Tune BIND settings

1 files changed, 22 insertions, 1 deletions

diff --git a/bind/conf/named.conf b/bind/conf/named.conf
index 071cea7..88e45d8 100644
--- a/bind/conf/named.conf
+++ b/bind/conf/named.conf
@@ -1,4 +1,4 @@
-// vi:ft=named
+// vi:ft=named noexpandtab
 
 include "/etc/bind/rndc.key";
 
@@ -16,6 +16,7 @@ options {
         dnssec-validation no;
 
         auth-nxdomain no;    # conform to RFC1035
+        notify master-only;  # don't send NOTIFY from slaves
 
         listen-on { any; };
         listen-on-v6 { any; };
@@ -23,6 +24,12 @@ options {
         version none;
         hostname none;
 
+        allow-update-forwarding { any; };
+
+        allow-notify {
+                all-masters;
+        };
+
         allow-recursion {
                 internal-nets;
                 localhost;
@@ -38,6 +45,11 @@ options {
         transfers-out 30;
 };
 
+statistics-channels {
+        inet 127.0.0.1 port 8053 allow { localhost; };
+        inet ::1 port 8053 allow { localhost; };
+};
+
 controls {
         inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
         inet ::1 allow { localhost; } keys { "rndc-key"; };
@@ -57,4 +69,13 @@ acl internal-nets {
         192.168.255.0/24;        // Local Docker Bridge
 };
 
+acl all-masters {
+        // PDX1 Gateway
+        50.112.45.116;
+        54.148.70.70;
+        172.16.18.73;
+        172.16.18.52;
+        2600:1f14:f39:e000:9fb5:8745:4eec:28b8;
+};
+
 include "/etc/bind/local/zones.conf";