bind: explicitly dnssec and memory option

author Grant Slater <github@firefishy.com>

Mon, 22 Jul 2024 11:31:03 +0000 (12:31 +0100)

committer Grant Slater <github@firefishy.com>

Mon, 22 Jul 2024 13:26:40 +0000 (14:26 +0100)
author Grant Slater <github@firefishy.com>
Mon, 22 Jul 2024 11:31:03 +0000 (12:31 +0100)
committer Grant Slater <github@firefishy.com>
Mon, 22 Jul 2024 13:26:40 +0000 (14:26 +0100)
diff --git a/cookbooks/bind/templates/default/named.options.erb b/cookbooks/bind/templates/default/named.options.erb

index ac4f32303267938744df6076b0ca39179fc13e8e..b175b68393b7ca08d4ea481ed1a997db96e45c35 100644 (file)
--- a/cookbooks/bind/templates/default/named.options.erb
+++ b/cookbooks/bind/templates/default/named.options.erb
@@ -12,5 +12,14 @@ options {
  
         # Listen on any IPv6 interfaces
         listen-on-v6 { any; };
+
+       # Ensure dnssec validation is enabled using embedded trust anchors
+       dnssec-validation auto;
+
+       # Set reasonably memory limit for cache
+       max-cache-size 10%;
+
+       # Ensure dnssec synth is disabled
+       synth-from-dnssec no;
  };
author	Grant Slater <github@firefishy.com>
	Mon, 22 Jul 2024 11:31:03 +0000 (12:31 +0100)
committer	Grant Slater <github@firefishy.com>
	Mon, 22 Jul 2024 13:26:40 +0000 (14:26 +0100)