rpms / bind

Clone
Source Code
GIT

Blame named.conf

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta c9s-sig-hyperscale
  1.   0b15f32821893d5b9a819de25e9dcb12eb834225
  2.   named.conf
Blob History Raw
5d8eb8 
//
5d8eb8 
// named.conf
5d8eb8 
//
5d8eb8 
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
5d8eb8 
// server as a caching only nameserver (as a localhost DNS resolver only).
5d8eb8 
//
5d8eb8 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
5d8eb8 
//
5d8eb8
5d8eb8 
options {
5d8eb8 
	listen-on port 53 { 127.0.0.1; };
5d8eb8 
	listen-on-v6 port 53 { ::1; };
5d8eb8 
	directory 	"/var/named";
5d8eb8 
	dump-file 	"/var/named/data/cache_dump.db";
5d8eb8 
	statistics-file "/var/named/data/named_stats.txt";
5d8eb8 
	memstatistics-file "/var/named/data/named_mem_stats.txt";
0b15f3 
	secroots-file	"/var/named/data/named.secroots";
0b15f3 
	recursing-file	"/var/named/data/named.recursing";
5d8eb8 
	allow-query     { localhost; };
5d8eb8
5d8eb8 
	/*
5d8eb8 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
5d8eb8 
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable
5d8eb8 
	   recursion.
5d8eb8 
	 - If your recursive DNS server has a public IP address, you MUST enable access
5d8eb8 
	   control to limit queries to your legitimate users. Failing to do so will
5d8eb8 
	   cause your server to become part of large scale DNS amplification
5d8eb8 
	   attacks. Implementing BCP38 within your network would greatly
5d8eb8 
	   reduce such attack surface
5d8eb8 
	*/
5d8eb8 
	recursion yes;
5d8eb8
5d8eb8 
	dnssec-enable yes;
5d8eb8 
	dnssec-validation yes;
5d8eb8
5d8eb8 
	managed-keys-directory "/var/named/dynamic";
5d8eb8
5d8eb8 
	pid-file "/run/named/named.pid";
5d8eb8 
	session-keyfile "/run/named/session.key";
5d8eb8
5d8eb8 
	/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
5d8eb8 
	include "/etc/crypto-policies/back-ends/bind.config";
5d8eb8 
};
5d8eb8
5d8eb8 
logging {
5d8eb8 
        channel default_debug {
5d8eb8 
                file "data/named.run";
5d8eb8 
                severity dynamic;
5d8eb8 
        };
5d8eb8 
};
5d8eb8
5d8eb8 
zone "." IN {
5d8eb8 
	type hint;
5d8eb8 
	file "named.ca";
5d8eb8 
};
5d8eb8
5d8eb8 
include "/etc/named.rfc1912.zones";
5d8eb8 
include "/etc/named.root.key";
5d8eb8

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation