options { forward only; forwarders { //1.1.1.1 port 53; }; max-cache-ttl 10; max-ncache-ttl 10; max-cache-size 10M; stale-cache-enable yes; stale-answer-enable yes; max-stale-ttl 120; stale-answer-ttl 90; stale-answer-client-timeout 0; stale-refresh-time 40; // needed for bind9.16 dnssec-validation no; max-udp-size 1232; edns-udp-size 1232; minimal-responses yes; listen-on port 1053 { 2.2.2.2; }; listen-on-v6 port 1053 { none; }; allow-query { any; }; query-source 3.3.3.3; dscp 0; // version statement - inhibited for security // (avoids hacking any known weaknesses) version "not available"; // disable all zone transfer requests allow-transfer{"none";}; recursion yes; statistics-file "/var/named/named.stats"; directory "/var/cache/bind"; zone-statistics yes; resolver-retry-interval 800; }; logging { channel container_stderr { stderr; print-category yes; print-severity yes; print-time yes; }; category default { container_stderr; }; category unmatched { null; }; // Add these for stale cache category resolver { container_stderr; }; category serve-stale { container_stderr; }; }; // rdnc enabled key "rndc-key" { algorithm hmac-md5; secret "testtest"; }; controls { inet 127.0.0.1 port 1053 allow { 127.0.0.1; } keys { "rndc-key"; }; }; statistics-channels { inet 127.0.0.1 port 1053 allow { 127.0.0.1; }; }; // test zone for internal health checker zone "dnsproxy.health.test" in { type master; file "/usr/bind9_configurator/config/dnsproxy_health.rev"; allow-update { none; }; }; // disabling EDNS server ::/0 { edns no; }; server 0.0.0.0/0 { edns no; }; server 1.1.1.1 { query-source 3.3.3.3; };