RCS file: /etc/nsd/RCS/nsd.conf,v Working file: /etc/nsd/nsd.conf head: 1.31 branch: locks: strict access list: symbolic names: keyword substitution: kv total revisions: 31; selected revisions: 31 description: nsd.conf - master configuration file for nsd ---------------------------- revision 1.31 date: 2019/10/19 15:05:23; author: root; state: Exp; lines: +25 -25 Disable ns-ext.nlnetlabs.nl for cacert.{org,com,net}. Disable sns-pba.dm1.sns.isc.org for cacert.{com,net}. ---------------------------- revision 1.30 date: 2018/06/04 14:59:13; author: root; state: Exp; lines: +6 -6 Turn off TSIG for mars.overmeer.net because this server has been upgraded to OpenSUSE 15.0. The bind 9.11.2 contained in that release appears to be incompatible with respect to TSIG handling with our NSD 4.1.12. Note that bind 9,9 and bind 9.10 work just fine ... ---------------------------- revision 1.29 date: 2016/08/27 08:52:27; author: root; state: Exp; lines: +1 -14 Drop cacert.community zone. ---------------------------- revision 1.28 date: 2016/08/13 10:07:50; author: root; state: Exp; lines: +179 -51 Adjust and expand nsd configuration file for upgrade from 3.2.22 to 4.1.11. ---------------------------- revision 1.27 date: 2014/09/19 08:30:21; author: root; state: Exp; lines: +1 -7 Remove the old IPv4 address for ns-ext.nlnetlabs.nl (labeled as "OLD") now. ---------------------------- revision 1.26 date: 2014/09/17 14:30:21; author: root; state: Exp; lines: +19 -7 Add new IPv4 and IPv6 address for ns-ext.nlnetlabs.nl. Label the old IPv4 address for ns-ext.nlnetlabs.nl as "OLD", so it can be removed soon. ---------------------------- revision 1.25 date: 2014/06/11 09:50:46; author: root; state: Exp; lines: +14 -1 Add new zone cacert.community. ---------------------------- revision 1.24 date: 2014/01/27 16:18:39; author: root; state: Exp; lines: +2 -1 Add new ip-address 2001:7b8:616:163::102 for full IPv6 support. ---------------------------- revision 1.23 date: 2013/12/20 16:28:57; author: root; state: Exp; lines: +2 -2 Rename zone 224/27.225.154.213.in-addr.arpa to 224-27.225.154.213.in-addr.arpa because SNS@ISC doesn't seem to grok the / in the zone name. ---------------------------- revision 1.22 date: 2013/12/19 21:23:55; author: root; state: Exp; lines: +2 -2 Correct the zone name to 224/27.225.154.213.in-addr.arpa per RFC 2317. ---------------------------- revision 1.21 date: 2013/12/19 18:43:46; author: root; state: Exp; lines: +14 -1 Add new zone 225.154.213.in-addr.arpa (reverse IPv4 of cacert.org). ---------------------------- revision 1.20 date: 2013/11/24 16:28:08; author: root; state: Exp; lines: +14 -1 Add new zone 6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa (reverse IPv6 of cacert.org). ---------------------------- revision 1.19 date: 2013/06/01 08:51:54; author: root; state: Exp; lines: +7 -7 Update IPv4 address for mars.overmeer.net after server migration. ---------------------------- revision 1.18 date: 2013/03/17 10:23:55; author: root; state: Exp; lines: +1 -11 Drop newsys.gun.de secondary nameserver for cacert.{org,net,com} because it will be taken out of service soon, and drop its TSIG key as well. ---------------------------- revision 1.17 date: 2012/06/11 08:55:32; author: root; state: Exp; lines: +13 -7 Update description of IP 149.20.67.14 to sns-pba.dm1.sns.isc.org, i.e. the actual name currently returned by the DNS. Add a second distribution master (DM) for the SNS-PB infrastructure, i.e. IP 199.6.0.100 or sns-pba.dm3.sns.isc.org, as requested by ISC in an e-mail on June 8, 2012. ---------------------------- revision 1.16 date: 2011/12/02 15:28:19; author: root; state: Exp; lines: +20 -3 Incorporate (commented) updates from latest nsd.conf.sample template. ---------------------------- revision 1.15 date: 2011/08/03 11:27:57; author: root; state: Exp; lines: +1 -2 Remove obsoleted address 172.16.2.102. ---------------------------- revision 1.14 date: 2011/08/01 15:25:50; author: root; state: Exp; lines: +17 -16 Prepare for switch-over of main service from 172.16.2.102 to 172.16.3.102. ---------------------------- revision 1.13 date: 2010/12/09 12:42:23; author: root; state: Exp; lines: +7 -7 Update IPv4 address for sns-pb.isc.org; their master distribution server has a different address than the publication server(s). ---------------------------- revision 1.12 date: 2010/12/09 12:35:19; author: root; state: Exp; lines: +7 -7 Update TSIG key for sns-pb.isc.org since we are not allowed to generate it ourselves, but have to use the result obtained from https://sns.isc.org/. ---------------------------- revision 1.11 date: 2010/12/09 12:23:29; author: root; state: Exp; lines: +11 -1 Add new slave server at sns-pb.isc.org for all three cacert zones. ---------------------------- revision 1.10 date: 2010/10/21 10:12:16; author: root; state: Exp; lines: +11 -11 Drop slave servers at dns[124].go-now.at because of lack of TSIG and DNSSEC support. Add new slave server at ns-ext.nlnetlabs.nl, for all three cacert zones. ---------------------------- revision 1.9 date: 2010/10/15 13:42:59; author: root; state: Exp; lines: +2 -2 Switch to DNSSEC-signed zone for cacert.org. ---------------------------- revision 1.8 date: 2010/09/15 14:06:46; author: root; state: Exp; lines: +2 -2 Switch to DNSSEC-signed zone for cacert.com. ---------------------------- revision 1.7 date: 2010/08/31 08:58:19; author: root; state: Exp; lines: +2 -2 Switch to DNSSEC-signed zone for cacert.net. ---------------------------- revision 1.6 date: 2010/08/27 10:36:22; author: root; state: Exp; lines: +4 -4 Move zonefiles to unsigned/ subdirectory (actually a symlink), to prepare for switchover to running with zonefiles signed by opendnssec. ---------------------------- revision 1.5 date: 2010/06/25 10:33:40; author: root; state: Exp; lines: +18 -8 Add a tsig key for dns.go-now.at, but do not configure it yet for the current slave servers at dns[124].go-now.at. Resequence the notify and provide-xfr entries for cacert.org zone. Expand local testing section with tsig keys and explicitly reference the test script in a comment. ---------------------------- revision 1.4 date: 2010/06/24 14:10:41; author: root; state: Exp; lines: +4 -7 Remove mailbox.go-now.at and dns3.go-now.at from notify and/or provide-xfr list for the cacert.org domain, since they are not part of our official name servers. Update testing entry to use 172.16.2.102 / ns-high.intra.cacert.org. ---------------------------- revision 1.3 date: 2010/06/22 12:59:23; author: root; state: Exp; lines: +11 -11 Enable notify to slave servers now that we are running the official nameserver. ---------------------------- revision 1.2 date: 2010/06/21 08:58:54; author: root; state: Exp; lines: +3 -3 Add ip-address for serving DNS coming in through the firewall: 172.16.2.102 Drop IPv6 address (not supported for now). Comment out logging to /var/log/nsd.log -- we want logging to go to syslog. ---------------------------- revision 1.1 date: 2010/06/04 11:29:58; author: wytze; state: Exp; Initial revision =============================================================================