named and restarts it in the event of a crash, 'zone-edit'
which enables editing of a dynamic zone, and others.
- - dnspriv/
-
- Sample configuration for setting up a DNS-over-TLS server
- using BIND with Nginx as a TLS proxy.
-
- kasp/
Scripts for converting key and signature policies from OpenDNSSEC
+++ /dev/null
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-### DNS Privacy in BIND
-
-This directory contains sample configuration files to enable BIND,
-with Nginx as a TLS proxy, to provide DNS over TLS.
-
-`named.conf` configures a validating recursive name server to listen
-on the localhost address at port 8853.
-
-`nginx.conf` configures a TLS proxy to listen on port 853 and
-forward queries and responses to `named`.
-
-For more information, please see
-[https://dnsprivacy.org/wiki/](https://dnsprivacy.org/wiki/)
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- listen-on port 8853 { 127.0.0.1; };
- allow-query { localhost; };
- recursion yes;
- dnssec-validation auto;
- tcp-clients 1024;
-};
+++ /dev/null
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-# uncomment to choose an appropriate UID/GID; default is 'nobody'
-# user bind bind;
-
-worker_processes auto;
-pid /var/run/nginx.pid;
-
-events {
- worker_connections 1024;
- multi_accept on;
-}
-
-stream {
- upstream dns_tcp_servers {
- server 127.0.0.1:8853;
- }
-
- server {
- listen 853 ssl;
- proxy_pass dns_tcp_servers;
-
- # update to a suitable SSL certificate (e.g. from LetsEncrypt),
- # and uncomment the following lines:
- # ssl_certificate /etc/nginx/lego/certificates/<cert>.crt;
- # ssl_certificate_key /etc/nginx/lego/certificates/<cert>.key;
-
- ssl_protocols TLSv1.2;
- ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
- ssl_session_tickets on;
- ssl_session_timeout 4h;
- ssl_handshake_timeout 30s;
- }
-}
./contrib/dlz/modules/wildcard/README X 2013,2018,2019,2020,2021
./contrib/dlz/modules/wildcard/dlz_wildcard_dynamic.c X 2013,2015,2016,2018,2019,2020,2021
./contrib/dlz/modules/wildcard/testing/named.conf X 2013,2018,2019
-./contrib/dnspriv/nginx.conf SH 2017,2018,2019
./contrib/kasp/README X 2020,2021
./contrib/kasp/kasp.xml X 2020,2021
./contrib/kasp/policy.good X 2020,2021
projects / thirdparty / bind9.git / commitdiff
