as this thread is approaching 100 msgs, time for a wrap up.
below is where i Think i am, .... ;)
1. thanks to all that have provided dns configuration/testing insights
2. i am not going to serve email
3. i am not going to use views in named.conf, /etc/hosts trimmed to include only 127.0.0.1 & ::1
4. my current /etc/named.conf
//
// named.conf
//
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "linuxlighthouse.com" {
type master;
file "/var/named/linuxlighthouse.com.db";
allow-update { none; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
// named.conf
//
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "linuxlighthouse.com" {
type master;
file "/var/named/linuxlighthouse.com.db";
allow-update { none; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
5. dns config file
;
$TTL 3D ; default ttl for records without a specified lifetime
$ORIGIN linuxlighthouse.com.
linuxlighthouse.com. CAA 0 issue "letsencrypt.org"
@ IN SOA ws.linuxlighthouse.com. root.linuxlighthouse.com. (
2021050301 ; serial number
16384 ; ns refresh
2048 ; ns retry
1048576 ; authority expiry
2560 ); min (RFC2308 §4)
IN NS ws.linuxlighthouse.com.
IN NS ns3.attdns.com.
; IN MX linuxlighthouse.com.
ws IN A 108.220.213.121
www IN A 108.220.213.121
IN A 108.220.213.121
$TTL 3D ; default ttl for records without a specified lifetime
$ORIGIN linuxlighthouse.com.
linuxlighthouse.com. CAA 0 issue "letsencrypt.org"
@ IN SOA ws.linuxlighthouse.com. root.linuxlighthouse.com. (
2021050301 ; serial number
16384 ; ns refresh
2048 ; ns retry
1048576 ; authority expiry
2560 ); min (RFC2308 §4)
IN NS ws.linuxlighthouse.com.
IN NS ns3.attdns.com.
; IN MX linuxlighthouse.com.
ws IN A 108.220.213.121
www IN A 108.220.213.121
IN A 108.220.213.121
6. added www definition, caa record, and updated serial number
7. finally, an att service issue, do they secondary my dns config (or not)
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
