Update named.conf
This commit is contained in:
parent
e6a4b35157
commit
a9a30d262d
76
named.conf
76
named.conf
|
@ -1,73 +1,13 @@
|
|||
// This is a CentOS/RHEL specific file
|
||||
// This is the primary configuration file for the BIND DNS server named.
|
||||
//
|
||||
// named.conf
|
||||
// Please read /usr/share/doc/bind9/README.Debian for information on the
|
||||
// structure of BIND configuration files in Debian, *BEFORE* you customize
|
||||
// this configuration file.
|
||||
//
|
||||
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
|
||||
// server as a caching only nameserver (as a localhost DNS resolver only).
|
||||
//
|
||||
// See /usr/share/doc/bind*/sample/ for example named configuration files.
|
||||
//
|
||||
// See the BIND Administrator's Reference Manual (ARM) for details about the
|
||||
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
|
||||
// If you are just adding zones, please do that in /etc/bind/named.conf.local
|
||||
|
||||
options {
|
||||
listen-on port 53 { any; };
|
||||
listen-on-v6 port 53 { any; };
|
||||
query-source port *;
|
||||
use-v4-udp-ports { range 3000 8000; };
|
||||
use-v6-udp-ports { range 3000 8000; };
|
||||
|
||||
directory "/var/named";
|
||||
dump-file "/var/named/data/cache_dump.db";
|
||||
statistics-file "/var/named/data/named_stats.txt";
|
||||
memstatistics-file "/var/named/data/named_mem_stats.txt";
|
||||
version "[hidden]";
|
||||
allow-query { any; };
|
||||
|
||||
// forwarders {
|
||||
// 142.4.204.111;
|
||||
// 142.4.205.47;
|
||||
// };
|
||||
|
||||
|
||||
/*
|
||||
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
|
||||
- If you are building a RECURSIVE (caching) DNS server, you need to enable
|
||||
recursion.
|
||||
- If your recursive DNS server has a public IP address, you MUST enable access
|
||||
control to limit queries to your legitimate users. Failing to do so will
|
||||
cause your server to become part of large scale DNS amplification
|
||||
attacks. Implementing BCP38 within your network would greatly
|
||||
reduce such attack surface
|
||||
*/
|
||||
recursion yes;
|
||||
|
||||
dnssec-enable yes;
|
||||
dnssec-validation no;
|
||||
|
||||
/* Path to ISC DLV key */
|
||||
bindkeys-file "/etc/named.iscdlv.key";
|
||||
|
||||
managed-keys-directory "/var/named/dynamic";
|
||||
|
||||
pid-file "/run/named/named.pid";
|
||||
session-keyfile "/run/named/session.key";
|
||||
};
|
||||
|
||||
logging {
|
||||
channel default_debug {
|
||||
file "data/named.run";
|
||||
severity dynamic;
|
||||
};
|
||||
};
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "named.ca";
|
||||
};
|
||||
|
||||
include "/etc/named.rfc1912.zones";
|
||||
include "/etc/named.root.key";
|
||||
include "/etc/bind/named.conf.options";
|
||||
include "/etc/bind/named.conf.local";
|
||||
include "/etc/bind/named.conf.default-zones";
|
||||
include "/etc/bind/named.conf.opennic";
|
||||
include "/etc/bind/named.conf.team";
|
||||
include "/etc/bind/named.conf.tilde";
|
Loading…
Reference in New Issue