1 |
// |
2 |
// named.conf |
3 |
// |
4 |
// Provided by Mageia bind package to configure the ISC BIND named(8) DNS |
5 |
// server as a caching only nameserver (as a localhost DNS resolver only). |
6 |
// |
7 |
// See /usr/share/doc/bind*/sample/ for example named configuration files. |
8 |
// |
9 |
|
10 |
options { |
11 |
listen-on port 53 { 127.0.0.1; }; |
12 |
listen-on-v6 port 53 { ::1; }; |
13 |
directory "/var/named"; |
14 |
dump-file "/var/named/data/cache_dump.db"; |
15 |
statistics-file "/var/named/data/named_stats.txt"; |
16 |
memstatistics-file "/var/named/data/named_mem_stats.txt"; |
17 |
secroots-file "/var/named/data/named.secroots"; |
18 |
recursing-file "/var/named/data/named.recursing"; |
19 |
allow-query { localhost; }; |
20 |
|
21 |
/* |
22 |
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. |
23 |
- If you are building a RECURSIVE (caching) DNS server, you need to enable |
24 |
recursion. |
25 |
- If your recursive DNS server has a public IP address, you MUST enable access |
26 |
control to limit queries to your legitimate users. Failing to do so will |
27 |
cause your server to become part of large scale DNS amplification |
28 |
attacks. Implementing BCP38 within your network would greatly |
29 |
reduce such attack surface |
30 |
*/ |
31 |
recursion yes; |
32 |
|
33 |
/* Enable serving of DNSSEC related data - enable on both authoritative |
34 |
and recursive servers DNSSEC aware servers */ |
35 |
dnssec-enable yes; |
36 |
/* Enable DNSSEC validation on recursive servers */ |
37 |
dnssec-validation auto; |
38 |
|
39 |
managed-keys-directory "/var/named/dynamic"; |
40 |
|
41 |
pid-file "/run/named/named.pid"; |
42 |
session-keyfile "/run/named/session.key"; |
43 |
|
44 |
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ |
45 |
include "/etc/crypto-policies/back-ends/bind.config"; |
46 |
}; |
47 |
|
48 |
logging { |
49 |
channel default_debug { |
50 |
file "data/named.run"; |
51 |
severity dynamic; |
52 |
}; |
53 |
}; |
54 |
|
55 |
zone "." IN { |
56 |
type hint; |
57 |
file "named.ca"; |
58 |
}; |
59 |
|
60 |
include "/etc/named.rfc1912.zones"; |
61 |
|