24159a
//
24159a
// named.conf
24159a
//
24159a
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
24159a
// server as a caching only nameserver (as a localhost DNS resolver only).
24159a
//
24159a
// See /usr/share/doc/bind*/sample/ for example named configuration files.
24159a
//
24159a
// See the BIND Administrator's Reference Manual (ARM) for details about the
24159a
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
24159a
24159a
options {
24159a
	listen-on port 53 { 127.0.0.1; };
24159a
	listen-on-v6 port 53 { ::1; };
24159a
	directory 	"/var/named";
24159a
	dump-file 	"/var/named/data/cache_dump.db";
24159a
	statistics-file "/var/named/data/named_stats.txt";
24159a
	memstatistics-file "/var/named/data/named_mem_stats.txt";
24159a
	recursing-file  "/var/named/data/named.recursing";
24159a
	secroots-file   "/var/named/data/named.secroots";
24159a
	allow-query     { localhost; };
24159a
24159a
	/* 
24159a
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
24159a
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
24159a
	   recursion. 
24159a
	 - If your recursive DNS server has a public IP address, you MUST enable access 
24159a
	   control to limit queries to your legitimate users. Failing to do so will
24159a
	   cause your server to become part of large scale DNS amplification 
24159a
	   attacks. Implementing BCP38 within your network would greatly
24159a
	   reduce such attack surface 
24159a
	*/
24159a
	recursion yes;
24159a
24159a
	dnssec-enable yes;
24159a
	dnssec-validation yes;
24159a
24159a
	/* Path to ISC DLV key */
24159a
	bindkeys-file "/etc/named.iscdlv.key";
24159a
24159a
	managed-keys-directory "/var/named/dynamic";
24159a
24159a
	pid-file "/run/named/named.pid";
24159a
	session-keyfile "/run/named/session.key";
24159a
};
24159a
24159a
logging {
24159a
        channel default_debug {
24159a
                file "data/named.run";
24159a
                severity dynamic;
24159a
        };
24159a
};
24159a
24159a
zone "." IN {
24159a
	type hint;
24159a
	file "named.ca";
24159a
};
24159a
24159a
include "/etc/named.rfc1912.zones";
24159a
include "/etc/named.root.key";
24159a