From a9a30d262d620b269d2b54f6914f4de5560a3788 Mon Sep 17 00:00:00 2001 From: deepend Date: Thu, 11 Jan 2024 02:15:00 +0000 Subject: [PATCH] Update named.conf --- named.conf | 76 ++++++------------------------------------------------ 1 file changed, 8 insertions(+), 68 deletions(-) diff --git a/named.conf b/named.conf index 2aefc56a..9a43577c 100644 --- a/named.conf +++ b/named.conf @@ -1,73 +1,13 @@ -// This is a CentOS/RHEL specific file +// This is the primary configuration file for the BIND DNS server named. // -// named.conf +// Please read /usr/share/doc/bind9/README.Debian for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. // -// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS -// server as a caching only nameserver (as a localhost DNS resolver only). -// -// See /usr/share/doc/bind*/sample/ for example named configuration files. -// -// See the BIND Administrator's Reference Manual (ARM) for details about the -// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html +// If you are just adding zones, please do that in /etc/bind/named.conf.local -options { - listen-on port 53 { any; }; - listen-on-v6 port 53 { any; }; - query-source port *; - use-v4-udp-ports { range 3000 8000; }; - use-v6-udp-ports { range 3000 8000; }; - - directory "/var/named"; - dump-file "/var/named/data/cache_dump.db"; - statistics-file "/var/named/data/named_stats.txt"; - memstatistics-file "/var/named/data/named_mem_stats.txt"; - version "[hidden]"; - allow-query { any; }; - -// forwarders { -// 142.4.204.111; -// 142.4.205.47; -// }; - - - /* - - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - - If you are building a RECURSIVE (caching) DNS server, you need to enable - recursion. - - If your recursive DNS server has a public IP address, you MUST enable access - control to limit queries to your legitimate users. Failing to do so will - cause your server to become part of large scale DNS amplification - attacks. Implementing BCP38 within your network would greatly - reduce such attack surface - */ - recursion yes; - - dnssec-enable yes; - dnssec-validation no; - - /* Path to ISC DLV key */ - bindkeys-file "/etc/named.iscdlv.key"; - - managed-keys-directory "/var/named/dynamic"; - - pid-file "/run/named/named.pid"; - session-keyfile "/run/named/session.key"; -}; - -logging { - channel default_debug { - file "data/named.run"; - severity dynamic; - }; -}; - -zone "." IN { - type hint; - file "named.ca"; -}; - -include "/etc/named.rfc1912.zones"; -include "/etc/named.root.key"; +include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; include "/etc/bind/named.conf.opennic"; -include "/etc/bind/named.conf.team"; +include "/etc/bind/named.conf.tilde"; \ No newline at end of file