X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/7b9ec4b60ee39614d1d083d7220e76b07d2b275f..7f33734e863bf7ba1d1e4f1f1db208450b4cbb2b:/cookbooks/bind/templates/default/named.options.erb?ds=sidebyside diff --git a/cookbooks/bind/templates/default/named.options.erb b/cookbooks/bind/templates/default/named.options.erb index a2bd23dbb..b175b6839 100644 --- a/cookbooks/bind/templates/default/named.options.erb +++ b/cookbooks/bind/templates/default/named.options.erb @@ -1,37 +1,25 @@ # DO NOT EDIT - This file is being maintained by Chef -acl "osm" { - 127.0.0.1/32; -<% node.interfaces(:family => :inet).each do |interface| -%> - <%= interface[:network] %>/<%= interface[:prefix] %>; -<% end -%> - - ::1/128; -<% node.interfaces(:family => :inet6).each do |interface| -%> - <%= interface[:network] %>/<%= interface[:prefix] %>; -<% end -%> -}; - options { # Directory to use for any working files directory "/var/cache/bind"; -<% if node[:bind][:forwarders] -%> - # Forward any queries we can't answer - forwarders { -<% node[:bind][:forwarders].each do |forwarder| -%> - <%= forwarder %>; -<% end -%> - }; -<% end -%> - # Only allow queries from our machines - allow-query { osm; }; + allow-query { localnets; }; # Don't allow transfers allow-transfer { none; }; # Listen on any IPv6 interfaces listen-on-v6 { any; }; + + # Ensure dnssec validation is enabled using embedded trust anchors + dnssec-validation auto; + + # Set reasonably memory limit for cache + max-cache-size 10%; + + # Ensure dnssec synth is disabled + synth-from-dnssec no; };