rpms / bind

Clone
Source Code
GIT

Blame named.conf

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-sig-altarch-fasttrack c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master private-fleite-IT101669-branch private-mruprich-bind-branch private-pemensik-master-P4
  1.   2ac37f7a75a3ccbd7e7263c7e897c1c3033be09e
  2.   named.conf
Blob History Raw
Petr Menšík 5d8eb8 
//
Petr Menšík 5d8eb8 
// named.conf
Petr Menšík 5d8eb8 
//
Petr Menšík 5d8eb8 
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
Petr Menšík 5d8eb8 
// server as a caching only nameserver (as a localhost DNS resolver only).
Petr Menšík 5d8eb8 
//
Petr Menšík 5d8eb8 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
Petr Menšík 5d8eb8 
//
Petr Menšík 5d8eb8
Petr Menšík 5d8eb8 
options {
Petr Menšík 5d8eb8 
	listen-on port 53 { 127.0.0.1; };
Petr Menšík 5d8eb8 
	listen-on-v6 port 53 { ::1; };
Petr Menšík 5d8eb8 
	directory 	"/var/named";
Petr Menšík 5d8eb8 
	dump-file 	"/var/named/data/cache_dump.db";
Petr Menšík 5d8eb8 
	statistics-file "/var/named/data/named_stats.txt";
Petr Menšík 5d8eb8 
	memstatistics-file "/var/named/data/named_mem_stats.txt";
Petr Menšík 0b15f3 
	secroots-file	"/var/named/data/named.secroots";
Petr Menšík 0b15f3 
	recursing-file	"/var/named/data/named.recursing";
Petr Menšík 5d8eb8 
	allow-query     { localhost; };
Petr Menšík 5d8eb8
Petr Menšík 5d8eb8 
	/*
Petr Menšík 5d8eb8 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
Petr Menšík 5d8eb8 
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable
Petr Menšík 5d8eb8 
	   recursion.
Petr Menšík 5d8eb8 
	 - If your recursive DNS server has a public IP address, you MUST enable access
Petr Menšík 5d8eb8 
	   control to limit queries to your legitimate users. Failing to do so will
Petr Menšík 5d8eb8 
	   cause your server to become part of large scale DNS amplification
Petr Menšík 5d8eb8 
	   attacks. Implementing BCP38 within your network would greatly
Petr Menšík 5d8eb8 
	   reduce such attack surface
Petr Menšík 5d8eb8 
	*/
Petr Menšík 5d8eb8 
	recursion yes;
Petr Menšík 5d8eb8
Petr Menšík 5d8eb8 
	dnssec-enable yes;
Petr Menšík 5d8eb8 
	dnssec-validation yes;
Petr Menšík 5d8eb8
Petr Menšík 5d8eb8 
	managed-keys-directory "/var/named/dynamic";
Petr Menšík 5d8eb8
Petr Menšík 5d8eb8 
	pid-file "/run/named/named.pid";
Petr Menšík 5d8eb8 
	session-keyfile "/run/named/session.key";
Petr Menšík 5d8eb8
Petr Menšík 5d8eb8 
	/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
Petr Menšík 5d8eb8 
	include "/etc/crypto-policies/back-ends/bind.config";
Petr Menšík 5d8eb8 
};
Petr Menšík 5d8eb8
Petr Menšík 5d8eb8 
logging {
Petr Menšík 5d8eb8 
        channel default_debug {
Petr Menšík 5d8eb8 
                file "data/named.run";
Petr Menšík 5d8eb8 
                severity dynamic;
Petr Menšík 5d8eb8 
        };
Petr Menšík 5d8eb8 
};
Petr Menšík 5d8eb8
Petr Menšík 5d8eb8 
zone "." IN {
Petr Menšík 5d8eb8 
	type hint;
Petr Menšík 5d8eb8 
	file "named.ca";
Petr Menšík 5d8eb8 
};
Petr Menšík 5d8eb8
Petr Menšík 5d8eb8 
include "/etc/named.rfc1912.zones";
Petr Menšík 5d8eb8 
include "/etc/named.root.key";
Petr Menšík 5d8eb8

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation