API tools faq
paste
Advertisement
codegazer

Example working /etc/named.conf

codegazer
Oct 10th, 2024
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.87 KB | None | 0 0
raw download clone embed print report
  1. # Subject: example working /etc/named.conf
  2. # Date: 2024_10_10
  3.  
  4.  
  5. //
  6. // named.conf
  7. //
  8. // Provided by Mageia bind package to configure the ISC BIND named(8) DNS
  9. // server as a caching only nameserver (as a localhost DNS resolver only).
  10. //
  11. // See /usr/share/doc/bind*/sample/ for example named configuration files.
  12. //
  13.  
  14. // #LOCAL local changes (variations from default as-installed version) marked by #LOCAL
  15. // #LOCAL configuration for a private DNS nameserver running in RFC-1918 private subnet
  16. // #LOCAL serving a local DNS domain ".home" and also cacheing DNS server to Internet systems
  17.  
  18. // Access lists (ACL's) should be defined here // #LOCAL
  19. include "/etc/named/bogon_acl.conf"; // #LOCAL
  20. include "/etc/named/named_trusted_networks_acl.conf"; // #LOCAL
  21.  
  22. // Define logging channels // #LOCAL
  23. include "/etc/named/logging.conf"; // #LOCAL
  24.  
  25.  
  26. options {
  27. // #LOCAL listen-on port 53 { 127.0.0.1; };
  28. // #LOCAL listen-on-v6 port 53 { ::1; };
  29. listen-on port 53 { any; }; // #LOCAL
  30. listen-on-v6 port 53 { any; }; // #LOCAL
  31. directory "/var/named";
  32. dump-file "/var/named/data/cache_dump.db";
  33. statistics-file "/var/named/data/named_stats.txt";
  34. memstatistics-file "/var/named/data/named_mem_stats.txt";
  35. secroots-file "/var/named/data/named.secroots";
  36. recursing-file "/var/named/data/named.recursing";
  37. // #LOCAL allow-query { localhost; };
  38. allow-query { trusted_networks; };
  39. allow-recursion { trusted_networks; };
  40.  
  41. /*
  42. - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
  43. - If you are building a RECURSIVE (caching) DNS server, you need to enable
  44. recursion.
  45. - If your recursive DNS server has a public IP address, you MUST enable access
  46. control to limit queries to your legitimate users. Failing to do so will
  47. cause your server to become part of large scale DNS amplification
  48. attacks. Implementing BCP38 within your network would greatly
  49. reduce such attack surface
  50. */
  51. recursion yes;
  52.  
  53. /* Enable serving of DNSSEC related data - enable on both authoritative
  54. and recursive servers DNSSEC aware servers */
  55. // #LOCAL 2023_10_09 - comment out "dnssec-enable yes;" because named fails to start when set to "yes"
  56. // dnssec-enable yes;
  57. /* Enable DNSSEC validation on recursive servers */
  58. dnssec-validation auto;
  59.  
  60. managed-keys-directory "/var/named/dynamic";
  61.  
  62. pid-file "/run/named/named.pid";
  63. session-keyfile "/run/named/session.key";
  64.  
  65. /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
  66. include "/etc/crypto-policies/back-ends/bind.config";
  67. };
  68.  
  69. // #LOCAL logging {
  70. // #LOCAL channel default_debug {
  71. // #LOCAL file "data/named.run";
  72. // #LOCAL severity dynamic;
  73. // #LOCAL };
  74. // #LOCAL };
  75.  
  76. zone "." IN {
  77. type hint;
  78. file "named.ca";
  79. };
  80.  
  81. include "/etc/named.rfc1912.zones";
  82. include "/etc/named/named.home.zones"; // #LOCAL
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!