bind: simplify shipped config

1 files changed, 0 insertions, 97 deletions

diff --git a/bind/conf/named.conf b/bind/conf/named.conf
deleted file mode 100644
index 54b3ace..0000000
--- a/bind/conf/named.conf
+++ /dev/null
@@ -1,97 +0,0 @@
-// vi:ft=named noexpandtab
-
-include "/etc/bind/rndc.key";
-
-//========================================================================
-// If BIND logs error messages about the root key being expired,
-// you will need to update your keys.  See https://www.isc.org/bind-keys
-//========================================================================
-
-options {
-        directory "/etc/bind/local/zones";
-        managed-keys-directory "/etc/bind/local/managed-keys";
-        bindkeys-file "/etc/bind/bind.keys"; // Default is /etc/bind.keys :-(
-
-        dnssec-validation no; // AWS resolvers return invalid zone signatures
-        zone-statistics full; // Track full stats for prometheus export
-        masterfile-format text; // Write zonefiles in text even for secondary zones
-        auth-nxdomain no; // conform to RFC1035
-        notify master-only; // don't send NOTIFY from secondaries
-
-        version none;
-        hostname none;
-
-        // Force TCP if response would be larger than IPv6 fragment size
-        // see: https://blog.apnic.net/2020/09/17/dns-flag-day-2020-what-you-need-to-know/
-        max-udp-size 1220;
-        edns-udp-size 1220;
-
-        // Allow more transfers at once to improve secondary convergence
-        transfers-in 50;
-        transfers-out 50;
-
-        listen-on { any; };
-        listen-on-v6 { any; };
-        allow-update-forwarding { any; };
-
-        // Typically this ACL is empty but exists so that it can be populated
-        // during an attack to block bad clients.
-        blackhole {
-                blackhole-clients;
-        };
-
-        allow-notify {
-                internal-keys;
-                external-keys;
-        };
-
-        allow-recursion {
-                internal-nets;
-                localhost;
-        };
-
-        allow-transfer {
-                internal-nets;
-                localhost;
-        };
-};
-
-logging {
-        category default { default_stderr; default_debug; };
-};
-
-statistics-channels {
-//      inet 127.0.0.1 port 8053 allow { monitoring-hosts; };
-//      inet ::1 port 8053 allow { monitoring-hosts; };
-
-        inet 0.0.0.0 port 8053 allow { monitoring-hosts; };
-        inet :: port 8053 allow { monitoring-hosts; };
-};
-
-controls {
-        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
-        inet ::1 allow { localhost; } keys { "rndc-key"; };
-};
-
-acl internal-nets {
-        // Internal RFC1918
-        172.16.0.0/12;
-
-        // Unknown? Maybe Docker bridge?
-        192.168.255.0/24;
-
-        // Pomona ARIN
-        23.149.16.0/24;
-        104.250.232.0/22;
-        2602:0803:4000::/40;
-};
-
-acl monitoring-hosts {
-        localhost;
-
-        // monitoring-1.sea1.crute.me
-        172.16.0.64/32;
-        2602:803:4070:0:5054:9fff:fe55:2cb3/128;
-};
-
-include "/etc/bind/local/named.conf";