"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "nsd.conf.sample.in" between
nsd-4.3.6.tar.gz and nsd-4.3.7.tar.gz

About: NSD is an authoritative only, high performance, simple name server daemon.

nsd.conf.sample.in  (nsd-4.3.6):nsd.conf.sample.in  (nsd-4.3.7)
skipping to change at line 254 skipping to change at line 254
# RRLend # RRLend
# Service clients over TLS (on the TCP sockets), with plain DNS inside # Service clients over TLS (on the TCP sockets), with plain DNS inside
# the TLS stream. Give the certificate to use and private key. # the TLS stream. Give the certificate to use and private key.
# Default is "" (disabled). Requires restart to take effect. # Default is "" (disabled). Requires restart to take effect.
# tls-service-key: "path/to/privatekeyfile.key" # tls-service-key: "path/to/privatekeyfile.key"
# tls-service-pem: "path/to/publiccertfile.pem" # tls-service-pem: "path/to/publiccertfile.pem"
# tls-service-ocsp: "path/to/ocsp.pem" # tls-service-ocsp: "path/to/ocsp.pem"
# tls-port: 853 # tls-port: 853
# Certificates used to authenticate connections made upstream for
# Transfers over TLS (XoT). Default is "" (default verify locations).
# tls-cert-bundle: "path/to/ca-bundle.pem"
# DNSTAP config section, if compiled with that # DNSTAP config section, if compiled with that
# dnstap: # dnstap:
# set this to yes and set one or more of dnstap-log-..-messages to yes. # set this to yes and set one or more of dnstap-log-..-messages to yes.
# dnstap-enable: no # dnstap-enable: no
# dnstap-socket-path: "@dnstap_socket_path@" # dnstap-socket-path: "@dnstap_socket_path@"
# dnstap-send-identity: no # dnstap-send-identity: no
# dnstap-send-version: no # dnstap-send-version: no
# dnstap-identity: "" # dnstap-identity: ""
# dnstap-version: "" # dnstap-version: ""
# dnstap-log-auth-query-messages: no # dnstap-log-auth-query-messages: no
skipping to change at line 311 skipping to change at line 315
# key: # key:
# The key name is sent to the other party, it must be the same # The key name is sent to the other party, it must be the same
#name: "keyname" #name: "keyname"
# algorithm hmac-md5, or sha1, sha256, sha224, sha384, sha512 # algorithm hmac-md5, or sha1, sha256, sha224, sha384, sha512
#algorithm: sha256 #algorithm: sha256
# secret material, must be the same as the other party uses. # secret material, must be the same as the other party uses.
# base64 encoded random number. # base64 encoded random number.
# e.g. from dd if=/dev/random of=/dev/stdout count=1 bs=32 | base64 # e.g. from dd if=/dev/random of=/dev/stdout count=1 bs=32 | base64
#secret: "K2tf3TRjvQkVCmJF3/Z9vA==" #secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
# The tls-auth clause establishes authentication attributes to use when
# authenticating the far end of an outgoing TLS connection in access control
# lists used for XFR-over-TLS. If authentication fails, the XFR request will not
# be made. Support for TLS 1.3 is required for XFR-over-TLS. It has the
# following attributes:
#
# tls-auth:
# The tls-auth name. Used to refer to this TLS auth information in the ac
cess control list.
#name: "tls-authname"
# The authentication domain name as defined in RFC8310.
#auth-domain-name: "example.com"
# Patterns have zone configuration and they are shared by one or more zones. # Patterns have zone configuration and they are shared by one or more zones.
# #
# pattern: # pattern:
# name by which the pattern is referred to # name by which the pattern is referred to
#name: "myzones" #name: "myzones"
# the zonefile for the zones that use this pattern. # the zonefile for the zones that use this pattern.
# if relative then from the zonesdir (inside the chroot). # if relative then from the zonesdir (inside the chroot).
# the name is processed: %s - zone name (as appears in zone:name). # the name is processed: %s - zone name (as appears in zone:name).
# %1 - first character of zone name, %2 second, %3 third. # %1 - first character of zone name, %2 second, %3 third.
# %z - topleveldomain label of zone, %y, %x next labels in name. # %z - topleveldomain label of zone, %y, %x next labels in name.
skipping to change at line 355 skipping to change at line 371
# uncomment to provide AXFR to all the world # uncomment to provide AXFR to all the world
# provide-xfr: 0.0.0.0/0 NOKEY # provide-xfr: 0.0.0.0/0 NOKEY
# provide-xfr: ::0/0 NOKEY # provide-xfr: ::0/0 NOKEY
# A slave zone needs allow-notify: and request-xfr: lists. # A slave zone needs allow-notify: and request-xfr: lists.
#allow-notify: 2001:db8::0/64 my_tsig_key_name #allow-notify: 2001:db8::0/64 my_tsig_key_name
# By default, a slave will request a zone transfer with IXFR/TCP. # By default, a slave will request a zone transfer with IXFR/TCP.
# If you want to make use of IXFR/UDP use: UDP addr tsigkey # If you want to make use of IXFR/UDP use: UDP addr tsigkey
# for a master that only speaks AXFR (like NSD) use AXFR addr tsigkey # for a master that only speaks AXFR (like NSD) use AXFR addr tsigkey
# If you want to require use of XFR-over-TLS use: addr tsigkey tlsauthnam e
#request-xfr: 192.0.2.2 the_tsig_key_name #request-xfr: 192.0.2.2 the_tsig_key_name
#request-xfr: 192.0.2.2 the_tsig_key_name the_tls_auth_name
# Attention: You cannot use UDP and AXFR together. AXFR is always over # Attention: You cannot use UDP and AXFR together. AXFR is always over
# TCP. If you use UDP, we higly recommend you to deploy TSIG. # TCP. If you use UDP, we higly recommend you to deploy TSIG.
# Allow AXFR fallback if the master does not support IXFR. Default # Allow AXFR fallback if the master does not support IXFR. Default
# is yes. # is yes.
#allow-axfr-fallback: yes #allow-axfr-fallback: yes
# set local interface for sending zone transfer requests. # set local interface for sending zone transfer requests.
# default is let the OS choose. # default is let the OS choose.
#outgoing-interface: 10.0.0.10 #outgoing-interface: 10.0.0.10
# limit the refresh and retry interval in seconds. # limit the refresh and retry interval in seconds.
#max-refresh-time: 2419200 #max-refresh-time: 2419200
 End of changes. 4 change blocks. 
0 lines changed or deleted 19 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)