daemon off chroot on logpath "/var/log/yadifa" pidfile "/run/yadifa/yadifad.pid" datapath "/var/lib/yadifa" keyspath "/var/lib/yadifa/keys" xfrpath "/var/lib/yadifa/xfr" # hostname "server-yadifad" # serverid "yadifad-01" # version "2.2.0" edns0-max-size 4096 max-tcp-queries 100 uid yadifa gid yadifa port 53 listen 0.0.0.0 statistics on queries-log-type 1 answer-formerr-packets off # axfr-maxrecordbypacket 0 allow-query any allow-update none allow-transfer none allow-notify none allow-control controller
ascii "ns1" enabled true enabled true log_only false responses_per_second 5 errors_per_second 5 window 15 slip 2 min_table_size 1024 max_table_size 16384 ipv4_prefix_length 24 # ipv6_prefix_length 56 exempted none database database.log 0644 dnssec dnssec.log 0644 server server.log 0644 statistics statistics.log 0644 system system.log 0644 zone zone.log 0644 queries queries.log 0644 all all.log 0644 syslog syslog USER,CRON,PID stderr STDERR stdout STDOUT database EMERG,ALERT,CRIT,ERR,WARNING,NOTICE database,all dnssec EMERG,ALERT,CRIT,ERR,WARNING,NOTICE dnssec,all server EMERG,ALERT,CRIT,ERR,WARNING,NOTICE server,all stats * statistics system EMERG,ALERT,CRIT,ERR,WARNING,NOTICE system,all zone EMERG,ALERT,CRIT,ERR,WARNING,NOTICE zone,all # queries * queries #include "keys.conf" # # name master-slave # algorithm hmac-md5 # secret MasterAndSlavesTSIGKey== # # # transferer key master-slave # admins 192.0.2.0/24, 2001:db8::74 # master 192.0.2.53 # controller key abroad-admin-key # controller 127.0.0.0/8, ::1 type master domain localhost file masters/localhost.zone allow-transfer none allow-update none allow-update-forwarding none type master domain 0.0.127.in-addr.arpa file masters/0.0.127.in-addr.arpa.zone allow-transfer none allow-update none allow-update-forwarding none type master domain solipsists.org file masters/solipsists.org.zone allow-transfer 96.126.96.118,172.104.125.227,172.104.165.223,139.162.176.183,45.56.110.60,45.79.215.191,176.58.103.36,185.70.105.134,114.142.160.48,118.89.221.146,217.182.128.77,54.36.54.14,85.17.15.147,129.232.222.82,145.239.149.66,145.239.2.154,145.239.1.3,91.90.42.178,164.132.206.84,66.11.121.31,174.128.229.130,163.172.35.98,104.219.168.143,174.128.229.131,37.228.129.89 allow-update none allow-update-forwarding none id "normal-policy" description "Example of a policy with ZSK and KSK" denial "nsec3-fixed" key-suite "zsk-1024" key-suite "ksk-2048" id "zsk-1024" key-template "zsk-rsa-sha256-1024" key-roll "monthly-diary" id "ksk-2048" key-template "ksk-rsa-sha256-2048" key-roll "yearly-diary" id "zsk-rsa-sha512-1024" algorithm RSASHA512 size 1024 id "zsk-rsa-sha512-2048" algorithm RSASHA512 size 2048 id "zsk-rsa-sha256-1024" algorithm RSASHA256 size 1024 id "zsk-rsa-sha256-2048" algorithm RSASHA256 size 2048 id "ksk-rsa-sha512-1024" ksk 1 algorithm RSASHA512 size 1024 id "ksk-rsa-sha512-2048" ksk 1 algorithm RSASHA512 size 2048 id "ksk-rsa-sha256-1024" ksk 1 algorithm RSASHA256 size 1024 id "ksk-rsa-sha256-2048" ksk 1 algorithm RSASHA256 size 2048 type NSEC3 id "nsec3-random" salt-length 32 iterations 10 optout off type NSEC3 id "nsec3-fixed" salt "BA5EBA11" # if nsec3-resalting is off iterations 5 # the number of additional times the hash function has been performe optout off id "yearly-diary" generate 5 0 15 6 * * # this year (2016) 15/06 at 00:05 publish 10 0 15 6 * * # 00:10 activate 15 0 16 6 * * # 16/06 at 00:15 inactive 15 0 17 6 * * # (2017) 17/06 at 00:15 remove 15 11 18 6 * * # (2017) 18/06 at 11:15 id "monthly-diary" generate 5 0 * * tue 0 # 1 tuesday of the month at 00:05 publish 10 0 * * tue 0 # 00:10 activate 15 0 * * wed 0 # 1 wednesday of the month at 00:15 inactive 15 0 * * thu 0 # 1 thursday of the month at 00:15 remove 15 11 * * fri 0 # 1 friday of the month at 11:15 id "weekly-diary" generate 25 0 * * sun * # every sunday of the month at 00:25 publish 30 0 * * sun * # at 00:30 activate 35 0 * * sun * # at 00:35 inactive 35 0 * * sun * # at 00:35 remove 35 11 * * sun * # at 11:35 id "daily-diary" generate 5 0 * * * * # at 00:05 publish 10 0 * * * * # at 00:10 activate 15 0 * * * * # at 00:15 inactive 15 0 * * * * # at 00:15 remove 15 11 * * * * # at 11:15 id "hourly-diary" generate 1 * * * * * publish 5 * * * * * activate 10 * * * * * inactive 15 * * * * * remove 20 * * * * * id "half-hourly-diary" generate 0,30 * * * * * publish 1,31 * * * * * activate 2,32 * * * * * inactive 34,04 * * * * * remove 38,08 * * * * * id "insane-diary" generate * * * * * * publish * * * * * * activate * * * * * * inactive * * * * * * remove * * * * * * id "monthly-relative" generate +31d publish +60 activate +120 inactive +33d # must be bigger than generate, to avoid a gap remove +1d id "insane-relative" generate +60 publish +0 activate +0 inactive +60 remove +0 id "less-insane-relative" generate +120 publish +0 activate +0 inactive +160 remove +0