008dc6a81e7cbffad18f9a8e85a6374c20dc6e54
services/dns/Configuration.md
| ... | ... | @@ -44,6 +44,10 @@ zone "23.172.in-addr.arpa" { |
| 44 | 44 | type forward; |
| 45 | 45 | forwarders { 172.20.0.53; fd42:d42:d42:54::1; }; |
| 46 | 46 | }; |
| 47 | +zone "d.f.ip6.arpa" { |
|
| 48 | + type forward; |
|
| 49 | + forwarders { 172.20.0.53; fd42:d42:d42:54::1; }; |
|
| 50 | +} |
|
| 47 | 51 | ``` |
| 48 | 52 | |
| 49 | 53 | **Note**: With DNSSEC enabled, bind might refuse to accept query results from the dn42 zone: `validating dn42/SOA: got insecure response; parent indicates it should be secure`. |
| ... | ... | @@ -105,16 +109,11 @@ root_servers["23.172.in-addr.arpa."] = "dn42_root" |
| 105 | 109 | |
| 106 | 110 | ## Unbound |
| 107 | 111 | |
| 108 | -Make sure DNSSEC is disabled (`auto-trust-anchor-file` is not set): |
|
| 112 | +Make sure to disable `auto-trust-anchor-file` and manually configure `trust-anchor-file` to |
|
| 113 | +point to a file with DNSKEY records for dn42. |
|
| 109 | 114 | |
| 110 | 115 | ``` |
| 111 | 116 | server: |
| 112 | - domain-insecure: "dn42" |
|
| 113 | - domain-insecure: "20.172.in-addr.arpa" |
|
| 114 | - domain-insecure: "21.172.in-addr.arpa" |
|
| 115 | - domain-insecure: "22.172.in-addr.arpa" |
|
| 116 | - domain-insecure: "23.172.in-addr.arpa" |
|
| 117 | - domain-insecure: "d.f.ip6.arpa" |
|
| 118 | 117 | local-zone: "20.172.in-addr.arpa." nodefault |
| 119 | 118 | local-zone: "21.172.in-addr.arpa." nodefault |
| 120 | 119 | local-zone: "22.172.in-addr.arpa." nodefault |