Blob Blame History Raw
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
# Currently, you can use the following options:
#
# ROOTDIR="/var/named/chroot"  --  will run named in a chroot environment.
#                            you must set up the chroot environment 
#                            (install the bind-chroot package) before
#                            doing this.
#	NOTE:
#         Those directories are automatically mounted to chroot if they are
#         empty in the ROOTDIR directory. It will simplify maintenance of your
#         chroot environment.
#          - /var/named
#          - /etc/pki/dnssec-keys
#          - /etc/named
#          - /usr/lib64/bind or /usr/lib/bind (architecture dependent)
#
#	  Those files are mounted as well if target file doesn't exist in
#	  chroot.
#          - /etc/named.conf
#          - /etc/rndc.conf
#          - /etc/rndc.key
#          - /etc/named.rfc1912.zones
#          - /etc/named.dnssec.keys
#
#	Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
#	line to your /etc/rsyslog.conf file. Otherwise your logging becomes
#	broken when rsyslogd daemon is restarted (due update, for example).
#
# OPTIONS="whatever"     --  These additional options will be passed to named
#                            at startup. Don't add -t here, use ROOTDIR instead.
#
# KEYTAB_FILE="/dir/file"    --  Specify named service keytab file (for GSS-TSIG)
#
# DEBUG="yes|no"         -- This option controls if you would like to debug
# 			    named process. If you set this option to "yes" then
# 			    /var/named/ directory become writable by named user
# 			    and named will be able to write core dumps there.
#
# OPTIONS="-E pkcs11"    -- Enable loading of DNSSEC keys from PKCS11 compatible
#			    keystores. Make sure you have bind-pkcs11 package
#			    installed.