e55890
//
e55890
// named.conf
e55890
//
e55890
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
e55890
// server as a caching only nameserver (as a localhost DNS resolver only).
e55890
//
e55890
// See /usr/share/doc/bind*/sample/ for example named configuration files.
e55890
//
e55890
e55890
options {
e55890
	listen-on port 53 { 127.0.0.1; };
e55890
	listen-on-v6 port 53 { ::1; };
e55890
	directory 	"/var/named";
e55890
	dump-file 	"/var/named/data/cache_dump.db";
e55890
	statistics-file "/var/named/data/named_stats.txt";
e55890
	memstatistics-file "/var/named/data/named_mem_stats.txt";
e55890
	secroots-file	"/var/named/data/named.secroots";
e55890
	recursing-file	"/var/named/data/named.recursing";
e55890
	allow-query     { localhost; };
e55890
e55890
	/* 
e55890
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
e55890
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
e55890
	   recursion. 
e55890
	 - If your recursive DNS server has a public IP address, you MUST enable access 
e55890
	   control to limit queries to your legitimate users. Failing to do so will
e55890
	   cause your server to become part of large scale DNS amplification 
e55890
	   attacks. Implementing BCP38 within your network would greatly
e55890
	   reduce such attack surface 
e55890
	*/
e55890
	recursion yes;
e55890
e55890
	dnssec-enable yes;
e55890
	dnssec-validation yes;
e55890
e55890
	managed-keys-directory "/var/named/dynamic";
e55890
e55890
	pid-file "/run/named/named.pid";
e55890
	session-keyfile "/run/named/session.key";
e55890
e55890
	/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
e55890
	include "/etc/crypto-policies/back-ends/bind.config";
e55890
};
e55890
e55890
logging {
e55890
        channel default_debug {
e55890
                file "data/named.run";
e55890
                severity dynamic;
e55890
        };
e55890
};
e55890
e55890
zone "." IN {
e55890
	type hint;
e55890
	file "named.ca";
e55890
};
e55890
e55890
include "/etc/named.rfc1912.zones";
e55890
include "/etc/named.root.key";
e55890