1. options {
  2.         listen-on port 53 { 193.105.61.240; };
  3.         listen-on-v6 port 53 { 2001:67c:580:1::f0; };
  4.         directory       "/var/named";
  5.         dump-file       "/var/named/data/cache_dump.db";
  6.         statistics-file "/var/named/data/named_stats.txt";
  7.         memstatistics-file "/var/named/data/named_mem_stats.txt";
  8.         //allow-query     { localhost; };
  9.         query-source address * port 53;
  10.  
  11.         /*
  12.          - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
  13.          - If you are building a RECURSIVE (caching) DNS server, you need to enable
  14.            recursion.
  15.          - If your recursive DNS server has a public IP address, you MUST enable access
  16.            control to limit queries to your legitimate users. Failing to do so will
  17.            cause your server to become part of large scale DNS amplification
  18.            attacks. Implementing BCP38 within your network would greatly
  19.            reduce such attack surface
  20.         */
  21.         allow-recursion {"localnets"; };
  22.         allow-transfer { none; };
  23.         version "Not available";
  24.  
  25.         dnssec-enable yes;
  26.         dnssec-validation yes;
  27.         dnssec-lookaside auto;
  28.  
  29.         /* Path to ISC DLV key */
  30.         bindkeys-file "/etc/named.iscdlv.key";
  31.  
  32.         managed-keys-directory "/var/named/dynamic";
  33.  
  34.         pid-file "/run/named/named.pid";
  35.         session-keyfile "/run/named/session.key";
  36. };
  37.  
  38. logging {
  39.         channel default_debug {
  40.                 file "data/named.run";
  41.                 severity dynamic;
  42.         };
  43. };

Posted by Anonymous at 12 Jul 2018, 04:20:53 Etc/UTC
Language: text