Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To use the following with BIND to offer a TLS service, configure BIND based on the following named.conf snippet

  • This assumes BIND 9.12 which supports response padding (comment that line out if you are using an earlier version)
  • The rncd and logging config is used to capture traffic volume stats - statistics can be dumped periodically with the 'rndc stats' command


Code Block
options {
	directory "/home/sinodun";
	listen-on port 9999 { 127.0.0.1; };
	allow-query { 127.0.0.1; };
	tcp-clients 4000;
        statistics-file "/tmp/bind-stats";
	dnssec-enable yes;
	dnssec-validation auto;
	response-padding { any; } block-size 468;
};

# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
 	algorithm hmac-md5;
 	secret "BIGSECRET";
};
 
controls {
 	inet 127.0.0.1 port 9953
 		allow { 127.0.0.1; } keys { "rndc-key"; };
};

logging {
	category default { null; };
	category unmatched { null; };
};

...