// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

// TLS context for DoT/DoH
tls "dns-tls" {
    cert-file "/etc/bind/keys/dns-fullchain.pem";
    key-file  "/etc/bind/keys/dns-privkey.pem";
    protocols { TLSv1.3; TLSv1.2; };
    session-tickets no;
};

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.opennic";