Update sample config to match current version
This commit is contained in:
Petr Menšík
parent
aaa1cdaabf
commit
8b8d05ffc0
@ -63,7 +63,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
|||||||
Name: bind
|
Name: bind
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
Version: 9.16.2
|
Version: 9.16.2
|
||||||
Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||||
Epoch: 32
|
Epoch: 32
|
||||||
Url: https://www.isc.org/downloads/bind/
|
Url: https://www.isc.org/downloads/bind/
|
||||||
#
|
#
|
||||||
@ -1160,6 +1160,9 @@ fi;
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Apr 27 2020 Petr Menšík <pemensik@redhat.com> - 32:9.16.2-3
|
||||||
|
- Correct trust anchors
|
||||||
|
|
||||||
* Fri Apr 24 2020 Petr Menšík <pemensik@redhat.com> - 32:9.16.2-2
|
* Fri Apr 24 2020 Petr Menšík <pemensik@redhat.com> - 32:9.16.2-2
|
||||||
- Remove warnings in default configuration
|
- Remove warnings in default configuration
|
||||||
|
|
||||||
|
|||||||
@ -63,10 +63,6 @@ options
|
|||||||
|
|
||||||
/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
|
/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
|
||||||
|
|
||||||
/* Enable serving of DNSSEC related data - enable on both authoritative
|
|
||||||
and recursive servers DNSSEC aware servers */
|
|
||||||
dnssec-enable yes;
|
|
||||||
|
|
||||||
/* Enable DNSSEC validation on recursive servers */
|
/* Enable DNSSEC validation on recursive servers */
|
||||||
dnssec-validation yes;
|
dnssec-validation yes;
|
||||||
|
|
||||||
@ -182,8 +178,8 @@ view "internal"
|
|||||||
|
|
||||||
key ddns_key
|
key ddns_key
|
||||||
{
|
{
|
||||||
algorithm hmac-md5;
|
algorithm hmac-sha256;
|
||||||
secret "use /usr/sbin/dnssec-keygen to generate TSIG keys";
|
secret "use /usr/sbin/ddns-confgen to generate TSIG keys";
|
||||||
};
|
};
|
||||||
|
|
||||||
view "external"
|
view "external"
|
||||||
@ -214,39 +210,34 @@ view "external"
|
|||||||
/* Trusted keys
|
/* Trusted keys
|
||||||
|
|
||||||
This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
|
This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
|
||||||
have to configure at least one trusted key.
|
should configure at least one trusted key.
|
||||||
|
|
||||||
Note that no key written below is valid. Especially root key because root zone
|
Note that no key written below is valid. Especially root key because root zone
|
||||||
is not signed yet.
|
is not signed yet.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
trusted-keys {
|
trust-anchors {
|
||||||
// Root Key
|
// Root Key
|
||||||
"." 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwSJxrGkxJWoZu6I7PzJu/
|
. initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
|
||||||
E9gx4UC1zGAHlXKdE4zYIpRhaBKnvcC2U9mZhkdUpd1Vso/HAdjNe8LmMlnzY3
|
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
|
||||||
zy2Xy4klWOADTPzSv9eamj8V18PHGjBLaVtYvk/ln5ZApjYghf+6fElrmLkdaz
|
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
|
||||||
MQ2OCnACR817DF4BBa7UR/beDHyp5iWTXWSi6XmoJLbG9Scqc7l70KDqlvXR3M
|
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
|
||||||
/lUUVRbkeg1IPJSidmK3ZyCllh4XSKbje/45SKucHgnwU5jefMtq66gKodQj+M
|
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
|
||||||
iA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ97S+LKUTpQcq27R7AT3/V5hRQxScI
|
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
|
||||||
Nqwcz4jYqZD2fQdgxbcDTClU0CRBdiieyLMNzXG3";
|
R1AkUTV74bU=";
|
||||||
|
|
||||||
// Key for forward zone
|
// Key for forward zone
|
||||||
example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe
|
example.com. static-key 257 3 8 "AwEAAZ0aqu1rJ6orJynrRfNpPmayJZoAx9Ic2/Rl9VQW
|
||||||
3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb4JKUbb
|
LMHyjxxem3VUSoNUIFXERQbj0A9Ogp0zDM9YIccKLRd6
|
||||||
OTcM8pwXlj0EiX3oDFVmjHO444gLkBO UKUf/mC7HvfwYH/Be22GnC
|
LmWiDCt7UJQxVdD+heb5Ec4qlqGmyX9MDabkvX2NvMws
|
||||||
lrinKJp1Og4ywzO9WglMk7jbfW33gUKvirTHr25GL7STQUzBb5Usxt
|
UecbYBq8oXeTT9LRmCUt9KUt/WOi6DKECxoG/bWTykrX
|
||||||
8lgnyTUHs1t3JwCY5hKZ6CqFxmAVZP20igTixin/1LcrgX/KMEGd/b
|
yBR8elD+SQY43OAVjlWrVltHxgp4/rhBCvRbmdflunaP
|
||||||
iuvF4qJCyduieHukuY3H4XMAcR+xia2 nIUPvm/oyWR8BW/hWdzOvn
|
Igu27eE2U4myDSLT8a4A0rB5uHG4PkOa9dIRs9y00M2m
|
||||||
SCThlHf3xiYleDbt/o1OTQ09A0=";
|
Wf4lyPee7vi5few2dbayHXmieGcaAHrx76NGAABeY393
|
||||||
|
xjlmDNcUkF1gpNWUla4fWZbbaYQzA93mLdrng+M=";
|
||||||
|
|
||||||
|
|
||||||
// Key for reverse zone.
|
// Key for reverse zone.
|
||||||
2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwcxOdNax071L18QqZnQQQA
|
2.0.192.IN-ADDRPA.NET. initial-ds 31406 8 2 "F78CF3344F72137235098ECBBD08947C2C9001C7F6A085A17F518B5D8F6B916D";
|
||||||
VVr+iLhGTnNGp3HoWQLUIzKrJVZ3zggy3WwNT6kZo6c0
|
|
||||||
tszYqbtvchmgQC8CzKojM/W16i6MG/ea fGU3siaOdS0
|
|
||||||
yOI6BgPsw+YZdzlYMaIJGf4M4dyoKIhzdZyQ2bYQrjyQ
|
|
||||||
4LB0lC7aOnsMyYKHHYeRv PxjIQXmdqgOJGq+vsevG06
|
|
||||||
zW+1xgYJh9rCIfnm1GX/KMgxLPG2vXTD/RnLX+D3T3UL
|
|
||||||
7HJYHJhAZD5L59VvjSPsZJHeDCUyWYrvPZesZDIRvhDD
|
|
||||||
52SKvbheeTJUm6EhkzytNN2SN96QRk8j/iI8ib";
|
|
||||||
};
|
};
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
trusted-anchors {
|
trust-anchors {
|
||||||
# ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
|
# ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
|
||||||
# for current trust anchor information.
|
# for current trust anchor information.
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user