 10;\n\ # tkey-dhkey \n\ # tkey-gssapi-credential \n\ # tkey-domain \n\ transfers-per-ns 2;\n\ transfers-in 10;\n\ transfers-out 10;\n\ # treat-cr-as-space ;\n\ # use-id-pool ;\n\ # use-ixfr ;\n\ edns-udp-size 4096;\n\ max-udp-size 4096;\n\ request-nsid false;\n\ reserved-sockets 512;\n\ \n\ /* DLV */\n\ dnssec-lookaside . trust-anchor dlv.isc.org;\n\ \n\ /* view */\n\ allow-notify {none;};\n\ allow-update-forwarding {none;};\n\ allow-query-cache { localnets; localhost; };\n\ allow-query-cache-on { any; };\n\ allow-recursion { localnets; localhost; };\n\ allow-recursion-on { any; };\n\ # allow-v6-synthesis ;\n\ # sortlist \n\ # topology \n\ auth-nxdomain false;\n\ minimal-responses false;\n\ recursion true;\n\ provide-ixfr true;\n\ request-ixfr true;\n\ fetch-glue no;\n\ rfc2308-type1 no;\n\ additional-from-auth true;\n\ additional-from-cache true;\n\ query-source address *;\n\ query-source-v6 address *;\n\ notify-source *;\n\ notify-source-v6 *;\n\ cleaning-interval 0; /* now meaningless */\n\ min-roots 2;\n\ lame-ttl 600;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 0;\n\ check-names master fail;\n\ check-names slave warn;\n\ check-names response ignore;\n\ check-dup-records warn;\n\ check-mx warn;\n\ check-spf warn;\n\ acache-enable no;\n\ acache-cleaning-interval 60;\n\ max-acache-size 16M;\n\ dnssec-enable yes;\n\ dnssec-validation yes; \n\ dnssec-accept-expired no;\n\ " #ifdef ENABLE_FETCHLIMIT " fetches-per-server 0;\n\ fetches-per-zone 0;\n\ fetch-quota-params 100 0.1 0.3 0.7;\n\ " #endif /* ENABLE_FETCHLIMIT */ " clients-per-query 10;\n\ max-clients-per-query 100;\n\ max-recursion-depth 7;\n\ max-recursion-queries 50;\n\ zero-no-soa-ttl-cache no;\n\ nsec3-test-zone no;\n\ allow-new-zones no;\n\ " #ifdef ALLOW_FILTER_AAAA_ON_V4 " filter-aaaa-on-v4 no;\n\ filter-aaaa { any; };\n\ " #endif " /* zone */\n\ allow-query {any;};\n\ allow-query-on {any;};\n\ allow-transfer {any;};\n\ notify yes;\n\ # also-notify \n\ notify-delay 5;\n\ notify-to-soa no;\n\ dialup no;\n\ # forward \n\ # forwarders \n\ maintain-ixfr-base no;\n\ # max-ixfr-log-size \n\ transfer-source *;\n\ transfer-source-v6 *;\n\ alt-transfer-source *;\n\ alt-transfer-source-v6 *;\n\ max-transfer-time-in 120;\n\ max-transfer-time-out 120;\n\ max-transfer-idle-in 60;\n\ max-transfer-idle-out 60;\n\ max-retry-time 1209600; /* 2 weeks */\n\ min-retry-time 500;\n\ max-refresh-time 2419200; /* 4 weeks */\n\ min-refresh-time 300;\n\ multi-master no;\n\ dnssec-secure-to-insecure no;\n\ sig-validity-interval 30; /* days */\n\ sig-signing-nodes 100;\n\ sig-signing-signatures 10;\n\ sig-signing-type 65534;\n\ inline-signing no;\n\ zone-statistics terse;\n\ max-journal-size unlimited;\n\ ixfr-from-differences false;\n\ check-wildcard yes;\n\ check-sibling yes;\n\ check-integrity yes;\n\ check-mx-cname warn;\n\ check-srv-cname warn;\n\ zero-no-soa-ttl yes;\n\ update-check-ksk yes;\n\ serial-update-method increment;\n\ dnssec-update-mode maintain;\n\ dnssec-dnskey-kskonly no;\n\ dnssec-loadkeys-interval 60;\n\ try-tcp-refresh yes; /* BIND 8 compat */\n\ };\n\ " "#\n\ # Zones in the \"_bind\" view are NOT counted in the count of zones.\n\ #\n\ view \"_bind\" chaos {\n\ recursion no;\n\ notify no;\n\ allow-new-zones no;\n\ " #ifdef USE_RRL " # Prevent use of this zone in DNS amplified reflection DoS attacks\n\ rate-limit {\n\ responses-per-second 3;\n\ slip 0;\n\ min-table-size 10;\n\ };\n\ " #endif /* USE_RRL */ " zone \"version.bind\" chaos {\n\ type master;\n\ database \"_builtin version\";\n\ };\n\ \n\ zone \"hostname.bind\" chaos {\n\ type master;\n\ database \"_builtin hostname\";\n\ };\n\ \n\ zone \"authors.bind\" chaos {\n\ type master;\n\ database \"_builtin authors\";\n\ };\n\ \n\ zone \"id.server\" chaos {\n\ type master;\n\ database \"_builtin id\";\n\ };\n\ };\n\ " "#\n\ # Default trusted key(s) for builtin DLV support\n\ # (used if \"dnssec-lookaside auto;\" is set and\n\ # sysconfdir/bind.keys doesn't exist).\n\ #\n\ # BEGIN MANAGED KEYS\n" /* Imported from bind.keys.h: */ MANAGED_KEYS "# END MANAGED KEYS\n\ ";